Senior Identity and Access Management Engineer at KBRA

Position Title: Senior Identity and Access Management Engineer

Entity: KBRA Holdings, LLC

Employment Type: Full-time

Location: Remote (Remote only in CA, CO, DC, FL, IL, MD, NJ, MA, NY, PA, SC, TX, VA)

Summary/Overview:

We are seeking a highly skilled and detail-oriented Senior Identity and Access Management (IAM) Engineer to join our Information Security team. The Senior IAM Engineer designs a modern IAM program for access, authentication and authorization for all business units, including with third-party dependencies. The Senior IAM Engineer collaborates with cybersecurity and technical teams to define, establish, maintain and manage access and identities. Access to systems and applications is managed and maintained following rigorous security design principles, advanced engineering and governance to support provisioning and deprovisioning. This position works closely with IT team members, cybersecurity operations and responders, business units, and third parties. In addition, the Senior IAM Engineer is highly engaged in directory services, technical integrations and governance.

The Senior IAM Engineer works closely with technical teams to design, establish and manage a process of enterprise-wide identities and access controls granted to systems and applications. Best practice IAM principles will be adopted to support provisioning, deprovisioning and changes that are easily tracked, reported and reviewed following established policies. Engineers in this role support senior management to help maintain a safe and secure enterprise technical operation. The Senior IAM Engineer works closely with others to verify solutions are healthy, maintain integrity, perform optimally and are tightly managed to prevent compromise. A good understanding of security principles and practical hands-on experience with host and application configurations, hybrid solutions, directory services and zero trust principles are required to be successful in this role. The ideal candidate preferably possesses five to seven years’ cybersecurity, IAM or IT administration experience.

Job Responsibilities:

• Serve on a distributed security and technology team responsible for establishing IAM solutions.
• Design and oversee IAM projects from inception to completion, ensuring they remain on time and within budget.
• Collaborate with leadership and teammates to implement IAM models aligned with risk posture.
• Supply technical IAM architecture for a global and diverse enterprise workforce.
• Architect for SSO, directory, zero trust network access, MFA, privileged accounts, automation and behavior analytic systems.
• Craft resilient and scalable identity strategies that align with cybersecurity policies and governance structure.
• Design the identity lifecycle from onboarding to offboarding, as well as role changes.
• Collaborate with stakeholders to define IAM requirements and design comprehensive solutions for business needs.
• Create technical documentation with architecture diagrams, configuration guides and operational practices.
• Drive adoption of IAM reference architecture for new, existing and emerging IAM technologies.
• Create and enforce IAM capability roadmaps to respond to and address business and technology drivers.
• Strategize for on-premises, cloud and hybrid infrastructure and applications to support remote workforce.
• Conduct business impact analysis and risk assessments based on the level of access granted and recommend improvements.
• Work closely with incident responders for potential incidents and escalate to management as needed.
• Document access, policies and exceptions, and maintain integrity for audit reviews.
• Outline controls to review internal, external and contractor accounts as part of periodic audits.
• Make recommendations to improve automation efficiencies, security practices and end user experience.
• Communicate security posture to cybersecurity leaders, stakeholders, IT and developers.
• Participate in security groups and consortiums for knowledge and building relationships.
• Define key performance indicators, operational metrics and SLAs for reporting data to validate success and areas of improvement.
• Execute tactical requests along with supporting strategic vision for rigorous and scalable IAM controls.
• Interact with business units to understand plans, risk posture, tolerance and IAM support requirements.

Successful candidates will possess the following:

• 7-10 + years’ experience in cybersecurity administration, with three-plus years’ IAM practitioner experience.
• Subject matter expertise in directory services, Microsoft Azure/AWS/GCP, SSO, MFA and role-based access.
• Understanding of IAM-related protocols such as Kerberos, SAML, SPML, XACML, SCIM, OpenID and OAuth.
• Understanding of cloud computing architecture, technical design and implementations, including IaaS, PaaS and SaaS models.
• Experience administering IAM systems, access controls, security and risk management, and governance fundamentals.
• Preferable experience with one or more scripting languages (Python, PowerShell and Bash).
• Strong written and oral communication skills across varying levels of the organization.
• Capacity to comprehend complex technical infrastructure, identities, access controls and least privilege.
• Understanding of service design, delivery concepts and control frameworks.
• Organizational skills and the ability to prioritize and complete tasks within defined SLAs/SLOs.
• Excellent judgment and the ability to make quick decisions when working with complex situations.
• High degree of integrity, professionalism and trustworthiness.
• Additional Preferred Qualifications:
  • Bachelor's degree preferred in information assurance, computer science, engineering or technical field.
  • Certifications in IAM or security-related fields (e.g., CISSP, CISM, AWS or Azure Security, Okta Certified Professional, CIAM, CAMS, CIDPRO).
  • Experience with modern IAM platforms such as Okta, Auth0, Ping Identity, or ForgeRock.
  • Familiarity with cloud platforms (e.g., AWS, Azure, GCP) and their IAM services.
  • Knowledge of IT service management (ITSM) tools and processes.

Salary Range:

The anticipated annual base salary range for this full-time position is $140,000 to $170,000. Offer amounts are determined by factors such as experience, skills, geography, and other job-related factors.

Benefits:

• Competitive benefits and paid time off
• Paid family and disability leave
• 401(k) plan, including employer match (100% vested)
• Educational and professional development financial assistance
• Employee referral bonus program
• Cell Phone provided

About Us:

KBRA is a full-service credit rating agency registered in the U.S., the EU and the UK, and is designated to provide structured finance ratings in Canada. KBRA’s ratings can be used by investors for regulatory capital purposes in multiple jurisdictions.

More Info:

KBRA encourages applications from all qualified individuals without regard to race, color, religion, gender, sexual orientation, gender identity or expression, age, national origin, marital status, citizenship, disability, and veteran status or any other basis prohibited by federal, state or local law.

#LI-KS1

#LI-HYBRID