Identity and Access Engineer

Description

Under the direction of the Identity and Access Manager, the Identity & Access Engineer will play a critical role in the implementation, integration, and support of advanced Identity and Access Management (IAM) solutions across the Clayco Enterprise. This role contributes to the design, configuration, and lifecycle management of IAM platforms and policies that enforce secure, scalable, and compliant access to internal systems, cloud services, and third-party applications. This role focuses on the engineering and integration of IAM capabilities, such as directory services, SSO/MFA platforms, PKI, and access provisioning automation, while also serving as a technical escalation point for operational IAM functions.

The Identity & Access Engineer also contributes to the ongoing adoption and expansion of Data-driven identity life-cycles and the dynamic modification of access and entitlements as identity context and details change. This role also ensures compliance with regulatory requirements, enhancing security through access control and identity verification mechanisms.

• As a member of the Information Security Team, contributes however and whenever necessary to Incident Response efforts as circumstance dictates
• Integrations of identity management solutions with in-house applications, third party applications, and Cloud services
• Maintain and support automated provisioning/deprovisioning workflows using tools like SCIM, orchestration workflows, API-based connectors, etc.
• Lead the implementation, deployment, and maturing of PKI Services to support Certificate-based authentication and trust mechanisms across Clayco’s Email infrastructure, Client Infrastructure, and Document Signing processes.
• Collaborate on standard integrations of cloud and on-premise apps into the SSO/MFA ecosystem, leveraging standards like SAML 2.0, OAuth 2.0, and SCIM, Lead on more complex integrations.
• Serve as technical escalation point and operational coverage when necessary for the following technologies:
• Integration & tuning of related IAM Security Log Sources for SIEM ingestion
• Ensure all IAM integrations and implementations align with least-privilege, role-based access models, identity governance policies, and regulatory/contractual requirements.
• Collaborate with the Information Security and Architecture teams on the design and implementation of new IAM services, including PKI, PIM/PAM, federated authentication, and certificate-based access control.
• Participate in solution evaluations, proof of concept testing, and implementation planning for emerging IAM capabilities.
• Document system and component configurations, integrations, testing and validation procedures, and knowledgebase articles for long-term operational sustainability.
• Contribute to infrastructure readiness assessments and configuration planning during IAM-related project initiatives and system rollouts.
• Design and implement Directory Services integrations and Identity Provider (IdP) connections for both internal and third-party applications

Requirements

• Excellent oral and written communication skills including the ability to document functional requirements, test and validation criteria, develop communication plans, report on performance and compliance, and other relevant Operational communications.
• Experience with Cloud Identity Providers (IdP)
• Experience with Privileged Identity Management (PIM)
• Experience with Privileged Access Management (PAM)
• Certificate Services, Hosted PKI, and Auto-Enrollment Gateway (AEG)
• Physical Access Control identity management and integrations with Directory Services
• Identity Providers (IdP) supporting Single Sign-On (SSO)/Multi-Factor Authentication (MFA) including Access Gateways
• 7-9 years of technical work experience in Information Technology.
• Experience in Client-Server, Cloud, & Hybrid environments, specifically their associated authentication mechanisms and protocols
• Current knowledge of physical and logical identity-focused attacker exploits including techniques, tools, artifacts, and procedures involved.
• Automation of Access provisioning/ deprovisioning
• Knowledge and experience with Identity Management protocols and solutions, Kerberos, LDAP, SSO (OAuth & SAML 2.0), PKI (Authentication & Digital Signatures)
• Experience with Active Directory Services (AD) related to Identity and Access
• Ability to Respond to Incidents or Outages 24/7 including holidays and weekend
• Thrive in fast-paced environment
• Excellent research, analysis, and problem-solving skills.
• 4-6 years of direct work-related IAM engineering experience to include IAM solution design, integrations, and advanced configuration planning
• Certified Identity Management Professional (CIMP); Microsoft Certified: Identity and Access Administrator Associate; and Okta Certified Professional certifications (Current status or obtained within 12 months of assuming role)
• Bachelor’s Degree (Computer Science, Information Technology, or Information Systems) preferred, or equivalent hands-on work experience
• Active Directory Services & Entra ID Services
• Experience with scripting or programming languages like Python, PowerShell, BASH, etc.

Benefits

• 2025 Best Places to Work – St. Louis Business Journal, Los Angeles Business Journal, and Phoenix Business Journal.
• Privileged Access Management (PAM) and Privileged Identity Management (PIM)
• Comprehensive Benefits Package Including: Medical, dental and vision plans, 401k, generous PTO and paid company holidays, employee assistance program, flexible spending accounts, life insurance, disability coverage, learning & development programs and more!
• Discretionary Annual Bonus: Subject to company and individual performance.

Training + Development

Interview process

Visa Sponsorship

Security clearance