We are looking for a Lead AI-Augmented IAM Security Engineer to manage the practical implementation, configuration, automation, and everyday operation of enterprise Identity and Access Management. This position centers on delivery and operations, functioning within the designs, standards, role models, and policies established by IAM architects and security leadership. The emphasis lies in building, configuring, scripting, running, and troubleshooting IAM rather than shaping target-state architecture, role models, or governance policy.
Responsibilities
- Deploy, configure, and run IAM solutions and controls guided by the architecture, standards, and designs set by IAM architects and security leadership
- Establish and sustain identity lifecycle (Joiner / Mover / Leaver) processes, covering automated provisioning and deprovisioning across target systems
- Set up and maintain core IAM capabilities such as SSO, federation, MFA, passwordless authentication, conditional access, RBAC/ABAC role models, and least-privilege access
- Create, roll out, and maintain IAM integrations and connectors with cloud platforms, SaaS applications, enterprise systems, directories, authoritative source systems, databases, and APIs
- Run access certification and review campaigns, carry out entitlement clean-up, and configure segregation-of-duties (SoD) rules in line with access policies set by architects and the business
- Deploy and operate Privileged Access Management controls, including credential vaulting, secrets rotation, session management, and just-in-time and just-enough access
- Build and maintain automation scripts, workflows, and IAM tooling with PowerShell, Python, REST APIs, SCIM, Terraform, or comparable technologies
- Track IAM platform health, diagnose and resolve incidents and access issues, and handle patching, upgrades, and configuration hardening
- Set up and maintain IAM logging, alerting, and monitoring, and execute backup and recovery procedures per defined runbooks and resilience requirements
- Create, deploy, and maintain AI-assisted automations and agentic workflows that cut manual effort across daily IAM operations, such as access request triage, classification, and routing; entitlement analysis, access review summarization, and reviewer recommendations; role and entitlement analysis and access anomaly detection; provisioning and lifecycle workflow troubleshooting and root-cause analysis; privileged access review support; compliance evidence collection; IAM runbook, query, and documentation generation
- Develop and embed AI agents and LLM-backed automations into IAM systems and operational pipelines, linking models to internal tools, APIs, directories, ticketing, and IAM platforms through function calling, SCIM, REST, and webhooks
- Build, test, and maintain reusable prompts, structured-prompting patterns, and prompt templates for recurring IAM tasks, and refine them for accuracy, consistency, and safe behavior
- Set up retrieval over IAM policies, role catalogs, runbooks, and documentation (for example RAG) so AI assistants respond from current, authoritative internal sources instead of guesswork
- Put in place output verification, human-in-the-loop approval gates, and rollback paths within AI-assisted IAM workflows, so no AI-driven change reaches production access without review
- Apply security and privacy controls for IAM AI usage, including least-privilege access for agents, secrets and credential handling, prompt-injection resistance, redaction of sensitive identity data, and complete auditability of AI-driven actions
- Oversee AI-assisted IAM automations in production, gauge their accuracy and impact, and continually refine prompts, tools, and workflows based on results and feedback
- Create and maintain operational documentation, runbooks, and standard operating procedures, and assist with audits and compliance evidence requests
Requirements
- Bachelor's degree in Computer Science, Cybersecurity, Engineering, or equivalent practical experience
- 2+ years of hands-on experience deploying or operating Identity and Access Management solutions
- Hands-on experience with at least one enterprise IAM, IGA, PAM, or federation platform
- Strong grasp of IAM concepts, including identity lifecycle, authentication, authorization, SSO, federation, MFA, RBAC/ABAC, least privilege, and privileged access
- Practical familiarity with common IAM protocols and standards, such as SAML, OAuth 2.0, OpenID Connect, SCIM, LDAP, and Kerberos
- Experience setting up IAM controls, policies, connectors, and access governance workflows
- Working knowledge of cloud IAM concepts across at least one major cloud platform such as Azure, AWS, or GCP
- Scripting and automation experience with at least one of PowerShell, Python, Bash, REST APIs, SCIM, or Terraform
- Capacity to collaborate closely with developers, architects, infrastructure engineers, security operations, compliance teams, and business stakeholders
- Capacity to follow, maintain, and enhance defined IAM and security processes
- At ease carrying out changes from tickets, runbooks, and designs supplied by senior engineers and architects, and escalating design-level questions rather than owning them
- Practical grasp of AI-assisted productivity and automation beyond basic chatbot usage, including at least some of the following: building or configuring AI agents; using AI to automate repetitive IAM or security tasks; integrating LLMs with tools, APIs, documents, or workflows; prompt engineering and structured prompting; creating AI-assisted runbooks, scripts, queries, or documentation; using AI tools securely with awareness of sensitive identity data, access control, and audit requirements
- Strong communication skills and the ability to explain IAM issues, technical decisions, and remediation steps to both technical and non-technical stakeholders
- Hands-on proficiency is essential
- English proficiency at B2 level or higher
Nice to have
- Experience with IAM platforms such as Microsoft Entra ID, Active Directory, Okta, Ping Identity, ForgeRock, Auth0, SailPoint, Saviynt, CyberArk, or similar
- Experience with CIAM, B2B/B2C identity, customer identity, external identity, or partner access scenarios
- Experience with SIEM/SOAR integrations for IAM monitoring, alerting, and automated response
- Experience with CI/CD-based IAM deployment, configuration-as-code, and automated testing of IAM changes
- Experience with AI/LLM platforms or frameworks such as Azure OpenAI, Amazon Bedrock, Microsoft Copilot Studio, LangChain, AutoGen, or Power Automate
- Awareness of AI security risks, including data leakage, prompt injection, excessive agency, insecure tool use, model governance, and sensitive identity data exposure
- Security or IAM certifications such as SC-300: Microsoft Identity and Access Administrator; Okta Certified Professional / Administrator / Consultant; SailPoint, Saviynt, CyberArk, or Ping Identity certifications; CISSP, CISM, CISA, CCSK, CCSP, SSCP, or similar
- AI-related certifications are a plus, for example: AI-900: Microsoft Azure AI Fundamentals; AWS Certified AI Practitioner