Senior Identity & Access Management Engineer (Remote)

Join to apply for the Senior Identity & Access Management Engineer (Remote) role at KBRA

Get AI-powered advice on this job and more exclusive features.

Position Title: Senior Identity and Access Management Engineer

Entity: KBRA Holdings, LLC

Employment Type: Full-time

Location: Remote (Remote only in CA, CO, DC, FL, IL, MD, NJ, MA, NY, PA, SC, TX, VA)

Summary/Overview

We are seeking a highly skilled and detail-oriented Senior Identity and Access Management (IAM) Engineer to join our Information Security team. The Senior IAM Engineer designs a modern IAM program for access, authentication, and authorization for all business units, including third-party dependencies. The role involves collaborating with cybersecurity and technical teams to define, establish, maintain, and manage access and identities, ensuring security principles are followed in provisioning and deprovisioning processes. The position requires working closely with IT, cybersecurity, business units, and third parties, with a focus on directory services, technical integrations, and governance.

The Senior IAM Engineer will work on designing and managing enterprise-wide identity and access controls, adopting best practices, and supporting secure operations. A solid understanding of security principles, hands-on experience with host and application configurations, hybrid solutions, directory services, and zero trust principles are essential. The ideal candidate has five to seven years of cybersecurity, IAM, or IT administration experience.

Job Responsibilities

1. Establish and oversee IAM solutions within a distributed security and technology team.
2. Design and manage IAM projects from inception to completion, ensuring timely delivery within budget.
3. Implement IAM models aligned with risk management strategies.
4. Provide technical architecture for a global enterprise workforce.
5. Design solutions for SSO, directory services, zero trust, MFA, privileged accounts, automation, and behavior analytics.
6. Create resilient identity strategies aligned with cybersecurity policies.
7. Manage the identity lifecycle, including onboarding, role changes, and offboarding.
8. Define IAM requirements with stakeholders and develop comprehensive solutions.
9. Document architecture, configurations, and operational procedures.
10. Drive adoption of IAM architectures and technologies.
11. Develop and maintain IAM capability roadmaps responding to business and technological needs.
12. Plan for on-premises, cloud, and hybrid infrastructure supporting remote workforces.
13. Conduct impact analyses and risk assessments, recommending improvements.
14. Collaborate with incident responders and escalate issues as needed.
15. Maintain access policies, exceptions, and audit documentation.
16. Review accounts during periodic audits and recommend controls.
17. Suggest automation, security, and user experience improvements.
18. Communicate security posture to leadership and stakeholders.
19. Participate in security groups and industry consortiums.
20. Define KPIs, operational metrics, and SLAs for IAM success measurement.
21. Support tactical and strategic IAM initiatives.
22. Engage with business units to understand IAM support needs.

Successful Candidates Will Possess The Following

• 7-10+ years in cybersecurity administration, with 3+ years in IAM roles.
• Expertise in directory services, cloud platforms (Azure/AWS/GCP), SSO, MFA, and access roles.
• Knowledge of IAM protocols like Kerberos, SAML, OAuth, OpenID, SCIM, XACML, SPML.
• Understanding of cloud architectures, including IaaS, PaaS, SaaS.
• Experience with IAM systems, access controls, and governance fundamentals.
• Preferred scripting skills in Python, PowerShell, Bash.
• Strong communication skills across organizational levels.
• Ability to understand complex technical infrastructures and access controls.
• Knowledge of service design, delivery, and control frameworks.
• Organizational skills to prioritize and meet SLAs/SLOs.
• Judgment and decision-making skills in complex situations.
• High integrity, professionalism, and trustworthiness.

Additional Preferred Qualifications:

• Bachelor's degree in information assurance, computer science, engineering, or related fields.
• Certifications such as CISSP, CISM, AWS/Azure Security, Okta Certified, CIAM, CAMS, CIDPRO.
• Experience with IAM platforms like Okta, Auth0, Ping Identity, ForgeRock.
• Familiarity with cloud IAM services and ITSM tools.

Salary Range

The estimated annual salary is $140,000 to $170,000, based on experience and other factors.

Benefits

• Competitive benefits, paid time off, family and disability leave.
• 401(k) with employer match.
• Financial support for education and professional development.
• Employee referral bonuses.

About Us

KBRA is a credit rating agency registered in the U.S., EU, and UK, providing structured finance ratings in Canada. Our ratings support regulatory capital requirements across jurisdictions.

More Info

KBRA values diversity and encourages applications from all qualified individuals regardless of race, gender, age, disability, or other protected characteristics.

• Mid-Senior level

• Full-time

• Engineering and IT