Senior IAM Security Engineer

As a Senior IAM Security Engineer, you will design and operate identity lifecycle, authentication, authorization, and privileged access controls. You will enable secure workforce and application identities across cloud and on-prem, enforcing least privilege and strong assurance. Bring design and architecture expertise to continue maturity and technology innovation across the IAM space. This role partners closely with Infrastructure and Application teams to ensure consistent identity controls across the enterprise.

• Design and maintain IAM security architecture: directory services, federation, SSO (SAML/OIDC), MFA, conditional access, device trust.
• Implement identity lifecycle automation (joiner/mover/leaver), birthright roles, and SCIM-based provisioning/deprovisioning.
• Define RBAC/ABAC models; perform access reviews, role mining, and segregation‑of‑duties analyses.
• Integrate identity governance platforms (where applicable) with HRIS/ERP and downstream applications.
• Engineer privileged access management (PAM) solutions (Examples: Cyber Ark/Beyond Trust) including JIT elevation and session recording.
• Secure service and machine identities, secrets, and certificates; enforce rotation and attestation.
• Develop identity security monitoring and anomaly detection (e.g., Identity Protection, risk‑based access); integrate with SIEM/XDR for response.
• Support Zero Trust identity strategy, including strong authentication, device trust, and continuous access evaluation.
• Support compliance audits (where applicable) with access certification evidence and control narratives.
• Troubleshoot complex federation and authorization issues; provide tier‑3 support and root‑cause analysis.
• Document standards, patterns, and runbooks; advise application teams on secure integration.

• Bachelor’s degree in Information Security/Computer Science or equivalent experience.
• 7–10 years in IAM engineering/architecture with enterprise platforms (Entra /Azure AD, Okta, Ping, SailPoint).
• Strong understanding of authentication/authorization protocols (SAML, OIDC/OAuth2, Kerberos, LDAP, SCIM).
• Experience with PAM, certificate/secrets management, and identity analytics.
• Certifications:
  
  Microsoft Certified:
  Identity and Access Administrator (SC‑300), Okta Certified Administrator/Professional, CISSP or CIAM.

• Experience with just‑in‑time access, just‑enough‑access, attribute‑based access control, and modern device trust models.
• Experience working in a co‑managed environment with SOC/MDR providers.
• Certifications:
  
  CCSP, Certified in Governance, Risk and Compliance (as relevant), SailPoint Certified.

• Remote eligible; minimal travel.
• On‑call rotation for major incidents.

• May participate in on‑call rotations for critical identity incidents.

Remote US

The starting salary range for this role is $140,000‑$200,000, with additional earning potential commensurate with experience. Bonus target is 15% of annual base (MIP). All team members are incentive eligible based on contributions, company performance, and individual results achieved.

We offer a comprehensive benefits package, including:

• Medical, Dental and Vision Coverage
• Health and Dependent Savings Accounts
• Life and Disability Programs
• Voluntary Benefit Programs
• Company Sponsored Wellness Programs
• Retirement Savings with Company Match
• Team Member and Family Assistance Program (EAP)
• Paid Time Off and Paid Holidays
• Employee Recognition Program with Rewards (RAVE)

At Ardent Mills, everyone matters and everyone has a voice. We are committed to providing an environment of mutual respect where equal opportunities are available to all applicants and team members and the decisions will be based on merit, competence, performance, and business needs. We are proud to be an equal opportunity employer. We do not discriminate on the basis of race, color, religion, creed, national origin, ancestry, marital status, sex, sexual orientation, gender identity or expression, physical or mental disability, pregnancy, genetic information, veteran status, age, political affiliation, or any other non‑merit characteristic protected by law or not.

Together, celebrating our differences, we make Ardent Mills.

At Ardent Mills, the security of our employees and candidates is a priority. We will never request sensitive information such as your bank account information, social security number, or other non‑publicly available information during the application and interview process. If someone asks you for sensitive information, we strongly advise that you assume that individual is not affiliated with Ardent Mills.

• Use only official email addresses such as firs or
• Our open job opportunities and descriptions can be found at