Sr. Engineer - Identity and Access Management

• Administer, configure, and enhance Identity Governance (IGA) platforms such as SailPoint ISC, including lifecycle management (JML), RBAC model design, access certifications, workflow customization, and application onboarding.

• Design, implement, and support enterprise authentication solutions including MFA, SSO, federation, and adaptive access controls using platforms such as Entra ID and PingOne Advanced Identity Cloud.
• Architect and implement Privileged Access Management (PAM) and Just-in-Time (JIT) access models, eliminating standing privileges and enforcing least-privileged principles across cloud and hybrid environments.
• Engineer and manage Cloud IAM controls (Azure/Entra ID and GCP) including role design, conditional access policies, identity protection, workload identity federation, and risk-based access reviews.
• Develop and maintain secure identity integration patterns using SAML, OAuth2, OIDC, SCIM, and LDAP across enterprise and SaaS applications.
• Contribute to IAM architecture standards, governance frameworks (RACI), and access control policies aligned with Zero Trust principles.
• Automate IAM processes through scripting (PowerShell or equivalent), reporting enhancements, and integration with ITSM tools such as ServiceNow.
• Conduct security posture assessments, support audit and compliance activities, and remediate identity-related risks and vulnerabilities.
• Lead and support IAM modernization initiatives, including legacy platform decommissioning, cloud migration enablement, and continuous security improvement.
• Collaborate with Security, Infrastructure, DevOps, and Application teams to ensure scalable, compliant, and resilient identity solutions.

• Bachelor's degree in information technology, Cybersecurity, Information Security, or related field (or equivalent experience)
• 7-9 years of experience in IAM, IGA, access management, or cybersecurity engineering and architecture
• Hands-on experience with Delinea Server Suite, SailPoint ISC, Microsoft Entra ID, CyberArk, and Ping Advanced Identity Cloud & GCP Identity Management.
• Strong understanding of authentication and authorization protocols including SAML, OAuth 2.0, OpenID Connect (OIDC)
• Hands-on experience with Active Directory (AD), LDAP, and hybrid identity environments
• Hands-on experience supporting cloud and hybrid IAM architectures
• Scripting or automation experience using PowerShell and/or Python
• IAM or security certifications preferred (e.g., Security+, CISSP, Azure Security Certification)
• Strong analytical, troubleshooting, and technical documentation skills

• Security-first and risk-aware mindset
• Strong time management, organization, and prioritization and solutioning skills
• Ability to work independently and manage competing priorities
• Ability to drive projects to completion
• Ability to research, deploy or upgrade new technologies in IAM landscape
• Clear written and verbal communication with technical and non-technical stakeholders
• High attention to detail and commitment to compliance
• Effectively manage own workload, prioritize tasks, and meet deadlines across multiple IAM initiatives

Suntory Global Spirits