IAM Engineer

IAM Engineer

Denver, CO (Hybrid)

Duration: initial 12-month contract (contract to hire)

Pay: $60-65/hr




The IAM Engineer is responsible for designing, implementing, and supporting enterprise Identity and Access Management (IAM) services. This role combines hands-on engineering with operational execution, including active participation in Joiner, Mover, Leaver (JML) ticket processing. The engineer will also drive automation, standardization, and continuous improvement across identity lifecycle processes.




This role partners closely with Identity Governance, Security, Infrastructure, and HR teams to ensure identity services are secure, scalable, and audit-compliant, aligned with least privilege and Zero Trust principles.

Key Responsibilities

IAM Engineering & Platform Ownership

• Design, implement, and support IAM solutions across:
  • Microsoft Entra ID (SSO, MFA, Conditional Access)
  • Active Directory (on-premises and hybrid environments)
  • SailPoint (IdentityIQ / Identity Security Cloud)
  • ServiceNow (access request and fulfillment workflows)
  • Privileged Access Management (PAM) solutions
• Lead or support:
  • Application onboarding into IAM platforms
  • Identity lifecycle design and provisioning standards
  • Integration patterns for new applications (APIs, connectors, etc.)
• Troubleshoot and resolve:
  • Provisioning and synchronization failures
  • Authentication and access issues
  • Identity-related integration defects

JML Operations & Ticket Management

• Actively manage IAM ticket queues, including:
  • Access requests and modifications
  • Joiner, mover, and leaver processing
  • Exceptions and escalations
• Ensure:
  • Service Level Agreements (SLAs) are consistently met
  • Accurate execution and complete audit documentation
  • Proper approvals are captured for all access changes
• Identify recurring operational issues and:
  • Escalate upstream process gaps (HR, application owners)
  • Recommend and support process improvements
  • Identify automation opportunities within workflows

Automation & Process Improvement

• Support redesign and automation of JML workflows to reduce manual effort and error rates
• Eliminate manual steps identified through operational ticket handling
• Contribute to development of:
  • Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) models
  • Standardized access patterns and birthright access frameworks
• Partner with HR/People teams to:
  • Improve identity data quality
  • Enable HR-driven lifecycle automation and integrations

Security, Controls & Compliance

• Ensure IAM processes align with regulatory and audit requirements, including:
  • SOX, ISO 27001, SOC 2, and ISAE standards
• Enforce:
  • Least privilege access principles
  • Timely deprovisioning and access revocation
  • Strong identity lifecycle controls
• Support audit requests with accurate and complete evidence

Collaboration & Governance

• Partner with:
  • Application Owners for access models and onboarding
  • Infrastructure teams for directory and platform dependencies
  • HR/People teams for identity lifecycle triggers
  • Audit and Compliance teams for control design and remediation
• Reinforce governance model:
  • IAM enables enforcement of access controls
  • Business/application owners remain accountable for access approvals

Required Skills & Experience

Technical

• Strong IAM engineering experience with:
  • Microsoft Entra ID / Azure AD
  • Active Directory (hybrid and on-prem)
  • SailPoint IdentityIQ or Identity Security Cloud
  • ServiceNow IAM workflows and integrations
• Solid understanding of:
  • SSO protocols (SAML, OpenID Connect)
  • Identity lifecycle management and provisioning models
  • Privileged Access Management (PAM) concepts and controls

Functional

• Experience in IAM operational environments with ticket-based workflows
• Strong understanding of:
  • Joiner/Mover/Leaver (JML) lifecycle processes
  • Access request and fulfillment processes
  • Identity governance frameworks (RBAC, ABAC)

Soft Skills

• Strong attention to detail and execution discipline
• Ability to balance:
  • Operational workload (ticket queue management)
  • Strategic improvement (automation and standardization)
• Strong communication skills across technical and business stakeholders

What Success Looks Like

• IAM ticket queue is stable, controlled, and consistently meeting SLA targets
• JML processes are standardized, predictable, and increasingly automated
• Reduced manual IAM effort through automation and process optimization
• Improved audit outcomes and stronger compliance posture
• Consistent access control enforcement across enterprise applications

...