Job Description

Title: Senior IAM Engineer M&A Integrations (Okta/SSO) (Band B3)
Location : Phoenix, Arizona (3 days a week (T ,W ,Thu)
Duration: Contract Position

Experience Range

6 12 years total experience with 4+ years hands-on in IAM/SSO and 2+ years in M&A identity integrations .

About the Role

Mid senior IAM professional to lead and execute M&A identity integration workstreams end-to-end: discovery/due diligence and steady state optimization. The ideal candidate is a strong communicator who can translate complex identity topics for business and technical stakeholders, and is deeply hands-on with Okta , SSO , federation (SAML/OIDC) , Active Directory , and core security principles . Experience across AWS/GCP identity services and least privilege design is essential.

Key Responsibilities

M&A / Integration Delivery

• Lead IAM workstream during due diligence and integration planning; assess target's identity landscape, risks, and critical path for Day 1 access.
• Design and implement tenant-to-tenant federation (Okta/ADFS/IdP initiated and SP initiated) and progressive consolidation to a primary IdP (Okta) .
• Plan and execute SSO cutovers for top business applications; define rollback plans and success criteria.
• Establish secure B2B/B2E access patterns for acquired entities (SAML 2.0, OAuth 2.0/OIDC, SCIM).
• Orchestrate account migration strategies (just-in-time provisioning, SCIM, directory sync), and drive de dupe/merge identity hygiene.

IAM Engineering & Operations

• Configure and manage Okta (policies, routing rules, app integrations, Device Trust, MFA/Adaptive MFA, Groups, Lifecycle Management, Workflows).
• Implement secure federation (SAML/OIDC), token policies , consent and scopes , and PKCE where applicable.
• Integrate with Active Directory / LDAP , govern group design, and rationalize permissions to least privilege .
• Define and enforce password vaulting patterns for non federated apps and privileged identities (e.g., CyberArk/HashiCorp/1Password Enterprise).
• Build and maintain access review , joiner/mover/leaver (JML) automation, and policy-as-code where feasible.
• Partner with app owners to onboard applications to SSO/MFA and eliminate legacy/basic auth.

Security & Compliance

• Embed Zero Trust and CIA triad (Confidentiality, Integrity, Availability) into designs; apply least privilege , need to know , and separation of duties .
• Support audits for SOX/ISO 27001/ SOC 2 controls around identity, access recertification, and privileged access.
• Create and maintain runbooks , architecture diagrams , and security standards ; deliver stakeholder updates and executive status reports.

Required Qualifications

• Hands-on expertise with Okta (tenant administration, federation, SSO/MFA, Lifecycle Management, Workflows, SCIM, device posture).
• Strong working knowledge of SSO , federation , SAML 2.0 , OAuth 2.0 , OpenID Connect , SCIM , and secure token handling.
• Proficiency with Active Directory (domain trusts, OU/group strategy, GPO basics, identity hygiene) and directory sync concepts.
• Demonstrated M&A integration experience: discovery, Day 1 readiness, SSO cutover, identity consolidation, and decommissioning legacy IdPs.
• Password vaulting/Privileged Access exposure (e.g., CyberArk , HashiCorp Vault , BeyondTrust , or enterprise password managers).
• Applied least privilege and Zero Trust design; familiarity with NIST CSF , CIS Controls , or ISO 27001 principles.
• Experience in AWS and/or GCP (federation, RBAC, service accounts, workload identity).
• Strong verbal and written communication; ability to interface with execs, security, app owners, and engineers.
• Scripting for automation (e.g., PowerShell , Python , Okta APIs /SDKs) and comfort with Git -based workflows.

Nice-to-Have

• Experience with Azure AD / Entra ID and cross tenant access / B2B.
• Exposure to IDaaS alternatives (Ping, Auth0) and migration strategies.
• Knowledge of CASB , MDM/UEM , or endpoint posture integration with IdP.

Education & Certifications (Preferred)

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience).
• Relevant certifications: Okta Certified

Tools & Technologies You'll Use

Okta AD/LDAP SAML/OIDC/SCIM OAuth 2.0 Okta Workflows/APIs PowerShell/Python CyberArk/HashiCorp Vault (or similar) AWS IAM/IAM Identity Center GCP IAM Git Confluence/Jira/ServiceNow SIEM/SOAR (Splunk, Sentinel, etc.)

Regards,

Raja

email: srinivas@smartfolksinc.com

Job Tags

Similar Jobs