C2C Hiring for Senior IAM Engineer with Integration at Phoenix, AZ

Job Title : Senior IAM Engineer with Integration experience

Location : Phoenix, AZ (Onsite)

Duration : 12 Months

Mandatory Skills: M&A Integrations (Okta/SSO).

Job Description :

Roles and Responsibilities:  

M&A / Integration Delivery

Design and implement tenant-to-tenant federation (Okta/ADFS/IdP‑initiated and SP‑initiated) and progressive consolidation to a primary IdP (Okta).
Plan and execute SSO cutovers for top business applications; define rollback plans and success criteria.
Establish secure B2B/B2E access patterns for acquired entities (SAML 2.0, OAuth 2.0/OIDC, SCIM).
Orchestrate account migration strategies (just-in-time provisioning, SCIM, directory sync), and drive de‑dupe/merge identity hygiene.
IAM Engineering & Operations

Configure and manage Okta (policies, routing rules, app integrations, Device Trust, MFA/Adaptive MFA, Groups, Lifecycle Management, Workflows).
Implement secure federation (SAML/OIDC), token policies, consent and scopes, and PKCE where applicable.
Integrate with Active Directory / LDAP, govern group design, and rationalize permissions to least‑privilege.
Define and enforce password vaulting patterns for non‑federated apps and privileged identities (e.g., CyberArk/HashiCorp/1Password Enterprise).
Build and maintain access review, joiner/mover/leaver (JML) automation, and policy-as-code where feasible.
Partner with app owners to onboard applications to SSO/MFA and eliminate legacy/basic auth.
Required Qualifications

Hands-on expertise with Okta (tenant administration, federation, SSO/MFA, Lifecycle Management, Workflows, SCIM, device posture).
Strong working knowledge of SSO, federation, SAML 2.0, OAuth 2.0, OpenID Connect, SCIM, and secure token handling.
Proficiency with Active Directory (domain trusts, OU/group strategy, GPO basics, identity hygiene) and directory sync concepts.
Demonstrated M&A integration experience: discovery, Day‑1 readiness, SSO cutover, identity consolidation, and decommissioning legacy IdPs.
Password vaulting/Privileged Access exposure (e.g., CyberArk, HashiCorp Vault, BeyondTrust, or enterprise password managers).
Applied least‑privilege and Zero Trust design; familiarity with NIST CSF, CIS Controls, or ISO 27001 principles.
Experience in AWS and/or GCP (federation, RBAC, service accounts, workload identity).
Strong verbal and written communication; ability to interface with execs, security, app owners, and engineers.
Scripting for automation (e.g., PowerShell, Python, Okta APIs/SDKs) and comfort with Git-based workflows.