Senior Identity and Access Management Engineer

RESPONSIBILITIES: Kforce has a client that is seeking a Senior Identity and Access Management (IAM) Engineer for a 6 month+ 100% remote contract assignment. Summary: The Senior Identity and Access Management (IAM) Engineer is a member of the Clients Cybersecurity team and is responsible for designing, developing, and implementing high-quality IAM solutions that align with the organization's cybersecurity strategy. The candidate will collaborate with cross-functional teams to ensure IAM systems are robust, scalable, and compliant with industry best practices. The candidate must have a strong background in technology, security and metrics, and must be highly adaptive. The candidate must be highly organized and analytical and is expected to partner and mentor effectively with other teams on an ongoing basis. Specific responsibilities: • Design and architect IAM frameworks to support secure access across hybrid environments • Automate IAM processes to improve operational efficiency and reduce manual intervention • Lead the integration of IAM solutions with existing systems, ensuring compatibility and compliance with security standards • Implement role-based access control (RBAC), Least-Privilege, and Zero-Trust principles • Contribute to the development and maintenance of IAM solutions - PingOne SSO, Saviynt Enterprise Identity Cloud, Entra ID • Monitor and enhance IAM security posture through continuous improvement and threat mitigation • Implement and support Identity Threat Detection and Response solutions and practices • Evaluate vendor IAM solutions and document their applicability and value • Create and maintain comprehensive documentation for IAM processes and ensure compliance with regulatory requirements • Research, design, and advocate for relevant IAM architectures and solutions supporting security requirements of the enterprise, its customers, business partners and vendors REQUIREMENTS: • Bachelor's or Master's degree in Computer Science, Information Systems or other related field, or equivalent work experience • Professional security certifications, such as an ISC (2) Certified Information Systems Security Professional (CISSP), IMI Certified Identity Management Professional (CIMP), Certified Identity and Access Manager (CIAM) or similar • Hands-on experience delivering enterprise-level IAM solutions and controls • Expertise in authentication and authorization standards, including FIDO2, SAML, OAuth, and LDAP • Extensive hands-on experience implementing and supporting one or more Single Sign On solutions (e.g., PingOne, Entra ID) • Extensive hands-on experience implementing and supporting one or more Identity Governance and Administration solutions (e.g., Saviynt, SailPoint) • Experience implementing and managing Privileged Access Management (PAM) • Experience in migrating legacy authentication standards to modern ones • Experience with Active Directory, scripting/programming languages (e.g., Python, Ruby, PowerShell) • Familiarity with SAP IAM, certificate management and PKI services • Extensive familiarity with NIST and ISO security practice frameworks, data privacy regulations • Strong problem-solving skills and the ability to communicate effectively with technical and non-technical stakeholders • Strong conceptual thinking and communication skills - the ability to translate complex business and technical requirements into effective and comprehensible solutions The following are not essential, but are highly valued: • Familiarity with architecture methodologies (e.g., SABSA, TOGAF, Zachman Framework) • Demonstrable experience creating, securing, and managing Cloud infrastructures (e.g., AWS, Azure, Open stack) • Professional experience in application or infrastructure penetration testing The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future. We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave. Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law. This job is not eligible for bonuses, incentives or commissions. Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP. Apply tot his job