FREE ACCESS
5,000–10,000 jobs/day

See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Senior IAM Engineer
Fanatics, Inc.IAM Engineer responsible for developing security solutions and managing IAM processes for Fanatics infrastructure. Collaborating with teams on secure and efficient operations while leveraging advanced IAM technologies.
Tech Stack
Tools & technologiesAnsibleAWSAzureCloudGoGoogle Cloud PlatformJenkinsLinuxPythonTerraform
About the role
Key responsibilities & impact- Lead the implementation and development process for the Identify and access Management (IAM) program with a security focus.
- Work with vendors and business partners to develop, implement and manage the IAM program.
- Lead program design and review working directly with business lines on the integration requirements including provisioning, de-provision, and identity lifecycle into the IAM platforms.
- Develop strategy roadmaps for the IAM systems and the IAM program, develop enterprise-wide standards for IAM.
- Implement or coordinate remediation required by policies, standards, reviews, and audits, documenting exceptions as necessary.
- Define the user access security model for all systems and platforms. Enforcing least-privilege model.
- Provide subject matter expertise in multiple domain focus areas including but not limited to: Privileged Access Management and Secrets Management tooling such as CyberArk, Delinea, HashiCorp.
- Operation and maintenance of the Privileged Access Management and Secrets Management platforms to support various business use cases, providing in-depth technical consultation to business application development team to ensure development of efficient application systems.
- Support PAM Security Strategy including provisioning, password management and access policies, SSH key management, API key management and reporting.
- Support the operation of the PAM platform to ensure secure and efficient operation and usage for all lines of business.
- PAM administration: Manage and mature the PAM platform including safe design, policy configuration, and session isolation for privileged accounts.
- Credential lifecycle: Own automated password/secret rotation, onboarding of privileged and service accounts, and just-in-time access workflows to reduce standing privilege.
- Certificate/PAM convergence: Support the integration of certificate lifecycle operations into the PAM platform, leveraging automation to reduce manual certificate handling.
- Auditing & reporting: Produce privileged access usage reports and support audit evidence requests for SOC 2, PCI DSS, and ITGC controls.
- Integrate PAM solution with various technologies. Provide security consultation on internal projects focusing on business needs, security's role in change management, and how data is transmitted internally and externally.
- Design, configure, and maintain PAM solutions for Linux and Windows tools.
- Access governance: Support periodic access certifications, least-privilege reviews, and segregation-of-duties analysis in partnership with Access Governance and GRC teams.
- RBAC/ABAC design: Define and maintain role-based and attribute-based access models for critical applications.
- Provisioning integrations: Build and maintain SCIM, API, and directory-based integrations connecting HR systems, Active Directory, and downstream applications.
- Lifecycle ownership: Manage issuance, renewal, revocation, and inventory of internal and external TLS/SSL certificates across cloud and on-prem environments.
- Automation: Build automated monitoring and renewal pipelines to eliminate expiration-driven outages, integrating with CyberArk and internal CI/CD tooling.
- PKI hygiene: Maintain certificate authority relationships, key management standards, and rotation policies aligned to industry best practice.
- Platform administration: Configure and maintain Okta as the enterprise SSO and MFA provider, including application integrations (SAML, OIDC, Oauth, SWA), policies, and group rules.
- Authentication engineering: Implement adaptive MFA, conditional access policies, and passwordless authentication initiatives.
- App onboarding: Partner with application and engineering teams to onboard new applications into Okta, including custom OIDC/SAML integrations for internal tools.
- AI identity operations: Support emerging identity controls for AI agents and machine identities, including scoped OAuth tokens and service-to-service authentication.
- Lead IAM engineering strategy and execution, set the direction for engineering efforts, drive technology selection (Including bus vs build decision) and act as the functional technical leader during implementation.
- Establish CIEM, ITDR, IGA strategy, implementation and operationalization
- Evaluate and monitor project efforts, timelines, and task management
Requirements
What you’ll need- A minimum of 5 years of experience.
- Bachelor’s degree in computer science, Information Systems, or equivalent combination of education and experience
- Relevant Security Certifications
- Experience designing, implementing, and managing complex IAM Solutions
- Strong understanding on Identity and privileged constructs within Cloud environments.
- An understanding and demonstrated use of DevOps tools (Bit bucket, Gitlab, Github, Jenkins, Automated deployment tools) with CI/CD capabilities.
- Experience in designing and implementing PAM solutions such as (BeyondTrust, CyberArk, Delinea) for enterprise organizations.
- Experience with password safe tools such as BeyondTrust Password safe and Powerbroker for both Windows and Linux environments.
- Experience with databases, LDAP and directory services, application servers, operating systems and network infrastructure.
- Strong understanding of Identity Lifecycle in regard to privileged accounts and how people use accounts.
- Experience with Zero Trust Security
- Proficiency in Active Directory, LDAP, SAML, OAuth, IdPs.
- Demonstrate an advanced understanding of troubleshooting and configuring Privileged applications, Privileged ID Management, and API integrations.
- An understanding of the emerging authorization mechanisms based on Zanzibar/ReBAC.
- Experience with CIEM, ITDR and IGA platforms
- Maintain documentation related to IAM processes, configurations, incident response procedures and run books.
- Working knowledge of certificate management / PKI concepts (TLS, CA hierarchies, key rotation).
- Experience with configuration management tools like Terraform, Ansible, etc.
- Experience with cloud technologies, e.g. AWS, Azure, GCP, OCI
- Advanced programming experience (Python, Go, etc.)
- Strong critical thinking and analytical skills
- Ability to approach problem solving in a constructive and collaborative way that does not require absolute security.
- The ability to communicate complicated technical issues and risks to programmers, network engineers and managers.
- Strong leadership, project, and team-building skills
- Exceptional communication skills with diverse audiences; the ability to be an infrastructure security subject matter expert who can explain relevant topics to general audiences.
Benefits
Comp & perks- Professional development opportunities
- Flexible work arrangements
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Identity Lifecycle ManagementPrivileged ID ManagementActive DirectorySAMLOAuthPython ProgrammingGo ProgrammingDatabase ManagementCertificate ManagementConfiguration Management
Soft Skills
Critical ThinkingAnalytical SkillsCommunication SkillsLeadership SkillsTeam-Building Skills
Certifications
Relevant Security Certifications