Identity and Access Management (IAM) Engineer

About the Role

The Identity and Access (IAM) Engineer will help mature Clark’s security posture by administering IAM platforms such as Saviynt, Entra ID, and Okta, and by onboarding applications to these systems. The role works closely with business stakeholders to develop access controls and supports the full lifecycle from discovery through long‑term maintenance. It also collaborates with security and internal audit teams to ensure proper access controls and auditing. Key responsibilities include administration of the IGA platform, configuration and maintenance of single sign‑on integrations, automation of user provisioning and de‑provisioning, and development of role‑ and attribute‑based access controls. The engineer will troubleshoot technical IAM issues, improve solutions against evolving threats, coach teammates on best practices, and produce reporting for IT and business owners. They also drive IAM roadmap planning, create documentation standards, and provide engineering support for automation across enterprise systems. • Administer and maintain the Saviynt IGA platform. • Automate user provisioning and de‑provisioning workflows. • Develop and enforce role‑based and attribute‑based access controls. • Troubleshoot and resolve technical IAM issues. • Enhance IAM solutions to address evolving security threats. • Coach organization members on IAM best practices. • Create and deliver reporting for IT, business owners, and SMEs. • Drive planning and execution of IAM roadmap and technology upgrades. • Establish documentation standards for IAM processes and infrastructure. • Provide engineering support to automate compliance across enterprise systems. • Perform day‑to‑day IAM operations and support, including bimonthly maintenance.

Key Responsibilities

• ▸iga administration
• ▸provisioning automation
• ▸access controls
• ▸iam troubleshoot
• ▸roadmap planning
• ▸compliance automation

What You Bring

Basic qualifications require at least five years of IT experience, with three or more years focused on IAM, strong oral and written communication, and the ability to collaborate across business units. Candidates must demonstrate solid knowledge of IAM concepts, authentication methods, least‑privilege principles, and experience integrating with APIs, SCIM, and federation protocols such as SAML, OAuth, and OIDC. Experience with role‑based and attribute‑based access controls and access certifications is also essential. Preferred qualifications include hands‑on administration of Saviynt or similar IGA tools (e.g., Sailpoint), and familiarity with Entra ID, Okta, ServiceNow, SQL, scripting, and CyberArk. These skills support deeper integration and automation of Clark’s IAM ecosystem. The position is office‑based five days a week, requiring prolonged desk work, focused collaboration, and occasional travel to construction sites. Employees must be able to lift objects up to 10 pounds regularly and up to 25 pounds occasionally, and must follow all safety policies in dynamic site environments. Clark offers a high‑performance culture that values resilience, adaptability, and teamwork. Candidates should be prepared for extended hours during critical project phases and be responsive to urgent communications. Success in this role depends on commitment, flexibility, and proactive problem‑solving. • Onboard new applications to IAM platforms (Saviynt, Entra ID, Okta). • Configure and support single sign‑on (SSO) integrations. • 5+ years of IT experience with 3+ years focused on IAM. • Strong oral and written communication and cross‑functional collaboration skills. • Proficient with authentication methods, least‑privilege access, APIs, SCIM, and federation protocols (SAML, OAuth, OIDC). • Experience with access certifications and role/attribute access controls. • Preferred: Saviynt or Sailpoint administration experience. • Preferred: Knowledge of Entra ID, Okta, ServiceNow, SQL, scripting, and CyberArk.

Requirements

• ▸saviynt
• ▸okta
• ▸entra id
• ▸iam
• ▸sso
• ▸5+ years

Work Environment

Office Full-Time