Iam Provisioning Jobs (NOW HIRING)

Cybersecurity IAM Engineer

Who We Are

At Upbound Group, we are committed to elevating financial opportunity for all through innovative, inclusive, and technology-driven financial solutions that address the evolving needs and aspirations of consumers. The Company's customer-facing operating units include industry-leading brands such as Rent-A-Center, Acima and Brigit that facilitate consumer transactions across a wide range of store-based and digital retail channels, including over 2,400 company-branded retail units across the United States, Mexico, New York and Puerto Rico. Upbound Group, Inc. is headquartered in Plano, Texas.

Role Summary

The Cybersecurity Identity & Access Management Engineer is a senior technical contributor on a dedicated IAM team charged with securing and scaling Upbound Group's enterprise identity platform. In this role, the engineer applies deep Microsoft Entra ID expertise and Zero Trust principles to advance identity governance, privileged access management, and entitlement controls across both on-premises and cloud environments - partnering closely with Engineering, IT, and Compliance to align identity solutions with organizational security standards. The engineer also contributes to the design and delivery of custom IAM provisioning solutions, building automation pipelines that seamlessly connect identity infrastructure with critical business applications, cloud platforms, and HRIS systems.

Key Responsibilities

• Assist in designing, implementing, and managingMicrosoft Entra ID (Azure AD) environments, including tenant architecture, Conditional Access policies, MFA, passwordless authentication (FIDO2, Windows Hello), and Identity Protection
• Participate in identity lifecycle management: automate user provisioning and deprovisioning workflows via Entra ID, SCIM-based integrations, and custom automation pipelines
• Implement and govern privileged accessusing Privileged Identity Management (PIM), just-in-time access controls, and least-privilege RBAC models across Azure subscriptions and resources
• Participate in access governance programsincluding entitlement management, access reviews, dynamic group policies, and Administrative Units
• Integrate enterprise SSOusing SAML, OAuth 2.0, and OpenID Connect protocols for SaaS and on-premises applications
• Support hybrid identity environmentsincluding Azure AD Connect / Cloud Sync, LDAP integrations, and federated-to-managed domain transitions
• Monitor and respond to identity-related threatsby configuring identity logging, security alerting, and continuous monitoring of sign-in and audit logs
• Assist in securing Azure Container Appsenvironments, including ingress controls, managed identity configuration, secrets management, network isolation, and Dapr integration security
• Evaluate and assist with hardeningIAM functions for cloud-native infrastructure across Azure, AWS and GCP ensuring compliance with Zero Trust principles and organizational security policies.
• Develop and maintain custom IAM provisioning codeand internal platform services usingGo (Golang)for backend services andReact.jsfor frontend integrations with HRIS platforms
• Partner with Platform Engineering teams to maintain IAM Infrastructure as Code (IaC)usingTerraformto provision, configure, and manage Azure resources, identity infrastructure, and security controls in a repeatable, auditable manner
• Utilize and maintain CI/CD security pipelinesusingGitHub Actions, including automated IAM provisioning workflows to Azure Container Apps environment
• Manage IAM provisioning source code, branching strategies, and code reviewsinGitHub, championing secure development best practices across the team
• Automate, code or script (Bash, PowerShell, RegEx and Python) as well as write SQL to query databases as needed
• Develop and maintain documentationincluding runbooks, architecture diagrams, security standards, and operational procedures
• Collaborate with peers to provide directionon IAM and cloud identity security, advising cross-functional teams (Engineering, IT, Compliance, and Business units) on identity architecture decisions
• Contribute tosecurity incident responserelated to identity compromise, credential theft, or access control failures
• Evaluate emerging IAM technologies and trends, providing recommendations to leadership on platform enhancements and modernization initiatives
• IntegrateAIdriventools into daily engineering work to enhance decisionmaking quality and accelerate innovation across deliverables

Required Qualifications

• Bachelor's degree in computer science, Cybersecurity, Information Systems, or a related field-or equivalent professional experience
• 5+ yearsof progressive experience in cybersecurity, with at least2-3 yearsfocused on Identity & Access Management.
• Deep, hands-on expertise with Microsoft Entra ID(Azure AD), including Conditional Access, Identity Protection, PIM, RBAC, application registrations, and hybrid identity (AD Connect / Cloud Sync)
• Strong experience with Azure Container Appsor similar Azure container services (AKS, Azure Container Instances), including managed identity integration and secrets management and Cosmos DB for logic and translation rules
• Strong experience with Go (Golang)for building backend services, APIs, and automated IAM provisioning workflows
• Strong experience with React.jsfor building modern web-based administrative interfaces and integrations with leading HRIS platforms
• Strong experience with REST API, JSON, XML, C#
• Proficiency with Terraformfor provisioning and managing cloud infrastructure as code
• Strong use of GitHub and GitHub Actionsfor source control management, CI/CD pipeline development, automated testing, and deployment workflows
• Solid understanding ofauthentication and authorization protocols: SAML 2.0, OAuth 2.0, OpenID Connect, SCIM, and FIDO2
• Working knowledge ofZero Trust architectureprinciples and their application to identity and network security
• Proficient in modern AIdriven security, spanning LLMs, MCP, RAG, model architectures, and enterprisegrade security controls
• Excellent communication skills with the ability to translate complex technical security topics for diverse stakeholders

Preferred Qualifications

• Microsoft certifications: SC-300 (Identity and Access Administrator), AZ-500 (Azure Security Engineer), SC-100 (Cybersecurity Architect)
• Industry certifications: CISSP, CCSP, CIAM (Certified Identity and Access Manager), or CompTIA Security+/CySA+
• Experience withadditional IdP platformssuch as Okta, Ping Identity, or SailPoint alongside Microsoft Entra
• Experience with Workday HRIS platform using RaaS data integrations
• Familiarity withSIEM/SOAR platforms(Microsoft Sentinel, Rapid 7) for identity threat detection and automated response
• Knowledge ofcompliance frameworkssuch as NIST CSF, NIST AI RMF, or PCI DSS, as they relate to identity and access controls
• Experience withPKI infrastructure, certificate-based authentication, and credential lifecycle management
• Prior experience inmulti-tenant or multi-entityAzure environments with cross-tenant federation and B2B collaboration

Work Location

Ability to work in the Plano, Texas office, Monday through Friday.

Equal Opportunity Employer

Upbound Group is an equal opportunity employer committed to ensuring all employment decisions are made on a non-discriminatory basis in accordance with applicable federal, state, and local laws.

This job description is not intended to be all-inclusive. Coworker may perform other related duties as negotiated to meet the ongoing needs of the organization.