Senior IAM Engineer (Okta)

ComResource is looking for a Senior IAM Engineer (Okta).

Responsibilities:

• Lead enterprise Okta administration and governance across integrated applications and services, including Universal Directory, lifecycle management, and advanced authentication policies.
• Architect and implement identity federation solutions using SAML 2.0, OAuth 2.0, OIDC, and WS-Federation protocols for SaaS, PaaS, and on-premises applications.
• Design and manage Active Directory integration strategies, including Okta AD Agent deployment, directory synchronization, and delegated authentication architectures.
• Oversee identity provisioning and deprovisioning workflows using Okta Lifecycle Management, SCIM protocols, and API-driven automation for seamless user lifecycle governance.
• Lead SSO implementation projects for new application onboarding, including technical discovery, integration design, testing, and production deployment.
• Develop and enforce adaptive MFA policies using Okta Verify, contextual access controls, and risk-based authentication frameworks.
• Manage Okta tenant architecture across multiple environments, including production, DR, and development, ensuring high availability and disaster recovery capabilities.
• Collaborate with security and compliance teams on identity governance initiatives, including access reviews, separation of duties, and privileged access management.
• Design and implement API-driven automation using PowerShell, Python, and Okta APIs for identity operations, reporting, and integration workflows.
• Lead technical troubleshooting of complex SSO, authentication, and authorization issues across heterogeneous enterprise environments.
• Partner with application development teams to integrate modern authentication patterns and zero-trust architecture principles.
• Maintain and optimize Azure AD/Entra ID integration with Okta for hybrid identity scenarios.
• Develop comprehensive IAM documentation, including architecture diagrams, integration guides, runbooks, and knowledge transfer materials.
• Provide strategic guidance on identity security best practices, threat mitigation, and compliance requirements, including SOX, GDPR, and SOC2.
• Mentor junior team members and provide technical leadership.

Essentials:

• Bachelor's degree in Computer Science, Information Security, or equivalent professional experience.
• 7–10+ years in identity and access management with enterprise-scale implementations.
• Minimum 3–5 years of hands-on experience administering Okta, including Universal Directory, SSO, MFA, Lifecycle Management, and API Gateway.
• Strong expertise in SAML, OAuth 2.0, OIDC, LDAP, SCIM, and Kerberos authentication protocols.
• 5+ years of enterprise Active Directory administration, including forest design, group policy, domain trust relationships, and certificate services.
• Advanced PowerShell scripting for identity automation.
• Experience with Azure AD/Entra ID, Microsoft 365 identity management, and hybrid identity architectures.
• Strategic thinking with the ability to translate business requirements into scalable IAM architecture solutions.
• Proven track record leading complex identity integration projects from conception through production deployment.
• Strong understanding of zero-trust security principles and identity-centric security frameworks.
• Experience with ITIL/ITSM frameworks and incident/change management processes.
• Excellent documentation skills with the ability to create technical architecture diagrams and process workflows.
• Strong communication skills with the ability to collaborate with diverse technical and non-technical stakeholders.
• Flexibility to support off-hours implementations and participate in on-call rotation for critical IAM services.

Desired:

• Okta Certified Professional or Okta Certified Administrator certification; additional certifications such as CISSP, CISM, or Azure certifications are a plus.
• Experience with Python, REST APIs, and CI/CD pipelines.
• Experience with identity governance and administration (IGA) platforms.

Req ID: CG541126527