Identity and Access Management Engineer

Remote - East Lansing, MI

Position Purpose

The Identity & Access Management Engineer works closely with several teams to design, deliver, and support the IAM strategy for the organization. The IAM Engineer partners with the Product Marketing Managers, Product Engineers, and Infrastructure team to establish a vision for how customer and workforce identities will be managed across all products and services, and how the associated access to systems and data will be maintained. Working closely with the development squads and Infrastructure team, the IAM Engineer is also responsible for the technical delivery and support of IAM solutions required to support the needs of the organization. The IAM Engineer stays abreast of industry best practices and emerging trends that will help address current challenges and enable new ways of delivering value to the organization. 


Duties and Responsibilities

Primary job duties and responsibilities: 

  • Design an IAM strategic plan and product roadmap that is aligned with business priorities, security strategy, and industry best practices. Support technical efforts in the maintenance and execution of plan
  • Assists in evaluating IAM products and services required to meet business and technology requirements, which includes directory services (e.g., AD, Cognito), identity federation (e.g., SAML, SSO and ADFS), Multi-Factor Authentication (MFA), Identity Verification, and Identity Management (IdM).
  • Works with team members to ensure requirements are gathered, processes defined and use cases documented. Provides IAM platform engineering/development services. Helps with User Acceptance Testing and bug-related engineering efforts. Participates in all IAM deployment activities. Assists team in providing production support.
  • Provides effort estimates and technical consulting services to support project and product pricing and roadmaps.
  • Works with team members to implement scalable access management and identity lifecycle processes for internal (workforce member) and external (customer) identities.
  • Creates and implements automated processes that reduce manual efforts and increase overall efficiency and scalability.
  • Helps in developing and/or integrating applications and third-party products into the IAM platform to utilize provisioning, de-provisioning and user lifecycle management. Assists team by providing technical support and performing operational fixes related to integration code.
  • Assists in the support of the role-based access control (RBAC) model. Helps maintain role-based access control documentation for operational processes.
  • Supports team members in the administration of access rights reviews. Follows up with reviewers to answer questions or provide additional data insight.
  • Works with team members to understand industry best practices and emerging trends.
  • Performs other duties as assigned.


Qualifications

Required qualifications: 

  • Experience managing an IAM strategy that includes Okta, Cognito, Azure, and AWS IAM
  • Demonstrated knowledge in the areas of identity and access management, provisioning and de-provisioning, password management, authentication, authorization, and single sign-on or commensurate experience.
  • Proven experience designing, deploying, and supporting identity and access management platforms and projects.
  • Experience in identity and access governance, including role based access control (RBAC), user identity lifecycle management and access certification.
  • Understanding of directory services (Active Directory, LDAP, Cognito).
  • Understanding of federation, SSL, SAML, OAuth, OpenID Connect, and identity governance and administration (IGA) technologies.
  • Understanding of IAM frameworks, practices, systems, and controls.
  • Knowledge of multi-factor authentication (MFA) solutions and technologies.
  • Experience with Linux-based, Windows-based, and serverless architectures in AWS. Knowledge of enterprise, network, system and application-level security issues.
  • Demonstrated scripting experience (ex. javascript) with knowledge of secure coding best practices. Familiarity with UDAP desired. 

Other knowledge, skills, and abilities: 

  • Demonstrated inherent passion for information security and service excellence 
  • Proven ability to identify project risks and gaps, developing creative and workable solutions to complex problems.
  • Demonstrated ability to work with a team and multiple stakeholders to provide direction and oversight.
  • Strategic thinker balanced with a grasp of details. Proven strong analytical and problem-solving skills with the ability to grasp new concepts and apply them; effectively evaluates information/data to make decisions; anticipate obstacles and develop plans to resolve.
  • Excellent verbal and written communication with an ability to articulate complex topics in a clear and concise manner
  • Service-oriented with demonstrated diplomacy and collaboration skills.
  • Self-motivated with excellent analytical and organizational skills. Strong focus on execution and delivery with ability to make recommendations


Direct Reports

None. 



At MiHIN, we are an Equal Opportunity Employer who recognizes that our diversity is our greatest strength. We draw on the differences in who we are, what we've experienced, and how we think to best serve our stakeholders and our communities.

Because our family of companies serve everyone, we believe in including everyone.  This means we strive to hire qualified employees that are diverse in thinking and in race, gender, gender identity and/or gender expression, age, religion or belief, sexual orientation, physical, mental, or sensory disability, citizenship, family or partnership status, socio-economic upbringing, and more.

We believe diversity and inclusion among our teammates is critical to our success as an organization, and we seek to recruit, develop, and retain the most talented people from a diverse candidate pool.