Identity Security Engineer
Company Name ARS-Rescue Rooter
Overview
Role Summary Builds and secures ARS identity services (Okta, Entra ID/AD, CyberArk). Implements SSO/MFA, Conditional Access, lifecycle automation, and privileged access controls for human and machine identities.
Responsibilities
Primary Responsibilities Administer Okta and Entra ID/AD; implement SSO/MFA/Conditional Access and Harden admin tiers. Design secure API authentication and lifecycle automation (onboarding/offboarding, SCIM/JIT). Operate PIM/PAM for privileged identities—role design, approvals, JIT access, and session monitoring. Integrate identity telemetry into SIEM/XDR; support access reviews and identity audits. This position will participate in an on-call rotation. Key Outcomes & KPIs 100% MFA on privileged accounts; reduction in standing privilege; zero orphaned accounts. Verified API auth patterns for key apps; documented Conditional Access coverage.
Qualifications
Required Qualifications 5+ years in IAM; hands‑on with Okta/Entra; strong knowledge of OAuth/OIDC/SAML and SCIM provisioning. Experience with PIM/PAM platforms and identity lifecycle automation. AI Fluency: Demonstrated ability to leverage Claude or ChatGPT to continuously improve identity governance, access reviews, and policy automation. Tools & Technologies Okta, Microsoft Entra ID/AD, CyberArk, PIM/PAM tools, identity governance/reporting, SCIM/JIT integrations Collaboration & Decision Rights Partners with App/Infra teams on integrations; authority over identity policies and admin standards; consults with GRC on access governance and audit evidence. ARS-Rescue Rooter is an Equal Opportunity Employer AA/EOE/M/F/V/D. In compliance with the Americans with Disabilities Act, ARS-Rescue Rooter may provide reasonable accommodations to qualified individuals with disabilities and encourages both prospective and current employees to discuss potential accommodations with the employer.