IAM Engineer

Overview of the Role: Reports to the Sr. Manager of IT Audit & Security. The IAM Engineer fulfills a critical role in the design implementation and continuous development of Privias identity and governance platforms Sailpoint IdentityNow and Ping One Identity (ForgeRock) ensuring they meet the organizations IGA and CIAM needs. This position is also vital in maintaining and developing processes and procedures for the authorization maintenance governance and termination of user access for both workforce and nonworkforce identities. The IAM Engineer will collaborate across departments to identify and address flaws in the companys security systems and procedures working with management to optimize the user lifecycle experience and improve the companys overall security posture. The IAM Engineer is also responsible for integrating the identity platform with other Privia systems like Google Workspace HRIS systems and mission and businesscritical systems. They will work with various teams and stakeholders to ensure that workflows related to access and data management comply with security policies industry standards and best practices.

CLOUD/SAAS

• Experience with user provisioning in cloud environments such as Google Workspace or Microsoft 365.

• Familiarity with Google Workspace or Google Cloud is preferred.

• Strong understanding of access controls authentication and authorization models in cloudbased platforms.

APPLICATION (Applications Database Interfaces)

• Understanding of securing a threetier application architecture in the context of identity and access management.

• Knowledge of cloudbased security architecture including multicloud environments and the differences between cloudnative applications and virtualized environments such as Citrix or VDI.

• Must have proven advanced experience using Identity and Access Management (IAM) and Identity Governance and Administration (IGA) platforms. With a strong preference for expertise in SailPoint IdentityNow or Ping Identity (ForgeRock)

AUTOMATION/SCRIPTING/INTEGRATION

• Experience with automation and scripting tools such as GAM (Google Apps Manager) Google Apps Script Python PowerShell JavaScript and other relevant languages to support identity lifecycle management.

• Proficiency in REST and SCIM APIs for automating user provisioning deprovisioning and access management across IAM IGA and CIAM solutions.

• Strong focus on automation streamlining IAM processes and identifying integration opportunities to enhance security and efficiency.

IGA/IAM/CIAM/PAM 

• Extensive experience with Identity Governance and Administration (IGA) platforms particularly SailPoint IdentityNow including the implementation of RBAC ABAC and automated provisioning workflows.

• Expertise in designing and implementing enterpriselevel CIAM solutions particularly with Ping Identity/ForgeRock.

• Proven ability to integrate IAM and IGA solutions with single signon (SSO) protocols such as SAML OAuth and OpenID Connect to enhance security while optimizing user experience.

• Strong background in defining and enforcing IAM policies implementing finegrained access controls and managing identity lifecycle events (Joiner Mover Leaver) in enterprise environments.

• Skilled in leading IAM architecture discussions providing strategic technical guidance and driving best practices in identity security across complex SaaS and cloud environments.

EHR/EMR (Preferred)

• Experience with application support for an EHR/EMR athenaOne preferred.

• Knowledge in the creation modification and termination of user profiles within an EHR/EMR application.

Qualifications :

• 5 years of experience with designing and building complex IAM/IGA/CIAM implementations.

• 3 years of handson experience working with SailPoint including expertise in its implementation configuration and management.

• 5 years of experience in user provisioning and lifecycle management with a strong engineering perspective on designing and automating identity solutions. Preference for experience in healthcare technology.

• Strong security skills as outlined above including expertise in IAM IGA and CIAM solutions.

• Must adhere to all HIPAA rules and regulations.

Preferred Qualifications:

• Bachelors Degree in Computer Science or a related field.

The salary range for this role is $100000.00 $120000.00 in base pay and exclusive of any bonuses or benefits (medical dental vision life and pet insurance 401K paid time off and other wellness programs). This role is also eligible for an annual bonus targeted at 15% . The base pay offered will be determined based on relevant factors such as experience education and geographic location.

Additional Information :

All your information will be kept confidential according to EEO guidelines.

Technical Requirements (for remote workers only not applicable for onsite/in office work):

In order to successfully work remotely supporting our patients and providers we require a minimum of 5 MBPS for Download Speed and 3 MBPS for the Upload Speed. This should be acquired prior to the start of your employment. The best measure of your internet speed is to use online speed tests like This gives you an update as to how fast data transfer is with your internet connection and if it meets the minimum speed requirements. Work with your internet provider if you have questions about your connection. Employees who regularly work from home offices are eligible for expense reimbursement to offset this cost.

Privia Health is committed to creating and fostering a work environment that allows and encourages you to bring your whole self to work. Privia is a better company when our people are a reflection of the communities that we serve. Our goal is to encourage people to pursue all opportunities regardless of their age color national origin physical or mental (dis)ability race religion gender sex gender identity and/or expression marital status veteran status or any other characteristic protected by federal state or local law.  

Remote Work :

Yes

Employment Type :

Fulltime