Identity and Access Management Engineer
$72,600–$163,000 year
Hybrid · Rocklin, California, United States or Spokane, Washington, United States
Job Summary
Identify and Access Management Engineer II/III responsible for configuring and implementing IAM solutions in a hybrid cloud environment. Duties include administering directory services (e.g., Ping One, Entra ID, Active Directory, LDAP), enabling authentication and authorization controls, implementing SSO for SaaS and on-prem apps, configuring Conditional Access and entitlement management, building identity automation with PowerShell/Graph API/REST, troubleshooting complex authentication and directory issues across hybrid and cloud, and collaborating with application teams to onboard systems while supporting IAM roadmap initiatives.
Required Qualifications
- 5-7 years IAM engineering or security engineering or related roles
- Proficiency with Entra ID / Azure AD, Active Directory, Conditional Access, authentication protocols, and SSO/SaaS integrations
- Strong scripting skills (PowerShell highly preferred)
- Understanding Zero Trust architecture, least privilege principles, and modern identity frameworks
- Hands-on experience with MFA, identity federation, and access governance
- Experience with IAM tools such as SailPoint, Saviynt, Okta, Ping, CyberArk, or BeyondTrust
- Familiarity with automation/orchestration (Logic Apps, Azure Automation, Identity Governance workflows, etc.)
- Knowledge of cloud security (Azure, AWS, or GCP)
- Certifications such as Microsoft Certified: Identity & Access Administrator, SC-300, CISSP, or similar
- Familiarity with identity governance, access reviews, and compliance frameworks (e.g., SOX, NIST)
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.