Role Description
We are seeking an AI-Augmented IAM Security Engineer to handle the hands-on implementation, configuration, automation and day-to-day operation of enterprise Identity and Access Management. This is a delivery-and-operations role that works within the designs, standards, role models and policies set by IAM architects and security leadership. The focus is building, configuring, scripting, running and troubleshooting IAM, not defining target-state architecture, role models or governance policy.
-
Implement, configure, and operate IAM solutions and controls based on architecture, standards, and designs defined by IAM architects and security leadership.
-
Build and maintain identity lifecycle (Joiner / Mover / Leaver) processes, including automated provisioning and deprovisioning across target systems.
-
Configure and maintain core IAM capabilities, including SSO, federation, MFA and passwordless authentication, conditional access, RBAC/ABAC role models, and least-privilege access.
-
Develop, deploy, and maintain IAM integrations and connectors with cloud platforms, SaaS applications, enterprise systems, directories, authoritative source systems, databases, and APIs.
-
Execute access certification and review campaigns, perform entitlement clean-up, and configure segregation-of-duties (SoD) rules according to access policies defined by architects and the business.
-
Implement and operate Privileged Access Management controls, including credential vaulting, secrets rotation, session management, and just-in-time and just-enough access.
-
Develop and maintain automation scripts, workflows, and IAM tooling using PowerShell, Python, REST APIs, SCIM, Terraform, or similar technologies.
-
Monitor IAM platform health, troubleshoot and resolve incidents and access issues, and perform patching, upgrades, and configuration hardening.
-
Implement and maintain IAM logging, alerting, and monitoring, and run backup and recovery procedures according to defined runbooks and resilience requirements.
-
Build, deploy, and maintain AI-assisted automations and agentic workflows that reduce manual effort across daily IAM operations.
-
Build and integrate AI agents and LLM-backed automations into IAM systems and operational pipelines.
-
Develop, test, and maintain reusable prompts, structured-prompting patterns, and prompt templates for recurring IAM tasks.
-
Implement retrieval over IAM policies, role catalogs, runbooks, and documentation so AI assistants answer from current, authoritative internal sources.
-
Implement output verification, human-in-the-loop approval gates, and rollback paths in AI-assisted IAM workflows.
-
Implement security and privacy controls for IAM AI usage.
-
Monitor AI-assisted IAM automations in production, measure their accuracy and impact, and continuously tune prompts, tools, and workflows based on results and feedback.
-
Produce and maintain operational documentation, runbooks, and standard operating procedures, and support audits and compliance evidence requests.
Qualifications
-
Bachelor's degree in Computer Science, Cybersecurity, Engineering, or equivalent practical experience.
-
2+ years of hands-on experience implementing or operating Identity and Access Management solutions.
-
Hands-on experience with at least one enterprise IAM, IGA, PAM, or federation platform.
-
Solid understanding of IAM concepts, including identity lifecycle, authentication, authorization, SSO, federation, MFA, RBAC/ABAC, least privilege, and privileged access.
-
Practical knowledge of common IAM protocols and standards, such as SAML, OAuth 2.0, OpenID Connect, SCIM, LDAP, and Kerberos.
-
Experience configuring IAM controls, policies, connectors, and access governance workflows.
-
Working knowledge of cloud IAM concepts across at least one major cloud platform such as Azure, AWS, or GCP.
-
Scripting and automation experience using at least one of PowerShell, Python, Bash, REST APIs, SCIM, or Terraform.
-
Ability to work closely with developers, architects, infrastructure engineers, security operations, compliance teams, and business stakeholders.
-
Ability to follow, maintain, and improve defined IAM and security processes.
-
Comfortable executing changes from tickets, runbooks, and designs provided by senior engineers and architects.
-
Practical understanding of AI-assisted productivity and automation beyond basic chatbot usage.
-
Good communication skills and the ability to explain IAM issues, technical decisions, and remediation steps to both technical and non-technical stakeholders.
-
Hands-on proficiency is a must.
-
English proficiency at B2 level or higher.
Requirements
-
Experience with IAM platforms such as Microsoft Entra ID, Active Directory, Okta, Ping Identity, ForgeRock, Auth0, SailPoint, Saviynt, CyberArk, or similar.
-
Experience with CIAM, B2B/B2C identity, customer identity, external identity, or partner access scenarios.
-
Experience with SIEM/SOAR integrations for IAM monitoring, alerting, and automated response.
-
Experience with CI/CD-based IAM deployment, configuration-as-code, and automated testing of IAM changes.
-
Experience with AI/LLM platforms or frameworks such as Azure OpenAI, Amazon Bedrock, Microsoft Copilot Studio, LangChain, AutoGen, or Power Automate.
-
Understanding of AI security risks, including data leakage, prompt injection, excessive agency, insecure tool use, model governance, and sensitive identity data exposure.
-
Security or IAM certifications such as SC-300: Microsoft Identity and Access Administrator; Okta Certified Professional / Administrator / Consultant; SailPoint, Saviynt, CyberArk, or Ping Identity certifications; CISSP, CISM, CISA, CCSK, CCSP, SSCP, or similar.
-
AI-related certifications are a plus, for example: AI-900: Microsoft Azure AI Fundamentals; AWS Certified AI Practitioner.