Role Description You’ll own and evolve OEC’s enterprise identity platform—the core security control plane that protects everything we do. This role goes beyond administration: you’ll shape architecture, strengthen our security posture, and drive scalable identity solutions across Active Directory, Microsoft Entra ID, and Okta. You’ll operate in a distributed U.S./India environment where autonomy, strong documentation, and thoughtful engineering are key. If you enjoy balancing security with user experience and want true ownership of a critical platform, this is that role. What You’ll Do - Own the identity platform end-to-end: availability, performance, and security across AD, Entra ID, and Okta - Design modern access controls: MFA, passwordless, Conditional Access, and adaptive authentication - Enforce least privilege at scale using RBAC/ABAC and automate Joiner/Mover/Leaver (JML) processes - Lead cloud identity strategy across Entra ID and AWS IAM, including federation and workload identities - Secure privileged access with PIM/PAM and resilient break-glass patterns - Detect and respond to threats using SIEM/log platforms; lead identity-related incident investigations - Own SOC 2 identity controls including access reviews, certifications, and audit readiness - Act as a subject matter expert: build architecture diagrams, runbooks, and integration standards - Collaborate and mentor through peer reviews, knowledge sharing, and team upskilling - Participate in an on-call rotation supporting a critical security platform Qualifications - 7+ years of hands-on IAM experience in enterprise environments - Deep expertise across Active Directory, Entra ID, and Okta - Experience designing hybrid identity architectures and modern access strategies - Strong background in identity security, incident response, and compliance frameworks (SOC 2, NIST, ISO) - Proven ability to own and evolve platforms, not just support them Technical Skills - Active Directory: domains, forests, GPOs, Kerberos, LDAP - Microsoft Entra ID: Conditional Access, MFA, Identity Protection, PIM, Entra Connect - Okta: SSO, lifecycle management, integrations, federation, Workflows - Protocols: SAML, OAuth 2.0, OIDC - Access Models: RBAC/ABAC, entitlement design, JML automation - Privileged Access: PIM, PAM, break-glass strategies - Cloud IAM: AWS IAM, federated identity, cross-platform trust - Security Monitoring: SIEM tools (Sentinel, Splunk), Entra & Okta logs - IGA Tools: SailPoint, Saviynt, or Entra ID Governance - PAM Tools: CyberArk, BeyondTrust, or Delinea - Automation: SCIM provisioning, scripting (PowerShell required) - Familiarity with AI-assisted scripting/tools (e.g., Copilot, Claude) is a plus - External identity (B2B): guest access, federation, Entra External ID How You Work - Communicate clearly and constructively—even in high-pressure situations - Adapt quickly as priorities shift in a fast-moving environment - Thrive in a remote-first, highly autonomous team Requirements - Bachelor’s degree in Computer Science, IT, or related field (or equivalent experience) - Relevant certifications preferred: SC-300, AZ-500, Okta Certified Professional/Admin Benefits - Full benefits starting Day 1: Medical, Dental, and Vision - 401(k) with company match - Unlimited Flex Time Off plus 10 company-paid holidays - Professional development programs, tuition assistance, and quarterly book program - Free wellness coaching and pet insurance - Home office equipment stipend - Employee resource groups and exclusive employee discounts Why This Role This is a high-impact, high-ownership position where you’ll directly influence the security and scalability of a growing enterprise platform. You won’t just maintain systems—you’ll design, improve, and lead.