8,696 Access Management Engineer jobs in the United States

Job Description
Lead the technical onboarding and integration of CyberArk and SailPoint identity management platforms.
Administer and maintain Okta for enterprise-wide Single Sign-On (SSO) and Multi-Factor Authentication (MFA).
Actively participate in weekly stand-up meetings, contributing to team planning, progress updates, and documentation efforts.
Support the transition to a new Security Information Management (SIM) platform, ensuring minimal disruption and effective implementation.
Own and continuously improve documentation related to identity workflows, system integrations, and operational procedures.
Collaborate with operations engineers and identity analysts to ensure seamless deployment, support, and optimization of identity solutions.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: and Requirements
Proven experience with Okta, CyberArk, and SailPoint
4+ Years of experience in Identity and Access Management
Strong understanding of multifactor authentication (MFA) and identity architecture.
Ability to work independently and take ownership of onboarding new projects.
Experience in IAM operations, identity lifecycle management, and security best practices. Education and certifications in cybersecurity or related fields are a plus.

**_This position follows our hybrid workstyle policy: Expected to be in a Raymond James office location a minimum of 10-12 days a month._**
**_Please note: This role is not eligible for Work Visa sponsorship, either currently or in the future._**
**What You'll Do:**
+ Architect and optimize customer identity journeys using Ping DaVinci, PingOne, and API-first frameworks.
+ Lead mobile-first authentication initiatives with features like Passkeys, biometric enrollment, and push MFA.
+ Integrate fraud-aware signals from tools like ThreatMetrix, BioCatch, and Ping Risk into login and registration flows.
+ Collaborate with mobile engineering teams to embed IAM SDKs and ensure secure app posture.
+ Design linkless authentication and session continuity strategies for omnichannel experiences.
+ Provide expertise in identity proofing, progressive profiling, and delegated access.
+ Maintain and evolve CIAM documentation, APIs, and security best practices.
+ Drive large-scale IAM transformation projects aligned with business growth and compliance.
**What You Bring:**
+ 6-10+ years in Identity & Access Management, with 3+ years focused on CIAM.
+ Proven experience with Ping Identity, DaVinci, and customer IAM orchestration tools.
+ Deep understanding of OAuth2.0, OpenID Connect, SAML, and token lifecycle management.
+ Hands-on experience with mobile authentication, secure SDKs, and PKI.
+ Familiarity with fraud detection techniques like device fingerprinting, IP velocity checks, and geolocation anomalies.
+ Ability to guide developers and application owners in secure IAM integrations.
**Why Join Us?**
+ Be part of a forward-thinking team driving secure digital transformation.
+ Work with cutting-edge tools and technologies in the CIAM space.
+ Make a real impact on how millions of customers interact with Raymond James.

**_This position follows our hybrid workstyle policy: Expected to be in a Raymond James office location a minimum of 10-12 days a month._**
**_Please note: This role is not eligible for Work Visa sponsorship, either currently or in the future._**
**What You'll Do:**
+ Architect and optimize customer identity journeys using Ping DaVinci, PingOne, and API-first frameworks.
+ Lead mobile-first authentication initiatives with features like Passkeys, biometric enrollment, and push MFA.
+ Integrate fraud-aware signals from tools like ThreatMetrix, BioCatch, and Ping Risk into login and registration flows.
+ Collaborate with mobile engineering teams to embed IAM SDKs and ensure secure app posture.
+ Design linkless authentication and session continuity strategies for omnichannel experiences.
+ Provide expertise in identity proofing, progressive profiling, and delegated access.
+ Maintain and evolve CIAM documentation, APIs, and security best practices.
+ Drive large-scale IAM transformation projects aligned with business growth and compliance.
**What You Bring:**
+ 6-10+ years in Identity & Access Management, with 3+ years focused on CIAM.
+ Proven experience with Ping Identity, DaVinci, and customer IAM orchestration tools.
+ Deep understanding of OAuth2.0, OpenID Connect, SAML, and token lifecycle management.
+ Hands-on experience with mobile authentication, secure SDKs, and PKI.
+ Familiarity with fraud detection techniques like device fingerprinting, IP velocity checks, and geolocation anomalies.
+ Ability to guide developers and application owners in secure IAM integrations.
**Why Join Us?**
+ Be part of a forward-thinking team driving secure digital transformation.
+ Work with cutting-edge tools and technologies in the CIAM space.
+ Make a real impact on how millions of customers interact with Raymond James.

**_This position follows our hybrid workstyle policy: Expected to be in a Raymond James office location a minimum of 10-12 days a month._**
**_Please note: This role is not eligible for Work Visa sponsorship, either currently or in the future._**
**What You'll Do:**
+ Architect and optimize customer identity journeys using Ping DaVinci, PingOne, and API-first frameworks.
+ Lead mobile-first authentication initiatives with features like Passkeys, biometric enrollment, and push MFA.
+ Integrate fraud-aware signals from tools like ThreatMetrix, BioCatch, and Ping Risk into login and registration flows.
+ Collaborate with mobile engineering teams to embed IAM SDKs and ensure secure app posture.
+ Design linkless authentication and session continuity strategies for omnichannel experiences.
+ Provide expertise in identity proofing, progressive profiling, and delegated access.
+ Maintain and evolve CIAM documentation, APIs, and security best practices.
+ Drive large-scale IAM transformation projects aligned with business growth and compliance.
**What You Bring:**
+ 6-10+ years in Identity & Access Management, with 3+ years focused on CIAM.
+ Proven experience with Ping Identity, DaVinci, and customer IAM orchestration tools.
+ Deep understanding of OAuth2.0, OpenID Connect, SAML, and token lifecycle management.
+ Hands-on experience with mobile authentication, secure SDKs, and PKI.
+ Familiarity with fraud detection techniques like device fingerprinting, IP velocity checks, and geolocation anomalies.
+ Ability to guide developers and application owners in secure IAM integrations.
**Why Join Us?**
+ Be part of a forward-thinking team driving secure digital transformation.
+ Work with cutting-edge tools and technologies in the CIAM space.
+ Make a real impact on how millions of customers interact with Raymond James.

*We are unable to sponsor for this permanent Full time role*

*Position is bonus eligible*

Prestigious Global Firm is currently seeking an Identity and Access Management Engineer with strong SailPoint experience. Candidate will join a team of engineers responsible for development, engineering, maintenance, and support of the Sailpoint Identity IQ application suite. Secondarily, the position will provide general support for our other IAM products while working closely with interdepartmental IT, Application Development Teams, Security Engineering, and Enterprise Architecture teams as needed.

Responsibilities:

• Administration, engineering, and development of multiple Sailpoint IIQ instances.
• Developing custom integration, workflows, and rules between Sailpoint and endpoint applications.
• Proactively monitoring, identifying, and resolving bugs and process deficiencies within our Sailpoint Workflows and integrations.
• Supporting EOS/EOL upgrades across multiple Sailpoint instances through validation, testing, and execution of upgrade plans.
• Ability to support additional products as needed; training provided as required.
• Participating in the planning, implementation, enforcement and review of security policies, procedures, and controls specific to Identity Access Management.
• Assisting with troubleshooting and resolution of system issues that might contribute to enterprise Production problems.
• Assisting with preparation of support documentation of IAM Architecture related, Context Diagrams, and Solution Designs of Sailpoint IIQ and other products.
• Report on controls, evidence gathering and control execution.
• Work collaboratively across IT and Business departments to implement technical solutions
• Under limited direction from management, monitor, evaluate and maintain systems and procedures to enforce best practices for user access authorization and control.
• Research, recommend, and implement changes to procedures and systems to enhance systems security.
• Assist in communicating security policies and procedures to users.
• Assist internal and external customers with multiplatform security access issues and requests.
• Assist in identifying or developing tools or methods to track and monitor risk
• Support management with special projects and other duties as assigned.
• Participate in OnCall duties, including assisting with regularly scheduled activities such as Disaster Recovery and Enterprise Patching.

Qualifications:

• Proven track record of implementing Identity Governance Solutions utilizing Sailpoint.
• Strong understanding of Identity and Access Management best practices from both a security and business enablement perspective.
• Ability and willingness to work proactively with limited direction from leadership.
• Candidate should have a compliance mindset that can effectively support auditing and compliance related activities such as evidence gathering, reporting, and presentation of information to governing entities.
• Strong communication skills required to interact with endusers, business teams, and other IT and Security Departments

Technical Skills:

• Proficiency in programming languages such as Java, Groovy, Beanshell, Python, Javascript, or others.
• Proficiency in general server management, maintenance, and triage to support IAM systems
• General understanding of domain level ecosystems including basic networking, Firewall, Proxy, and datacenter connectivity to assist with solution designs related to OCC's IAM products.
• Proficiency in Microsoft Active Directory and LDAP
• Proficiency in Identity and Access Management administration of Identity Governance (IGA) systems such as Sailpoint IIQ (preferred), Ping Identity, Oracle Identity Manager (OIM), or other industry IGA tools
• Experience in IAM administration of various endpoint applications and systems.
• Experience with MultiFactor authentication protocols and systems
• Experience with SingleSign on protocols and systems
• Basic knowledge of ticketing systems and workload management systems (ServiceNow and Jira preferred but not required).

Education and/or Experience:

• Bachelor's degree in Computer Science, Engineering, or other related field, or equivalent experience
• Equivalent experience includes 5+ Years Identity Access Management (IAM)
• Industry recognized certifications (CISSP, ITIL, etc) are a plus but not required

#J-18808-Ljbffr

Responsibilities:
+ Strong MS Active Directory; MS Entra ID and AWS experience required
+ Strong communication and collaboration skills are required, with the ability to work independently and as part of a team.
+ Support and maintain Active Directory; Entra ID and DNS/DHCP/IPAM system-based processes.
+ Assist in defining and implementing AD; Entra ID and DNS/DHCP/IPAM support procedures.
+ Work on Operational Engineering Tasks - Tickets; Incidents; Change Requests; Vulnerabilities; Maintenance Tasks.
+ Provide technical input on IAM technologies, policies, and compliance requirements.
+ Participate in IAM-related projects using established methodologies and contribute to project deliverables.
+ Participate in Enterprise Disaster Recovery Exercises; and On-Call rotations with the IAM-IGA Team.
+ Recommend and implement technical improvements to enhance security and operational efficiency.
+ Collaborate with stakeholders to understand business requirements and translate them into technical solutions.
+ Develop and maintain system documentation, including flow charts, diagrams, and specifications.
+ Document current and future state processes and assist in planning transitions.
+ Support AD, Entra ID and DNS / DHCP / IPAM system-based processes:
+ Define and implement support procedures.
+ Manage business requirements and process documentations.
+ Write/review system specifications, output requirements, flowcharts and technical diagrams.
Required Technical skillsets:
+ Minimum 5 years working experience with Active Directory, Entra ID, AWS, and DNS / DHCP / IPAM.
+ Proven hands-on experience with IAM (Hybrid & Cloud environments), AWS and related tools/technologies.
+ Proven hands-on experience with networking solutions such as DNS / DHCP / IPAM.
+ Strong and proven scripting and automation skills using PowerShell, etc.
+ Enterprise level experience is required - Financial Services experience is preferred.
+ Additional skills - Event/log analysis and troubleshooting; System monitoring and event analysis.

**Description**
Penn Medicine is dedicated to our tripartite mission of providing the highest level of care to patients, conducting innovative research, and educating future leaders in the field of medicine. Working for this leading academic medical center means collaboration with top clinical, technical and business professionals across all disciplines.
Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work?
Entity: Corporate Services
Department: IS- Cybersecurity
Hours: M-F, 8 hr days, hybrid
Location: 3535 Market Street, Philadelphia, Pa
Summary:
+ The Senior Cybersecurity Access Management Engineer plays a lead role in designing and maintaining secure authentication and access control mechanisms across Penn Medicine. This engineer is responsible for integrating enterprise applications into the SSO ecosystem, managing complex access policies, and supporting compliance through robust logging and auditing.
Responsibilities:
+ Lead the integration of applications with Entra ID-based SSO and MFA frameworks.
+ Design and maintain scalable access policies aligned with regulatory standards.
+ Guide and mentor junior engineers on access management best practices.
+ Support compliance audits and internal access reviews with technical documentation.
+ Conduct root cause analysis on access-related issues and implement long-term fixes.
+ Partner with cybersecurity, infrastructure, and application teams to enhance IAM operations.
+ Define onboarding standards and controls
+ Help manage and prioritize the work of onboarding multiple applications to the SSO platform
+ Guide application owners on SSO best practices.
+ Support SSO on-call support.
+ Performs duties in accordance with Penn Medicine and entity values, policies, and procedures.
+ Other duties as assigned to support the unit, department, entity, and health system organization.
Credentials:
+ CISSP - Certified Information Systems Security Professional. (Preferred)
+ Identity and Access Administrator Associate. (Preferred)
+ Azure Security Engineer Associate. (Preferred)
Education or Equivalent Experience:
+ Bachelor's degree. (Required)
+ 4+ years of working in IT. (Required)
+ 2+ years IT experience focused on Access Management. (Required)
+ 2+ years of experience with healthcare access management and cloud-based IAM. (Preferred)
We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives.
Live Your Life's Work
We are an Equal Opportunity employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.
REQNUMBER:

It all started in sunny San Diego, California in 2004 when a visionary engineer, Fred Luddy, saw the potential to transform how we work. Fast forward to today - ServiceNow stands as a global market leader, bringing innovative AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500®. Our intelligent cloud-based platform seamlessly connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work. But this is just the beginning of our journey. Join us as we pursue our purpose to make the world work better for everyone.
**The ServiceNow Security Organization (SSO)**
The ServiceNow Security Organization (SSO) delivers world-class, innovative security solutions to reduce risk and protect the company and our customers. We enable our customers to migrate their most sensitive data and workloads to the cloud, accelerating our business so that we are the most trusted SaaS provider. We create an environment where our employees are proud to work and can make a positive impact
The ServiceNow IAM team is seeking a Principal Identity and Access Management Engineer to lead the design, implementation, and governance of enterprise-wide IAM solutions. This role is critical to ensuring secure, scalable, and efficient identity services across users, applications, and infrastructure. The ideal candidate is a hands-on technologist and thought leader who can define IAM strategy, drive large-scale implementations, and mentor engineering teams while aligning solutions with business, compliance, and security needs.
**Key Responsibilities:**
+ **Strategy & Architecture:**
+ Define and evolve enterprise IAM architecture and roadmap aligned to security, compliance, and business priorities.
+ Lead design of identity lifecycle management, authentication, authorization, and privileged access controls.
+ Partner with security architects, cloud engineers, and business stakeholders to integrate IAM with enterprise systems.
+ **Engineering & Implementation:**
+ Architect and deploy IAM solutions, including SSO, MFA, federation, PKI, Passwordless technologies, adaptive authentication, and identity governance.
+ Drive integration of SaaS, cloud (AWS, Azure, GCP), and on-prem applications with IAM platforms.
+ Lead IAM modernization initiatives, such as migration to passwordless, Zero Trust frameworks, Privileged Access Management, and Secrets Management.
+ Ensure compliance with standards such as NIST SP 800-63B, SOX, GDPR, and ISO 27001.
+ **Governance & Operations:**
+ Establish policies, standards, and patterns for IAM services.
+ Define onboarding criteria and risk-based prioritization for applications into IGA/PAM/SSO platforms.
+ Oversee access certification campaigns, RBAC/ABAC design, and least privilege enforcement.
+ Collaborate with audit, risk, and compliance teams on IAM controls and reporting.
+ **Leadership & Mentorship:**
+ Act as SME and trusted advisor on IAM across the enterprise.
+ Mentor and guide IAM engineers and analysts.
+ Represent IAM in executive and architecture forums.
**Required Qualifications:**
+ Experience in leveraging or critically thinking about how to integrate AI into work processes, decision-making, or problem-solving. This may include using AI-powered tools, automating workflows, analyzing AI-driven insights, or exploring AI's potential impact on the function or industry.
+ 15+ years of experience in Identity & Access Management, Security Engineering, or related fields, with at least 3+ years in a lead or principal role, or equivalent experience and education
+ Strong hands-on expertise with IAM platforms such as ForgeRock, SailPoint, Okta, CyberArk, BeyondTrust, Entra ID, or similar.
**Deep understanding of:**
+ Authentication/Authorization standards (SAML, OIDC, OAuth2, SCIM).
+ Directory services (Active Directory, LDAP).
+ Federation, SSO, and MFA.
+ Privileged Access Management (PAM).
+ Cloud IAM (AWS IAM, Entra ID, GCP IAM).
+ Graph Database (Neo4j)
+ Proven experience implementing RBAC, ABAC, least privilege, and Zero Trust access models.
+ Knowledge of compliance frameworks (SOX, PCI-DSS, HIPAA, GDPR, NIST).
+ Proficiency in scripting/automation (Python, Linux shell, PowerShell, Java, or equivalent).
+ Strong analytical, troubleshooting, and communication skills.
**Preferred Qualifications:**
+ Experience with non-human identity governance and identity security posture management (ISPM).
+ Background in PKI/Certificate Services and cryptography practices.
+ Familiarity with DevSecOps practices, CI/CD pipelines, and infrastructure as code (Ansible, Terraform).
+ Good understanding of the ServiceNow platform, particularly in integrating IAM processes with ITSM/ITOM modules (e.g., access requests, approvals, workflows)
+ Prior experience in large-scale enterprise IAM transformations.
+ Certifications: CISSP, CCSP, ForgeRock Certified, SailPoint Certified, Okta Certified, or equivalent.
**#SecurityJobs**
**Work Personas**
We approach our distributed world of work with flexibility and trust. Work personas (flexible, remote, or required in office) are categories that are assigned to ServiceNow employees depending on the nature of their work and their assigned work location. Learn more here ( . To determine eligibility for a work persona, ServiceNow may confirm the distance between your primary residence and the closest ServiceNow office using a third-party service.
**Equal Opportunity Employer**
ServiceNow is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, creed, religion, sex, sexual orientation, national origin or nationality, ancestry, age, disability, gender identity or expression, marital status, veteran status, or any other category protected by law. In addition, all qualified applicants with arrest or conviction records will be considered for employment in accordance with legal requirements.
**Accommodations**
We strive to create an accessible and inclusive experience for all candidates. If you require a reasonable accommodation to complete any part of the application process, or are unable to use this online application and need an alternative method to apply, please contact for assistance.
**Export Control Regulations**
For positions requiring access to controlled technology subject to export control regulations, including the U.S. Export Administration Regulations (EAR), ServiceNow may be required to obtain export control approval from government authorities for certain individuals. All employment is contingent upon ServiceNow obtaining any export license or other approval that may be required by relevant export control authorities.
From Fortune. ©2025 Fortune Media IP Limited. All rights reserved. Used under license.

Job Description

Job Description

Mirion is seeking a motivated and experienced Identity and Access Management (IAM) Engineer to lead the development and implementation of a comprehensive IAM program. This role reports directly to the Chief Information Security Officer and will play a pivotal role in securing Mirion’s digital identity infrastructure across the enterprise. This position is fully remote, reporting to the office of the Chief Information Security Officer.

Key Responsibilities

• Develop Mirion’s enterprise-wide IAM program, including tooling, policies, standards, and procedures.
• Perform analysis of alternatives (AoA) for IAM-related tools and technologies, including vendor evaluations and proof-of-concept testing.
• Deploy and manage Privileged Access Management (PAM) solutions to secure administrative access.
• Deploy and manage Identity Governance and Administration (IGA) capabilities to ensure compliance, visibility, and lifecycle automation.
• Implement and maintain PKI and strong authentication mechanisms (e.g., MFA, certificates).
• Oversee account lifecycle management, including provisioning, de-provisioning, and access reviews.
• Design and implement RBAC models aligned with business functions and least privilege principles.
• Collaborate with IT, HR, and business to integrate IAM processes with enterprise applications and workflows.
• Establish monitoring plans for IAM system, performance, availability, and security.
• Maintain documentation and provide training to stakeholders on IAM processes and tools.

Required Qualifications and Experience

• Bachelor’s degree in information technology, information security, or related field or equivalent practical experience.
• Experience: 8+ years in a cybersecurity-focused role, with significant exposure to identity and access management engineering and operations.
• Strong communications skills and a collaborative working style.
• Familiarity with cybersecurity frameworks such as ISO 27001, NIST 800-171, SOC 2, and Cyber Essentials.
• Familiarity with cyber industry regulations such as GDRP, NIS2, and CRA.
• Expert level understanding of cybersecurity concepts and best practices.

Desired Qualifications and Experience

• Experience with Active Directory, Azure Active Directory and EntraID.
• Experience with federation protocols such as SAML, OAuth, and OIDC.
• Experience with the deployment and maintenance process for multiple types of authenticators.
• Experience with automation of account lifecycle management functions,
• Experience with Public Key Infrastructure including device certificates, user certificates and code signing.
• Experience in developing role-based access control models.