
Senior IAM Engineer, Okta
Posted May 2

Posted May 2
This is a fully remote position, open to applicants in Colorado, +2 more states.
• Take ownership of the Okta for Government High (FedRAMP High) tenant, overseeing its configuration, health, lifecycle, and security posture.
• Manage the Universal Directory, which includes syncing the on-prem AD Agent, mastering HRIS attributes, mapping profiles, and establishing group rules.
• Develop and sustain all SSO application integrations through the Okta Integration Network (OIN) utilizing SAML, OIDC, and SCIM protocols.
• Oversee and maintain Okta Adaptive MFA policies, including factor enrollment rules, risk-based step-up authentication, and configurations for FIDO2, YubiKey, PIV, and CAC.
• Maintain the Okta System Log with a streaming pipeline to Microsoft Sentinel, ensuring proper log retention configurations.
• Manage Okta Identity Governance (OIG), including the entitlement catalog, setting up access certification campaigns, defining SoD policy rules, and designing access request workflows.
• Lead, build, and maintain Okta Lifecycle Management by implementing JML automation rules, configuring HRIS connectors, and managing auto-provisioning and deprovisioning for all connected applications, along with access review triggers and automated remediation.
• Design, create, and document all enhancements on the Okta side, which includes onboarding new applications, updating policies, and modifying IGA configurations.
• Develop test cases for all changes made on the Okta side and conduct User Acceptance Testing (UAT) in collaboration with the Identity Governance & Operations Analyst prior to production promotion.
• Assist the Identity Operations Specialist with Tier 2 escalations related to Okta and troubleshooting for workflows.
• Support the Identity Governance & Operations Analyst with the configuration of OIG campaigns and generate certification reports.
• A minimum of 4 years of practical experience in Okta administration and engineering.
• Proven experience with Okta SSO application integrations utilizing SAML 2.0 and OIDC.
• Familiarity with Okta Lifecycle Management and the configuration of HRIS connectors.
• Experience in developing Okta Workflows for automation in provisioning.
• Knowledge of Okta Adaptive MFA policy configurations, including FIDO2/WebAuthn and enrollment for hardware tokens.
• Experience with Okta Universal Directory, specifically regarding AD Agent deployment and profile mastering.
• Must be a U.S. Citizen or a Lawful Permanent Resident (Green Card holder) — U.S. Person.
• Capability to obtain and maintain a security clearance or successfully pass a background investigation in line with CUI access requirements.
• Health insurance.
• 401(k) matching.
• Unlimited PTO and paid holidays.
• Parental/adoption leave.
• Legal insurance.
• Home technology stipend.
TigerData (creators of TimescaleDB)
K2 Space Corporation
Get handpicked remote jobs straight to your inbox weekly.