Lead IAM Engineer

• Architect, implement, and maintain IAM solutions across enterprise platforms, including Active Directory, Okta, CyberArk, and Epic.
• Design and enforce access control models (RBAC, ABAC, PBAC) and least privilege policies across on-prem, cloud, and hybrid environments.
• Lead technical integration of IAM services with internal and third-party applications using SAML, OIDC, SCIM, LDAP, and REST APIs.
• Build and maintain automated provisioning/deprovisioning workflows using tools such as Okta Workflows, PowerShell, and custom scripts.
• Conduct hands-on troubleshooting of complex identity issues, including authentication failures, SSO errors, and privilege escalation scenarios.
• Manage IAM infrastructure performance, uptime, and reliability; define SLAs and monitoring strategies.
• Perform in-depth log analysis and event correlation to support incident response and threat detection.
• Guide technical implementation of MFA, adaptive authentication, conditional access, and passwordless strategies.
• Evaluate and implement IAM-related tools and technologies, conducting proof-of-concept testing and architecture reviews.
• Author and maintain system architecture diagrams, data flow documentation, and technical runbooks.
• Support audit and compliance requirements through control implementation, technical evidence collection, and gap remediation.
• Serve as technical liaison to security, infrastructure, cloud, and development teams to ensure IAM controls are embedded in CI/CD pipelines and infrastructure as code.
• Lead vulnerability remediation efforts for IAM systems, ensuring timely patching and configuration hardening.
• Other duties and responsibilities as assigned.

• Bachelor’s degree in Information Technology (IT), Information Security, Computer Science, Engineering, Cybersecurity, or related field of study from an accredited college or university. In lieu of degree, 5+ years of experience.
• 10+ years of progressive professional experience in IT and information security, including at least 3 years of experience implementing identity and access management solutions, Role-Based Access Control (RBAC) in a medium-large sized organization (5,000+ users) with products such as Okta, CyberArk, etc.
• 4+ years of experience with Okta, configuring application SSO using OIDC or OAuth token services, and strong working knowledge of Okta Workflows.
• 2+ years of experience with PowerShell scripting focused on user management tasks and routines.
• 3+ years of experience working with RESTful APIs via Postman to automate IAM tasks such as account provisioning, role assignments, and identity lifecycle integrations.
• Experience leading or contributing to IAM system migrations and consolidations across enterprise environments.
• Experience using GRC tools for reporting, analysis, measurements, etc.

• Industry recognized certifications such as CISSP, SSCP, Security+, CISM, CISA, or equivalent.
• Certified Okta Professional or Certified Okta Developer.
• Experience with access control on at least one large scale Healthcare EMR such as Epic, Cerner, or Allscripts.
• Experience in a multi-regional healthcare, retail, or dental company.
• Experience in protecting electronically protected health information (ePHI) and sensitive customer personally identifiable information.

• Demonstrated experience leading and participating in troubleshooting, managing, and solving issues related to identities, systems, access, accounts, authentication, authorization, entitlements, federation and permissions.
• Strong grasp of APIs, web services, and microservices, particularly in the context of secure IAM integrations – ensuring proper use of authentication protocols (OAuth2, OIDC), access controls, and encrypted data exchange.
• Demonstrated experience creating IAM strategies, roadmaps, and execution plans with proven delivery in enterprise environments.
• Knowledge of core Information Security frameworks, standards such as ISO 27001, NIST, SANS, HITRUST, HIPAA, PCI, etc. is essential.
• Ability to stay current on IAM standards, protocols, and threat vectors; continuously assess architecture to improve resilience and scability.
• In-depth understanding of network/infrastructure security, cloud platforms, and endpoint security practices.
• Proficiency in automation and scripting languages such as PowerShell, Python, or Bash.
• Demonstrated effective problem-solving and leadership skills.
• Demonstrated advanced technical expertise, and the ability to lead complex security workstreams while ensuring alignment with organizational policies and industry best practices.
• Ability to uphold the organization’s privacy, professionalism, and ethical standards by ensuring systems and data remain secure and resilient.
• Ability to multi-task effectively without compromising the quality of work.
• Demonstrated effective interpersonal, verbal, and written communication and collaboration skills across diverse teams and organizational levels with the ability to translate complex technical concepts to technical and non-technical stakeholders.
• Detail-oriented, organized, process-focused, proactive, ambitious, and customer focused.
• Ability to draw conclusions and make independent decisions with limited information.
• Ability to respond to common inquiries from customers, staff, regulatory agencies, vendors, and other members of the business community.
• Self-motivated, proactive, and reliable professional with hands-on approach to problem-solving and execution capable of working independently as well as part of a team.
• Demonstrated understanding of a wide range of compliance and technology frameworks.

• Medical, dental, and vision insurance
• Paid time off
• Tuition Reimbursement
• 401K
• Paid time to volunteer in your local community

Pacific Dental Services