Information Security Engineer - IAM Lead / Architect

Global Information Security is seeking a detail-oriented and motivated Information Security Engineer to lead our Identity and Access Management (IAM) program while contributing to broader information security initiatives. This role is responsible for shaping how users, systems, applications, and services securely access our environment and how identity controls integrate into the overall security architecture.

You will own the IAM strategy and execution, including identity lifecycle management, authentication and authorization controls, and reliable operation of IAM platforms at scale. At the same time, you will apply general information security principles to evaluate risk, design controls, support security operations, and influence secure technology adoption across the organization.

The role involves evaluating and overseeing the design and implementation of IAM solutions, assessing identity-related security risks, and developing controls that reduce those risks. You will improve role and entitlement models, advance privileged access management, support identity governance, and partner with teams across the company to embed secure access into new and existing technologies. You will also contribute to security operations by analyzing identity-related events and helping refine detection and response workflows tied to access, authentication, and authorization.

This position is well suited for someone who enjoys working across security, engineering, and business teams. It requires the ability to balance deep technical work with documentation, standards development, and compliance activities.

Our mission is to enable the business while protecting the organization and its brand. In this role, you will support technology integrations, streamline identity and security workflows across on-prem and cloud environments, influence security priorities across the organization, and lead initiatives that strengthen our overall security posture.

·       Define the IAM roadmap and ensure alignment with security, compliance, and business needs.

·       Design and maintain enterprise IAM architectures for workforce, partners, and customers.

·       Lead initiatives related to authentication, authorization, identity governance, and privileged access.

·       Contribute to enterprise security architecture standards beyond IAM, with identity as a foundational control.

·       Set standards for identity lifecycle management, directory services, federation, and access controls.

·       Drive implementation of modern IAM capabilities such as SSO, MFA, password less authentication, SCIM, role-based access, and just-in-time access.

·       Oversee integration of cloud and on-prem applications using SAML, OIDC, and OAuth.

·       Evaluate tools, guide vendor selection, and manage technical relationships.

·       Develop reusable patterns, reference architectures, and security guidance for development teams.

·       Partner with engineering to embed IAM and security controls into CI/CD pipelines and cloud platforms.

·       Design and govern enterprise identity architecture across AWS, Okta, Entra ID, Active Directory, and hybrid environments.

·       Enforce least-privilege access using federation, roles, conditional access, and zero trust principles.

·       Architect secure access for cloud workloads, eliminating long-lived credentials and unmanaged identities.

·       Secure non-human identities, service accounts, APIs, and automation using scoped roles, ownership models, and rotation policies.

·       Design and operate centralized secrets and key management solutions using KMS, Vault, and PAM platforms.

·       Centralize identity logging, monitoring, and response for authentication and authorization events.

·       Support security operations by improving access-focused detection, alerting, and incident response workflows.

·       Establish access policies, role models, and attestation processes.

·       Ensure IAM and access controls meet regulatory, audit, and internal security expectations.

·       Provide oversight for provisioning, deprovisioning, and access escalation processes.

·       Guide monitoring and tuning of identity and security services to meet availability and performance targets.

·       Mentor IAM and security engineers and influence cross-functional teams.

·       Work closely with security, infrastructure, application owners, risk, and compliance partners.

·       Communicate technical and security concepts clearly to both technical and non-technical audiences.

·       Support incident response activities when identity or access systems are involved.

·       Strong background in IAM architecture and engineering within a broader information security context.

·       Solid understanding of core information security principles, risk management, and control design.

·       Expertise with authentication and authorization protocols including SAML, OIDC, OAuth, LDAP, and Kerberos.

·       Experience with enterprise IAM platforms such as Entra ID, Okta, or similar.

·       Strong understanding of cloud platforms such as AWS, Azure, or GCP.

·       Hands-on experience with identity governance, privileged access, and lifecycle automation.

·       Ability to lead complex initiatives and work effectively with diverse stakeholders.

·       Experience in regulated environments such as finance, healthcare, or government.

·       Familiarity with zero trust architectures and modern enterprise security models.

·       Certifications such as CISSP, CCSP, or vendor-specific IAM certifications.

·       Experience with IGA, PAM, CIEM, or customer identity platforms.

 

For US applicants, Personal Data processed in connection with candidate evaluation and decision-making, onboarding, and continued employment at Model N will be done in accordance with the Model N HR Privacy Policy found at http://www.modeln.com/applicant-and-employee-privacy-notice/