Senior IAM Engineer (Okta)

This Senior IAM Engineer will own the Okta for Government High (FedRAMP High) tenant, which serves as the enterprise Identity Provider and Identity Governance platform for a 1,500+ user organization. The role is the primary technical resource responsible for the build, enhancement, and operation of key functions, including SSO integrations, Identity Governance (OIG), Lifecycle Management, Workflows automation, and Adaptive MFA policy.

In the first three months, you will help develop the core program documentation and workflows. You will collaborate with external teams like IT, Legal and People to integrate into company processes. You will work with our technical security experts to build Identity and Access management processes and procedures.

Responsibilities

• Own the Okta for Government High (FedRAMP High) tenant — configuration, health, lifecycle, and security posture
• Manage Universal Directory: on-prem AD Agent sync, HRIS attribute mastering, profile mappings, and group rules
• Build and maintain all SSO app integrations via the Okta Integration Network (OIN) using SAML, OIDC, and SCIM
• Own and maintain Okta Adaptive MFA policies: factor enrollment rules, risk-based step-up authentication, FIDO2/YubiKey/PIV/CAC configuration
• Maintain the Okta System Log to Microsoft Sentinel log streaming pipeline and retention configuration
• Own Okta Identity Governance (OIG): entitlement catalog, access certification campaign setup, SoD policy rules, and access request workflow design
• Own, Build and Maintain Okta Lifecycle Management: JML automation rules, HRIS connector configuration, and auto-provisioning and deprovisioning into all connected applications, access review triggers, and automated remediation
• Design, build, and document all Okta-side enhancements including new app onboarding, policy changes, and IGA configuration updates
• Write test cases for all Okta-side changes; execute UAT jointly with the Identity Governance & Operations Analyst before production promotion
• Support Identity Operations Specialist on Tier 2 Okta escalations and Workflow troubleshooting
• Assist Identity Governance & Operations Analyst with OIG campaign configuration and certification reporting

Requirements:

• 4+ years of hands-on Okta administration and engineering experience
• Demonstrated experience with Okta SSO app integrations via SAML 2.0 and OIDC
• Experience with Okta Lifecycle Management and HRIS connector configuration
• Experience building Okta Workflows for provisioning automation
• Experience with Okta Adaptive MFA policy configuration including FIDO2/WebAuthn and hardware token enrollment
• Experience with Okta Universal Directory including AD Agent deployment and profile mastering

 

Compliance Requirements: this role will be subject to US Federal regulations, therefore:

• Must be a U.S. Citizen or Lawful Permanent Resident (Green Card holder) — U.S. Person 
• Ability to obtain and maintain a security clearance or pass a background investigation consistent with CUI access
  
  

Preferred Qualifications:

• Experience with Okta for Government High (FedRAMP High) or FedRAMP Moderate environments — strong preference
• Okta Identity Governance (OIG) experience — access certifications, SoD, entitlement management
• Experience federating Okta to Microsoft Entra ID / GCCH as a SAML Service Provider
• Familiarity with CMMC, ITAR, GDPR, SOX, SOC 2 compliance requirements
• Experience with SCIM 2.0 provisioning to downstream applications
• Okta Identity Governance certification (preferred)

The approximate base salary range for this position is $126,887 - $166,127. The total compensation package includes base, bonus, equity, and a range of benefit options found on our career site.

 

Location: This role is based out of our College Park, Boulder, CO, or Bothell, WA offices, or can be remote in the US. 
Travel: Up to 1 week per quarter
Job ID:  1460

This Senior IAM Engineer will own the Okta for Government High (FedRAMP High) tenant, which serves as the enterprise Identity Provider and Identity Governance platform for a 1,500+ user organization. The role is the primary technical resource responsible for the build, enhancement, and operation of key functions, including SSO integrations, Identity Governance (OIG), Lifecycle Management, Workflows automation, and Adaptive MFA policy.

In the first three months, you will help develop the core program documentation and workflows. You will collaborate with external teams like IT, Legal and People to integrate into company processes. You will work with our technical security experts to build Identity and Access management processes and procedures.

Responsibilities

• Own the Okta for Government High (FedRAMP High) tenant — configuration, health, lifecycle, and security posture
• Manage Universal Directory: on-prem AD Agent sync, HRIS attribute mastering, profile mappings, and group rules
• Build and maintain all SSO app integrations via the Okta Integration Network (OIN) using SAML, OIDC, and SCIM
• Own and maintain Okta Adaptive MFA policies: factor enrollment rules, risk-based step-up authentication, FIDO2/YubiKey/PIV/CAC configuration
• Maintain the Okta System Log to Microsoft Sentinel log streaming pipeline and retention configuration
• Own Okta Identity Governance (OIG): entitlement catalog, access certification campaign setup, SoD policy rules, and access request workflow design
• Own, Build and Maintain Okta Lifecycle Management: JML automation rules, HRIS connector configuration, and auto-provisioning and deprovisioning into all connected applications, access review triggers, and automated remediation
• Design, build, and document all Okta-side enhancements including new app onboarding, policy changes, and IGA configuration updates
• Write test cases for all Okta-side changes; execute UAT jointly with the Identity Governance & Operations Analyst before production promotion
• Support Identity Operations Specialist on Tier 2 Okta escalations and Workflow troubleshooting
• Assist Identity Governance & Operations Analyst with OIG campaign configuration and certification reporting

Requirements:

• 4+ years of hands-on Okta administration and engineering experience
• Demonstrated experience with Okta SSO app integrations via SAML 2.0 and OIDC
• Experience with Okta Lifecycle Management and HRIS connector configuration
• Experience building Okta Workflows for provisioning automation
• Experience with Okta Adaptive MFA policy configuration including FIDO2/WebAuthn and hardware token enrollment
• Experience with Okta Universal Directory including AD Agent deployment and profile mastering

 

Compliance Requirements: this role will be subject to US Federal regulations, therefore:

• Must be a U.S. Citizen or Lawful Permanent Resident (Green Card holder) — U.S. Person 
• Ability to obtain and maintain a security clearance or pass a background investigation consistent with CUI access
  
  

Preferred Qualifications:

• Experience with Okta for Government High (FedRAMP High) or FedRAMP Moderate environments — strong preference
• Okta Identity Governance (OIG) experience — access certifications, SoD, entitlement management
• Experience federating Okta to Microsoft Entra ID / GCCH as a SAML Service Provider
• Familiarity with CMMC, ITAR, GDPR, SOX, SOC 2 compliance requirements
• Experience with SCIM 2.0 provisioning to downstream applications
• Okta Identity Governance certification (preferred)

The approximate base salary range for this position is $126,887 - $166,127. The total compensation package includes base, bonus, equity, and a range of benefit options found on our career site.

 

Location: This role is based out of our College Park, Boulder, CO, or Bothell, WA offices, or can be remote in the US. 
Travel: Up to 1 week per quarter
Job ID:  1460