Job Type
Full-Time Regular

Job Description

BCTG’s direct client is looking to hire a permanent IAM (Identity Access Management) Engineer. This position will manage and maintain BDF’s Role Based Security Model and continue its security roadmap by contributing to Identity and Access Management infrastructure improvements. The right candidate will have had hands-on experience with integrating Active Directory, Access Management solutions, Identity Providers (OKTA Preferred), and more. Candidate with engineering and system administration experience preferred, but strong IAM architecture and design skills are a core requirement.


  • Ability to work in a team environment across multiple time zones.
  • Manage all enterprise RBAC.
  • Work with business to define new roles, and then internally in IT to execute.
  • Document all roles and access and maintain up to date documentation
  • Full automation of user provisioning with Powershell and SQL
  • Strong communication and writing skills is required.
  • Proven problem solving and organizational skills;
  • Excellent communication skills;
  • Self-motivated, enthusiastic, detail oriented, multi-tasking, and adaptable
  • Ability to work with global teams

Technical Requirements:

  • At least 6+ years of IAM/Active Directory experience within complex corporate IT environments. Experience in implementation of Identity and Access Management solution, preferably OKTA
  • Strong Powershell scripting experience a must.
  • Working knowledge of REST APIs
  • Extensive Experience with file level security within a RBAC environment
  • One or more certifications such as CISSP or IAM Tool Specific Preferred
  • Deep understanding and engineering hands on building solutions with Cloud based Identity solutions like Okta and Azure ADExpert Knowledge of Identity and Access Management methodologies, specifically as it relates to Role-Based Access (RBAC) and Policy Based Access (PBAC) control.
  • Experience with Authorization Framework/Specifications such as OAuth2, OIDC, SAML, Single Sign-On solutions
  • Knowledge of information security concepts. Deep working knowledge of at least one IAM tool/operating system.
  • Experience with directory management applications such as LDAP/Active Directory
  • At least one or more certifications such as CISSP or IAM tool specific certification.
  • Experience with relational database management systems such Oracle, SQL Server etc.
  • Active Directory Federation Services (ADFS), SAML, web Single Sign-on (SSO), OAuth and related
  • Identify and access management application integrations
  • Auditing
  • Assessment, design, upgrades and pilots - implementations of enterprise directory services technologies
  • Group Policies (GPO)
  • Microsoft Migration Tools and authentication technologies
  • Microsoft ADFS, Public Key Infrastructures Federated identity systems
  • Multi factor authentication (MFA) both token and cloud.

Must be able to answer:
  1. How would you (or how have you in the past) architect a role-based security model from the ground up for a new department or departments?
  2. How would provide both flexibility and scalability in that structure to accommodate changes to org structure expansion and/or changes?
  3. How would you handle a business request to have two users in the same title/role that have different resource access requirements?

Apply With