Vailexa Technology
Website:
vailexa.com
Job details:
Identity and Access Management (IAM) Engineer
Location: Remote
Employment Type: Full-time
About the Role
We are looking for an experienced **Identity and Access Management (IAM) Engineer** to join our InfoSec team. In this role, you will own the design, review, and implementation of identity and access controls across our cloud and SaaS ecosystem. You will partner closely with engineering, IT, and business teams to translate access requirements into secure, scalable, and automated identity solutions.
This is a high-impact role for someone who enjoys solving real-world identity problems at scale — from designing fine-grained cloud permissions to onboarding applications into enterprise governance platforms, to building automation that eliminates manual access toil.
What You'll Do
Review and respond to identity requests** from engineering and business teams. Understand the underlying ask, research appropriate options, and propose secure, least-privilege solutions.
Design and implement Cloud IAM permission sets** across AWS, Azure, and GCP to meet evolving engineering requirements.
Build and maintain Role-Based Access Control (RBAC) models** by partnering with various stakeholders to capture requirements and translate them into durable access patterns.
Onboard applications into SailPoint** and generate governance reports for access reviews, certifications, and audit needs.
Design, review, and implement Okta integrations** including SSO and SCIM provisioning for new and existing applications.
Automate identity workflows and support tasks** wherever possible — reducing manual toil and improving consistency.
Contribute to ongoing IAM projects** including SSO rollouts, SailPoint integrations, access modeling initiatives, and lifecycle automation.
Act as a trusted advisor** to engineering teams on identity best practices, helping them ship securely without slowing down.
Required Qualifications (Primary Skill Set)
Cloud IAM
Hands-on ability to propose, design, review, and implement cloud permission sets to meet engineering requirements across **AWS, Azure, and GCP**. Strong understanding of cloud-native IAM primitives (roles, policies, service principals, workload identity, etc.) and how to apply least-privilege principles in a multi-cloud environment.
SailPoint
Skilled in onboarding applications to **SailPoint IdentityIQ / IdentityNow** and generating reports to support various governance needs (access reviews, certifications, separation of duties, audits).
Okta (SSO and SCIM)
Strong understanding of **SSO and SCIM** concepts with the ability to design and review **Okta integrations** end-to-end — including application setup, attribute mapping, group rules, and lifecycle provisioning.
Terraform / Infrastructure as Code
Familiarity with **IaC solutions** (preferably Terraform) and proven experience partnering with engineering teams to leverage IaC to automate identity-based workflows and enforce configuration as code.
General Identity Modeling
Solid working knowledge of how **SSO, SAML, and OAuth/OIDC** work under the hood. Comfortable building quick prototypes, reviewing enterprise identity requests, and reasoning about trust boundaries, token flows, and federation patterns.
Preferred Qualifications (Nice-to-Have)
CyberArk EPM (or comparable)** — Experience rolling out Endpoint Privileged Management solutions.
Non-Human Identities (NHI)** — Experience creating, managing, modeling, and monitoring/auditing non-human identities (service accounts, workload identities, machine credentials, secrets) is a strong bonus.
Familiarity with Client's tooling stack** — Jira, Confluence, and Google Workspace.
What Success Looks Like
- Identity review requests are turned around quickly with secure, well-reasoned solutions.
- Engineering teams view IAM as a partner that unblocks them rather than a bottleneck.
- A maintainable RBAC model reduces ad-hoc permission requests over time.
- Manual support tasks are progressively automated — measurable reduction in toil quarter over quarter.
- SSO, SailPoint, and access modeling projects ship on time with strong stakeholder alignment.
Core Competencies
- Strong communicator** — able to work across engineering, IT, security, and business teams to gather requirements and explain trade-offs clearly.
- Bias toward automation** — defaults to scripting, IaC, and tooling rather than repeated manual work.
- Security-first mindset** — instinctively reaches for least-privilege and defense-in-depth.
- Pragmatic problem-solver** — balances ideal-state architecture with what's deliverable today.
- Self-directed** — comfortable owning ambiguous problems end-to-end.
Click on Apply to know more.