×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Senior IAM Engineer

Job in Tempe, Maricopa County, Arizona, 85285, USA
Listing for: Kestra Holdings
Full Time position
Listed on 2026-02-23
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 100000 - 130000 USD Yearly USD 100000.00 130000.00 YEAR
Job Description & How to Apply Below

Rio 2100, 63 S Rockford Drive, Tempe, Arizona, United States of America

Job Description

Posted Tuesday, January 6, 2026 at 8:00 AM

Kestra Holdings offers industry-leading wealth management platforms for independent wealth management professionals nationwide. Kestra is dedicated to empowering independent financial professionals—including traditional and hybrid RIAs—to grow their businesses and deliver exceptional client service. We combine advanced business management technology with personalized consulting to provide unmatched scale, efficiency, and support. Our advisor-focused culture is built on innovation and advocacy, enabling advisors to offer comprehensive securities and investment advisory solutions to their clients.

Lead with Purpose. Partner with Impact.

We are seeking a Sr. IAM Engineer with deep experience assessing current state, designing target-state architectures, and implementing/maturing Role-Based (RBAC) and Attribute-Based (ABAC) access models at enterprise scale. This leader will serve as the SailPoint technical expert, engineering policy, integration, and governance processes that meet financial-services compliance expectations. The role partners with enterprise architects, risk/compliance, platform teams, and app owners to operationalize identity as a control across SaaS, on-prem, and cloud.

What you’ll Do:
  • Define RBAC/ABAC standards, pattern libraries, and guardrails; author architecture decision records (ADRs).
  • Drive role engineering (role discovery, consolidation, birthright access,SoDmatrices) and ABAC policy design (attribute inventory, policy enforcement integration).
  • Maintain the IGA reference architecture spanning SailPoint, Okta, directories (AD/LDAP), HR/ERP, and cloud providers.
  • Partner with App Sec and platform teams to externalize authorization using federation and standardized protocols (SAML 2.0, OIDC, OAuth 2.0; SCIM for provisioning).
  • Configure sources/authorities, connectors, aggregation & correlation rules, identity profiles, entitlement catalogs, lifecycle policies, workflows, access request, and certification campaigns in SailPoint; implement

    Okta connector patterns.
  • Build monitoring/health checks, metrics, and dashboards for access governance KPIs; automate evidence collection.
  • Define policies/standards for access control, attribute quality, identity proofing, certification cadence, and exception handling; ensure alignment with enterprise risk appetite.
  • Support audits and regulatory examinations with defensible evidence, including certification results,SoDanalyses, and access recertification trails.
  • Mentor engineers and analysts;partner with business/application owners to onboard apps at scale under governance;establish repeatable app-onboarding playbooks (federation + provisioning + role modeling).
  • SailPoint (Identity

    IQ Engineer/Architect or Identity Security Cloud) and/or Okta certifications; experience integrating SailPoint with Okta via connectors/APIs.
  • Cloud IAM concepts (Azure AD/Entra , AWS IAM), and experience mapping ABAC to cloud entitlements/metadata.
  • Financial-services experience with audit/regulatory expectations (e.g., access certification cadence, evidence,SoDrigor).
What You Bring:
  • 8+ years in IAM with 5+ years leading RBAC/ABAC design and enterprise deployment; demonstrable delivery of role mining/engineering and attribute-driven authorization.
  • Hands-on SailPointexpertise(Identity

    IQor Identity Security Cloud/Identity Now) across connectors, lifecycle automation, certifications,SoD, policy, and analytics;
    Okta SSO/MFA and federation patterns.
  • Strong command of federated identity protocols and provisioning standards (SAML 2.0, OIDC, OAuth 2.0, SCIM).
  • Working knowledge of directory services (AD/LDAP), identity data modeling, and integration architectures; familiarity with crypto & tokenization fundamentals for identity.
  • Experienceestablishingaccess governance processes (access reviews, recertifications,SoD, exception management) consistent with industry best practices.
  • Proficiency in at least one scripting language (e.g.,Beanshell/Java for IIQ, Python/Power Shell for automation), and SQL for identity analytics.
Internal Application Policy:

Internal applicants must…

Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search