IAM Security Engineer
Spectraforce
Seattle, Washington
2 hours ago
Job Description
Title: IAM Security Engineer
Location: Seattle, WA 98101 - 4 days per week onsite.
Duration: 3 Months with possible extension or conversion
Schedule: 8-5 PM PST
Description:
A solid individual contributor responsible for designing, implementing, and supporting IAM solutions across multiple environments with minimal supervision. This role actively develops automation to streamline operational tasks, implements subsystem-level security designs, and serves as an escalation point for complex technical issues.
Key Responsibilities
Required Qualifications
At SPECTRAFORCE, we are committed to maintaining a workplace that ensures fair compensation and wage transparency in adherence with all applicable state and local laws.This position's pay range is $80.00/hr - $84.00/hr.
Location: Seattle, WA 98101 - 4 days per week onsite.
Duration: 3 Months with possible extension or conversion
Schedule: 8-5 PM PST
Description:
A solid individual contributor responsible for designing, implementing, and supporting IAM solutions across multiple environments with minimal supervision. This role actively develops automation to streamline operational tasks, implements subsystem-level security designs, and serves as an escalation point for complex technical issues.
Key Responsibilities
- Design and implement secure IAM configurations across multi-cloud and hybrid identity environments, applying Zero Trust principles to develop and tune conditional access policies and cloud IAM roles.
- Develop, test, and maintain automation scripts (Python, PowerShell) and low-code workflows (e.g., Okta Workflows) to streamline user lifecycle management (LCM), reduce manual effort, and improve accuracy.
- Independently manage the end-to-end integration of new applications into the IAM ecosystem, including SSO, MFA, IGA, and PAM solutions, applying Role-Based Access Control (RBAC) models.
- Implement and configure IAM controls for non-human identities, such as service principals in Azure or Cloud Infrastructure platform (AWS, GCP, Oracle), ensuring they adhere to the principle of least privilege.
- Create and maintain modular and reusable Infrastructure as Code (IaC) modules (e.g., Terraform) for the repeatable and consistent deployment of IAM resources.
- Manage secrets and credentials for applications and services using a vaulting solution and enterprise Public Key Infrastructure (PKI).
- Troubleshoot and resolve complex technical identity and access issues across both cloud and legacy systems, performing root cause analysis and implementing preventative measures.
- For development-focused roles: Develop, test, and maintain custom automation scripts and simple applications that interact with REST APIs to extend IAM platform capabilities.
- Design and build an automated workflow in Okta Workflows to deprovision access from a set of high-risk applications within one hour of receiving a termination event from the HR system.
- Develop a reusable Terraform module to standardize the creation of IAM roles in AWS, incorporating permissions boundaries and mandatory tagging policies.
- Implement Just-in-Time (JIT) access for a defined set of privileged roles using a PAM solution, reducing standing privileged access by 75% for that group.
- Create a comprehensive dashboard to monitor for anomalous login patterns, correlating data from the IdP, cloud platforms, and legacy directory services.
Required Qualifications
- 2+ years of direct experience in an Identity and Access Management role.
- Demonstrated experience with at least one major cloud identity platform (Okta, Microsoft Entra ID).
- Proficiency in scripting with PowerShell or Python for automation.
- Hands-on experience with Infrastructure as Code tools, particularly Terraform.
- Strong understanding of modern authentication and federation protocols (SAML, OIDC, OAuth 2.0, SCIM).
- Experience with hybrid identity models connecting cloud IdPs to on-premise Active Directory.
- *For development-focused roles: Proficiency in a scripting or programming language (Python, Go) and hands-on experience consuming REST APIs.
- Bachelor's Degree in Information Technology, Computer Science, Cybersecurity or related experience required.
- AWS Certified Security - Specialty or Azure Security Engineer Associate
- Microsoft SC-300: Identity and Access Administrator Associate
- Okta Certified Administrator
- SailPoint Certified IdentityIQ Associate or SailPoint Certified IdentityNow Professional
- For development-focused roles: Experience with full-stack development is a plus.
- Technical Skills
- Okta, Microsoft Entra ID, Active Directory, AWS IAM, SailPoint IdentityNow, Terraform, BeyondTrust, HashiCorp Vault, PKI / Certificate Management, Git.
- Languages: PowerShell, Python*, Bash*, Go*, JSON, YAML, REST APIs*.
- Platforms: AWS, Azure, GCP, Windows/Linux, Docker, Kubernetes.
- Protocols: SAML 2.0, OAuth 2.0, OIDC, SCIM, LDAP, Kerberos, FIDO2.
- Customer Focus
- Drives Results
- Builds Trust
- Self-Development
- Communicates Effectively
- Has Courage
- Decision Quality
- Strategic Mindset
- Manages Complexity
Applicant Notices & Disclaimers
- For information on benefits, equal opportunity employment, and location-specific applicant notices, click here
At SPECTRAFORCE, we are committed to maintaining a workplace that ensures fair compensation and wage transparency in adherence with all applicable state and local laws.This position's pay range is $80.00/hr - $84.00/hr.