Astreya
Website:
astreya.com
Job details:
Role Overview
Thoughtworks is seeking an experienced(Minimum 5+ years) IAM Specialist with strong expertise in Google Workspace and Okta to support our User Identity services.
This role is responsible for the day-to-day management of identity and access across the Thoughtworks ecosystem, including user lifecycle management (Joiner–Mover–Leaver), access provisioning, SSO integrations, MFA policies, and Identity compliance.
The ideal candidate has hands-on experience operating Google Workspace and Okta in a global enterprise environment and can ensure stability, security, and smooth execution of IAM business-as-usual (BAU) activities.
This is a hands-on operational role focused on reliability, access governance, and maintaining a secure identity environment.
Key Responsibilities
- Google Workspace Administration (Must Have)
- Administer and optimize Google Workspace in a multi-OU enterprise environment
- Manage user lifecycle (Joiner–Mover–Leaver) automation and provisioning workflows
- Configure and maintain:
- Admin roles & delegated access
- Groups, Shared Drives, and Drive governance
- Context-aware access and security settings
- Gmail routing and domain configurations
- Support investigations using audit logs and reporting tools
- Work with GAM (Google Apps Manager) for bulk operations and automation
- Okta Identity Management (Must Have)
- Administer and optimize Okta for enterprise SSO and identity lifecycle
- Manage SAML, OIDC, and SCIM integrations
- Configure and maintain:
- App provisioning and deprovisioning
- MFA policies and sign-on policies
- Lifecycle workflows
- Group-based access controls
- Support secure rollout initiatives (e.g., phishing-resistant MFA, device-bound authentication)
- Troubleshoot federation and authentication issues across integrated systems
- Identity Lifecycle & Access Governance
- Drive JML process automation between HR systems, Okta, and Google Workspace
- Ensure timely provisioning/deprovisioning and least-privilege enforcement
- Handle IAM tickets and complex access issues
- Partner with Infosec for compliance audits and access reviews
- Maintain clean entitlement models and reduce over-provisioning
Tech Stack Requirements
Must Have
- 5+ years of hands-on IAM experience
- Deep administration experience in:
- Strong knowledge of:
- SAML 2.0
- OAuth / OIDC
- SCIM provisioning
- MFA & access policies
- Experience managing identity in a global enterprise environment (5k+ users preferred)
Nice to Have
- Experience with FastPass / passwordless authentication
- Exposure to device trust / device context policies
- Experience in IAM automation at scale
- Knowledge of access governance best practices
Skills & Competencies
- Strong troubleshooting mindset across identity flows
- Ability to collaborate across Security, Data, and Infrastructure teams
- Strong documentation and process design skills
- Comfortable operating in a high-scale, multi-region enterprise
- Ability to challenge insecure practices and drive improvement
Click on Apply to know more.