Identity & Access Management (IAM) Engineer

With 75 years of experience, our focus is on helping the most vulnerable children overcome poverty and experience fullness of life. We help children of all backgrounds, even in the most dangerous places, inspired by our Christian faith.

Come join our 33,000+ staff working in nearly 100 countries and share the joy of transforming vulnerable children’s life stories!

Key Responsibilities:

The Identity and Access Management (IAM) Engineer partners closely with the Enterprise Architecture team to implement and support robust identity and access control solutions. In this role, you will translate architectural designs into production-ready configurations, ensure operational health of IAM platforms, and deliver hands-on support to maintain secure, compliant authentication and authorization across enterprise systems and cloud environments. 

Do you excel at converting architectural vision into operational identity solutions and delivering world-class support? Join our Global Technology Services team as an IAM Engineer, where you’ll work hand-in-hand with our Enterprise Architecture group to implement, maintain, and support mission-critical access controls that secure our global NGO operations. If you thrive in an implementation-focused, collaborative environment and are passionate about driving continuous improvement in IAM, apply now to make a tangible impact!

Key Responsibilities:

• Solution Implementation & Integration 

• Work alongside the Enterprise Architect to translate IAM blueprints into scalable, production-grade deployments across Azure AD, OneLogin, or equivalent platforms. 

• Configure authentication flows (e.g. SAML, OAuth2, OpenID Connect, LDAP) to realize single sign-on (SSO), multi-factor authentication (MFA), and zero-trust access models. 

• Integrate on-premises Active Directory and cloud directory services, ensuring seamless synchronization and failover resilience. 

• Operational Support & Administration 

• Own day-to-day administration of IAM platforms: user provisioning/deprovisioning, group management, entitlement changes, and password self-service workflows. 

• Monitor system health and performance, respond to alerts, and troubleshoot authentication or directory synchronization issues. 

• Develop and maintain automation scripts (PowerShell, Python, Terraform) to streamline access lifecycle tasks and reduce manual effort. 

• Access Governance & Compliance Support 

• Execute periodic access reviews and attestation campaigns under guidance from Architecture and Risk teams. 

• Assist in remediation of segregation-of-duties conflicts, unauthorized access, and other compliance findings. 

• Maintain documentation of access policies, runbooks, and change logs in alignment with audit requirements. 

• Incident Response & Continuous Improvement 

• Serve as the primary support engineer for IAM-related incidents, conducting root-cause analysis and driving corrective actions. 

• Capture service metrics (uptime, incident volume, resolution times) and collaborate with Architecture to enhance system reliability and user experience. 

• Contribute to knowledge-based articles, shared runbooks, and training materials for IT operations and support teams. 

• Stakeholder Collaboration 

• Liaise with application owners, security operations, and infrastructure teams to onboard new applications and integrate their identity requirements. 

• Provide Level 2/3 support and guidance to regional IT teams, ensuring consistent execution of IAM processes and rapid resolution of escalated issues. 

Key Skills and Competencies:

• Bachelor’s degree in Computer Science, Information Technology, or related field.

• ITIL Foundation certification or equivalent IT service management experience.

• Hands-on expertise with Azure Active Directory, Active Directory Federation Services (AD FS), and commercial IAM platforms (e.g. OneLogin, Okta, Ping, SailPoint). 

• Strong scripting/automation skills (PowerShell, Python, Terraform) and familiarity with CI/CD pipelines. 

• Proficient in authentication protocols (SAML, OAuth2, OpenID Connect) and directory services (LDAP, Kerberos). 

• Excellent communicator capable of bridging architectural vision and operational execution. 

• Certifications such as Microsoft Certified: Identity and Access Administrator, CISSP, or CIAM are advantageous. 

Applicant Types Accepted: