Senior IAM Engineer, Okta

This is a fully remote position, open to applicants in Colorado, +2 more states.

📋 Description

• Take ownership of the Okta for Government High (FedRAMP High) tenant, overseeing its configuration, health, lifecycle, and security posture.

• Manage the Universal Directory, which includes syncing the on-prem AD Agent, mastering HRIS attributes, mapping profiles, and establishing group rules.

• Develop and sustain all SSO application integrations through the Okta Integration Network (OIN) utilizing SAML, OIDC, and SCIM protocols.

• Oversee and maintain Okta Adaptive MFA policies, including factor enrollment rules, risk-based step-up authentication, and configurations for FIDO2, YubiKey, PIV, and CAC.

• Maintain the Okta System Log with a streaming pipeline to Microsoft Sentinel, ensuring proper log retention configurations.

• Manage Okta Identity Governance (OIG), including the entitlement catalog, setting up access certification campaigns, defining SoD policy rules, and designing access request workflows.

• Lead, build, and maintain Okta Lifecycle Management by implementing JML automation rules, configuring HRIS connectors, and managing auto-provisioning and deprovisioning for all connected applications, along with access review triggers and automated remediation.

• Design, create, and document all enhancements on the Okta side, which includes onboarding new applications, updating policies, and modifying IGA configurations.

• Develop test cases for all changes made on the Okta side and conduct User Acceptance Testing (UAT) in collaboration with the Identity Governance & Operations Analyst prior to production promotion.

• Assist the Identity Operations Specialist with Tier 2 escalations related to Okta and troubleshooting for workflows.

• Support the Identity Governance & Operations Analyst with the configuration of OIG campaigns and generate certification reports.

⛳️ Requirements

• A minimum of 4 years of practical experience in Okta administration and engineering.

• Proven experience with Okta SSO application integrations utilizing SAML 2.0 and OIDC.

• Familiarity with Okta Lifecycle Management and the configuration of HRIS connectors.

• Experience in developing Okta Workflows for automation in provisioning.

• Knowledge of Okta Adaptive MFA policy configurations, including FIDO2/WebAuthn and enrollment for hardware tokens.

• Experience with Okta Universal Directory, specifically regarding AD Agent deployment and profile mastering.

• Must be a U.S. Citizen or a Lawful Permanent Resident (Green Card holder) — U.S. Person.

• Capability to obtain and maintain a security clearance or successfully pass a background investigation in line with CUI access requirements.

🏝️ Benefits

• Health insurance.

• 401(k) matching.

• Unlimited PTO and paid holidays.

• Parental/adoption leave.

• Legal insurance.

• Home technology stipend.