- Home
- Remote Jobs
- IAM Senior Engineer
At Ensono, our Purpose is to be a relentless ally, disrupting the status quo and unleashing our clients to Do Great Things! We enable our clients to achieve key business outcomes that reshape how our world runs. As an expert technology adviser and managed service provider with cross-platform certifications, Ensono empowers our clients to keep up with continuous change and embrace innovation.
We can Do Great Things because we have great Associates. The Ensono Core Values unify our diverse talents and are woven into how we do business: Honesty, Reliability, Curiosity, Collaboration, and Passion.
About the role and what you'll be doing
The Senior IAM Engineer serves as a technical authority and trusted advisor, leading the design and delivery of Identity and Access Management (IAM) solutions in support of complex application migrations and enterprise security initiatives.
Operating within client governance frameworks, this role partners closely with client stakeholders, architects, and security leadership to define IAM strategies, establish integration standards, and guide implementation outcomes. The Senior IAM Engineer is accountable for the technical quality, security posture, and scalability of IAM solutions and provides leadership across the IAM lifecycle—from design and implementation through migration, testing, and operational readiness.
While this role remains hands-on, it extends beyond execution to include technical decision-making, architectural leadership, and mentorship, ensuring IAM solutions align with business objectives, regulatory requirements, and enterprise security standards.
Key Responsibilities
IAM Architecture & Design Leadership
- Lead the design and implementation of IAM solutions across authentication, authorization, secrets management, identity governance, and privileged access domains.
- Define and maintain IAM reference architectures, integration patterns, and best practices aligned to enterprise standards.
- Provide technical recommendations and trade-off analysis balancing security, usability, scalability, and operational efficiency.
- Participate in architecture reviews and influence client IAM roadmaps and modernization strategies.
Delivery Ownership & Execution
- Own IAM outcomes for assigned programs and migrations, ensuring solutions meet security, compliance, and performance expectations.
- Lead IAM readiness activities for migrations and cutovers, including risk identification, mitigation planning, and execution support.
- Guide and execute IAM configuration and integrations for SSO, MFA, federation, PAM, and secrets management.
- Develop and enhance accelerators, automation, and self-service capabilities to improve delivery efficiency and consistency.
Security, Risk & Compliance
- Ensure IAM implementations align with enterprise security policies, regulatory requirements, and audit standards.
- Lead or coordinate IAM-related security testing, including authentication/authorization validation and vulnerability assessments.
- Identify IAM risks and proactively recommend remediation or improvement opportunities.
Technical Leadership & Collaboration
- Serve as a point of escalation for complex IAM issues and defect resolution.
- Mentor junior engineers and review IAM designs, configurations, and documentation.
- Collaborate with application teams, cloud engineers, security operations, and governance partners to drive successful IAM adoption.
- Document IAM architectures, configurations, and operational procedures for long-term sustainability.
Required Skills & Qualifications
- 7 years of progressive experience in Identity and Access Management engineering, including leadership of complex IAM initiatives.
- Proven experience designing and implementing IAM solutions in large-scale, hybrid, or cloud environments.
- Demonstrated ability to act as a technical authority and advisor, influencing IAM decisions and standards.
Hands-on expertise with enterprise IAM technologies, including:
Privileged Access Management (PAM):
- CyberArk (Enterprise Password Vault, Privileged Session Manager, Central Credential Provider, Conjur)
- HashiCorp Vault (secrets engines, policies, authentication methods, dynamic credentials)
Authentication / Identity Providers (IDP):
- ForgeRock (Access Management, Identity Management, Directory Services, Identity Gateway)
- RSA (SecurID Authentication Manager, MFA, Identity Governance & Lifecycle)
User Access & Entitlement Management:
-
SailPoint (IdentityIQ, IdentityNow -- access certifications, provisioning, role management)
-
ESF (Enterprise Security Framework -- entitlement management and access controls)
-
Strong experience with authentication and federation protocols: SAML, OAuth 2.0, OpenID Connect, Kerberos.
-
Advanced knowledge of Active Directory, LDAP, and identity integrations.
-
Experience with cloud platforms (AWS, Azure) and cloud-native IAM services.
-
Strong scripting and automation capabilities (PowerShell, Python, Terraform, or equivalent).
-
Excellent troubleshooting, analytical, and communication skills.
-
Experience in financial services or highly regulated industries preferred.
Preferred Certifications:
- CyberArk Certified Defender or Delivery Engineer
- HashiCorp Certified Vault Associate / Professional
- ForgeRock Certified Engineer
- SailPoint Certified IdentityIQ Engineer
- RSA Certified Administrator
Why Ensono?
Ensono is a place to make better happen—for our clients and for your career. We are a client-facing business, but we do encourage clients to allow us to work remotely most of the time.
- Unlimited Paid Days Off
- Three health plan options
- 401k with company match
- Comprehensive benefits (dental, vision, disability, life, FSA)
- Family Forming Benefit
- Paid childbearing and paternal leave
- Education Reimbursement and Student Loan Assistance
- Sabbatical leave
- Wellness program
- Flexible work schedule
Compensation: As of the date of this posting, a good faith estimate of the current pay scale for this role is $125,000 to $162,000 annually based on a full-time schedule. In addition to base salary, other compensation programs, depending on eligibility, include an annual bonus plan and an equity grant.
Ensono is an Equal Opportunity/Affirmative Action employer. If you need accommodation at any point during the application or interview process, please let your recruiter know or email [email protected].