Smart Contract Developer Jobs in Arizona (NOW HIRING)

Title: Senior IAM Engineer – M&A Integrations (Okta/SSO) (Band B3)
Location : Phoenix, Arizona (3 days a week (T ,W ,Thu)
Duration: Contract Position

Experience Range

6–12 years total experience with 4+ years hands-on in IAM/SSO and 2+ years in M&A identity integrations.

About the Role

Mid–senior IAM professional to lead and execute M&A identity integration workstreams end-to-end: discovery/due diligence and steady state optimization. The ideal candidate is a strong communicator who can translate complex identity topics for business and technical stakeholders, and is deeply hands-on with Okta, SSO, federation (SAML/OIDC), Active Directory, and core security principles. Experience across AWS/GCP identity services and least‑privilege design is essential.

Key Responsibilities

M&A / Integration Delivery

• Lead IAM workstream during due diligence and integration planning; assess target’s identity landscape, risks, and critical path for Day‑1 access.
• Design and implement tenant-to-tenant federation (Okta/ADFS/IdP‑initiated and SP‑initiated) and progressive consolidation to a primary IdP (Okta).
• Plan and execute SSO cutovers for top business applications; define rollback plans and success criteria.
• Establish secure B2B/B2E access patterns for acquired entities (SAML 2.0, OAuth 2.0/OIDC, SCIM).
• Orchestrate account migration strategies (just-in-time provisioning, SCIM, directory sync), and drive de‑dupe/merge identity hygiene.

IAM Engineering & Operations

• Configure and manage Okta (policies, routing rules, app integrations, Device Trust, MFA/Adaptive MFA, Groups, Lifecycle Management, Workflows).
• Implement secure federation (SAML/OIDC), token policies, consent and scopes, and PKCE where applicable.
• Integrate with Active Directory / LDAP, govern group design, and rationalize permissions to least‑privilege.
• Define and enforce password vaulting patterns for non‑federated apps and privileged identities (e.g., CyberArk/HashiCorp/1Password Enterprise).
• Build and maintain access review, joiner/mover/leaver (JML) automation, and policy-as-code where feasible.
• Partner with app owners to onboard applications to SSO/MFA and eliminate legacy/basic auth.

Security & Compliance

• Embed Zero Trust and CIA triad (Confidentiality, Integrity, Availability) into designs; apply least privilege, need‑to‑know, and separation of duties.
• Support audits for SOX/ISO 27001/SOC 2 controls around identity, access recertification, and privileged access.
• Create and maintain runbooks, architecture diagrams, and security standards; deliver stakeholder updates and executive status reports.

Required Qualifications

• Hands-on expertise with Okta (tenant administration, federation, SSO/MFA, Lifecycle Management, Workflows, SCIM, device posture).
• Strong working knowledge of SSO, federation, SAML 2.0, OAuth 2.0, OpenID Connect, SCIM, and secure token handling.
• Proficiency with Active Directory (domain trusts, OU/group strategy, GPO basics, identity hygiene) and directory sync concepts.
• Demonstrated M&A integration experience: discovery, Day‑1 readiness, SSO cutover, identity consolidation, and decommissioning legacy IdPs.
• Password vaulting/Privileged Access exposure (e.g., CyberArk, HashiCorp Vault, BeyondTrust, or enterprise password managers).
• Applied least‑privilege and Zero Trust design; familiarity with NIST CSF, CIS Controls, or ISO 27001 principles.
• Experience in AWS and/or GCP (federation, RBAC, service accounts, workload identity).
• Strong verbal and written communication; ability to interface with execs, security, app owners, and engineers.
• Scripting for automation (e.g., PowerShell, Python, Okta APIs/SDKs) and comfort with Git-based workflows.

Nice-to-Have

• Experience with Azure AD / Entra ID and cross‑tenant access / B2B.
• Exposure to IDaaS alternatives (Ping, Auth0) and migration strategies.
• Knowledge of CASB, MDM/UEM, or endpoint posture integration with IdP.

Education & Certifications (Preferred)

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
• Relevant certifications: Okta Certified

Tools & Technologies You’ll Use

Okta • AD/LDAP • SAML/OIDC/SCIM • OAuth 2.0 • Okta Workflows/APIs • PowerShell/Python • CyberArk/HashiCorp Vault (or similar) • AWS IAM/IAM Identity Center • GCP IAM • Git • Confluence/Jira/ServiceNow • SIEM/SOAR (Splunk, Sentinel, etc.)

Regards,