Senior IAM Engineer

About The Job

This role is part of the centralized IAM Operations team responsible for delivering reliable, scalable identity and access management services across the enterprise. The team focuses on operational excellence, automation, service optimization, and rapid problem resolution to support IAM platforms, integrations, and end‑user access needs. The role combines hands‑on operational support, an engineering mindset, and process improvement to ensure IAM services are secure, efficient, and continuously improving.

Key activities include proactive monitoring, automation development, incident and request management, and collaboration with engineering, security, and business teams.

• Provide centralized tier 2/3 operational support for IAM platforms (e.g., identity governance, authentication, directory services, PAM).
• Handle incidents, service requests, and escalations in accordance with SLA/OLA commitments.
• Perform root‑cause analysis (RCA) and drive resolution of recurring issues.
• Design, develop, and maintain automation scripts and workflows to reduce manual effort.
• Improve operational efficiency through scripting (Power Shell, Python) and orchestration tools.
• Identify repetitive tasks and implement automation or self‑service solutions.
• Contribute to Dev Ops practices (CI/CD pipelines, Terraform code).
• Identify process inefficiencies and implement improvements.
• Maintain and enhance operational documentation, runbooks, and knowledge‑base articles.
• Partner with IAM engineering to transition new capabilities into operations (run/support model).
• Drive standardization across IAM workflows and support processes.
• Ensure IAM operations comply with security policies, audit requirements, and regulatory standards.
• Support audit requests, access reviews, and evidence collection.
• Assist in remediation of audit findings related to IAM controls.
• Provide guidance to application teams integrating with IAM services.
• Participate in incident bridges and cross‑functional troubleshooting efforts.
• Track and report on operational KPIs (incident volume, MTTR, automation adoption, etc.) and use data to identify trends and drive improvements.

• Bachelor’s degree in Cyber Security, Computer Science, Information Systems, or equivalent work experience; at least 4–5 years of professional experience in IT with a portion in security‑related roles.
• Expertise in one of the following domains:
  Directory Services (SSO/Federation, Active Directory, Azure), Identity Governance & Administration (Sailpoint IIQ, Access Certifications), Privileged Access, Client Identity and Access Management, Cloud IAM.
• Relevant certifications such as CISSP, CISM, or similar highly desirable.
• Experience with engineering best practices – designing, developing, deploying, and supporting software solutions and/or infrastructure implementations/upgrades.
• Leadership, communication, and interpersonal skills with the ability to collaborate with individuals at all levels.
• Proven experience in designing and implementing IAM solutions, including integration with various systems and platforms.
• Competency with scripting/programming languages such as Python, JavaScript, Java, Ruby, Go, Power Shell, Bash, C#, C/C++.
• Strong documentation, testing, and automation skills.
• Strong ownership, ability to work with limited requirements, prioritize based on business objectives, and break down work for incremental delivery.
• Experience preferred with Agile methodologies/Dev Ops environment.

• Business automation: applying knowledge of systems that facilitate or automate business application solutions, linking rules to workflow management and requirements acquisition.
• Continuous improvement: utilizing available methods to identify opportunities, execute solutions, measure impact, implement best practices, and refine processes.
• Identity & Access Management industry standards: applying reference architectures and patterns, and AAA protocols (Authentication, Authorization, Accounting).
• Identity protocols: using SAML, OAuth, OpenID, LDAP, Kerberos to provide strong authentication for network resources.
• Security practices: applying best practices of technologies, policies, and processes designed to protect networks, devices, programs, and data.
• Technical problem solving: conducting in‑depth analysis, applying best practice, exploring solutions, documenting what is being solved.

Pay Range – Start: $;
End: $. Geographic Specific Pay Structure:
Structure 110: $–$;
Structure 115: $–$. Final salaries are based on skills, experience, current market, location, and other factors. For California, New York City, or other eligible locations, compensation and benefits may be adjusted accordingly.

Northwestern Mutual is an equal opportunity employer that welcomes talented individuals of all backgrounds and is committed to an inclusive environment.