ComResource is looking for a Senior IAM Engineer (Okta).
Responsibilities:
- Lead enterprise Okta administration and governance across integrated applications and services, including Universal Directory, lifecycle management, and advanced authentication policies.
- Architect and implement identity federation solutions using SAML 2.0, OAuth 2.0, OIDC, and WS-Federation protocols for SaaS, PaaS, and on-premises applications.
- Design and manage Active Directory integration strategies, including Okta AD Agent deployment, directory synchronization, and delegated authentication architectures.
- Oversee identity provisioning and deprovisioning workflows using Okta Lifecycle Management, SCIM protocols, and API-driven automation for seamless user lifecycle governance.
- Lead SSO implementation projects for new application onboarding, including technical discovery, integration design, testing, and production deployment.
- Develop and enforce adaptive MFA policies using Okta Verify, contextual access controls, and risk-based authentication frameworks.
- Manage Okta tenant architecture across multiple environments, including production, DR, and development, ensuring high availability and disaster recovery capabilities.
- Collaborate with security and compliance teams on identity governance initiatives, including access reviews, separation of duties, and privileged access management.
- Design and implement API-driven automation using PowerShell, Python, and Okta APIs for identity operations, reporting, and integration workflows.
- Lead technical troubleshooting of complex SSO, authentication, and authorization issues across heterogeneous enterprise environments.
- Partner with application development teams to integrate modern authentication patterns and zero-trust architecture principles.
- Maintain and optimize Azure AD/Entra ID integration with Okta for hybrid identity scenarios.
- Develop comprehensive IAM documentation, including architecture diagrams, integration guides, runbooks, and knowledge transfer materials.
- Provide strategic guidance on identity security best practices, threat mitigation, and compliance requirements, including SOX, GDPR, and SOC2.
- Mentor junior team members and provide technical leadership.
Essentials:
- Bachelor's degree in Computer Science, Information Security, or equivalent professional experience.
- 7–10+ years in identity and access management with enterprise-scale implementations.
- Minimum 3–5 years of hands-on experience administering Okta, including Universal Directory, SSO, MFA, Lifecycle Management, and API Gateway.
- Strong expertise in SAML, OAuth 2.0, OIDC, LDAP, SCIM, and Kerberos authentication protocols.
- 5+ years of enterprise Active Directory administration, including forest design, group policy, domain trust relationships, and certificate services.
- Advanced PowerShell scripting for identity automation.
- Experience with Azure AD/Entra ID, Microsoft 365 identity management, and hybrid identity architectures.
- Strategic thinking with the ability to translate business requirements into scalable IAM architecture solutions.
- Proven track record leading complex identity integration projects from conception through production deployment.
- Strong understanding of zero-trust security principles and identity-centric security frameworks.
- Experience with ITIL/ITSM frameworks and incident/change management processes.
- Excellent documentation skills with the ability to create technical architecture diagrams and process workflows.
- Strong communication skills with the ability to collaborate with diverse technical and non-technical stakeholders.
- Flexibility to support off-hours implementations and participate in on-call rotation for critical IAM services.
Desired:
- Okta Certified Professional or Okta Certified Administrator certification; additional certifications such as CISSP, CISM, or Azure certifications are a plus.
- Experience with Python, REST APIs, and CI/CD pipelines.
- Experience with identity governance and administration (IGA) platforms.
Req ID: CG541126527