Security Engineer - Identity Governance & Administration; IGA

Regular or Temporary: Regular

Language Fluency: English (Required)

Work Shift: 1st shift (United States of America)

The Security Engineer is responsible for leading the onboarding of applications into the organization’s Identity Governance & Administration (IGA) platform. The role ensures applications are integrated with standardized access controls, federation, MFA, and Separation of Duties (SoD) policies. The engineer serves as a subject‑matter expert in identity lifecycle management, access certification, and governance processes, collaborating with application owners, security architects, and engineering teams to ensure secure, compliant access across the enterprise.

Works with key stakeholders, including senior leaders and executives, to define information security initiatives, vision, and approach to meet security business needs, risks, exposures, and remediation. Collaborates with team stakeholders and senior management to drive initiatives to completion and rollout, enhance security standards, integrate solutions, and maintain the strategic direction of Cybersecurity. The engineer is responsible for oversight and communication of cybersecurity programs, providing strategic direction, financial oversight, and investment prioritization of new security controls, managing portfolio reporting and delivery of controls to address risks.

Location: Onsite presence required five days per week. Preferred location:
Raleigh, NC; other considered locations:
Charlotte/Wilson/Greensboro, NC and Atlanta, GA.

• Lead the end‑to‑end onboarding of applications into the enterprise IGA platform (e.g., SailPoint, Saviynt, Omada).
• Conduct intake assessments to determine integration requirements such as access models, connectors, roles, and entitlements.
• Collaborate with application owners to define access workflows, provisioning methods (API, SCIM, JDBC, AD groups, etc.), and approval paths.
• Develop and maintain integration documentation and technical specifications.

• Work with IAM engineering teams to establish federation using SAML, OAuth, OIDC, or WS‑Fed.
• Ensure the correct MFA policies are applied based on application sensitivity, user type, and organizational standards.
• Validate that authentication flows follow Zero Trust principles and align with enterprise identity architecture.
• Troubleshoot authentication, token, and SSO issues during onboarding or post‑deployment.

• Implement and enforce SoD controls by aligning application entitlements to governance policies.
• Conduct detailed SoD risk analysis for new applications to identify conflicts and propose remediation.
• Collaborate with internal audit and compliance to maintain SoD rule sets and support audit findings.
• Ensure access roles and entitlements are structured to prevent toxic combinations of privileges.

• Design access models such as RBAC, ABAC, and birthright provisioning.
• Support recertification campaigns by ensuring application entitlements are properly defined and mapped in the IGA platform.
• Assist in maintaining identity data quality, entitlement hygiene, and governance standards.
• Monitor the health, performance, and accuracy of application connectors.

• Ensure onboarded applications meet enterprise security baselines, MFA requirements, and identity governance policies.
• Support compliance initiatives such as SOX, PCI, HIPAA, or internal audit reviews.
• Contribute to risk assessments for new and existing application integrations.
• Document and remediate gaps in access controls, authentication flows, or identity governance processes.

• Serve as a subject matter expert for application teams, guiding them through onboarding and policy requirements.
• Partner with security architecture, IAM engineering, and IT teams to design secure, scalable access patterns.
• Mentor junior analysts on IGA processes, access modeling, and troubleshooting techniques.
• Communicate complex identity concepts to business stakeholders in clear, non‑technical…