Identity and Access Management Engineer

📋 Description

• • Own the end-to-end lifecycle of identity and access management at D.A. Davidson, an 80-year-old, employee-owned financial services firm. You will architect, implement, and continuously improve IAM, PIM, and PAM solutions that protect client data and enable seamless access for 3,000+ employees, contractors, and customers across Great Falls, MT and remote locations.
• • Serve as the go-to subject-matter expert on authentication, authorization, identity governance, and privileged access. Translate complex technical concepts into clear guidance for IT, Information Security, and business stakeholders so every decision reduces risk and accelerates productivity.
• • Design and deploy hybrid IAM architectures that span legacy on-premises systems and modern cloud platforms (Microsoft Entra ID, SailPoint Identity Security Cloud, Delinea Secret Server Cloud, Silverfort). Ensure every integration follows least-privilege principles, segregation of duties, and zero-trust best practices.
• • Evaluate emerging threats and technologies, then translate findings into actionable roadmaps. Lead proof-of-concepts, cost-benefit analyses, and phased roll-outs that strengthen identity security without disrupting day-to-day operations.
• • Create and maintain comprehensive policies, standards, runbooks, and technical documentation. Your artifacts will become the blueprint used by support teams, auditors, and future engineers to sustain and scale the IAM program.
• • Drive continuous controls monitoring by designing dashboards, KPIs, and automated alerting that surface anomalous access patterns in real time. Provide concise, data-driven reports to executives, regulators, and clients that demonstrate compliance and proactive risk management.
• • Partner with Information Security to integrate IAM and PAM logs into SIEM/SOAR platforms, ensuring swift detection and response to credential misuse, privilege escalation, and identity-based attacks.
• • Champion single-sign-on (SSO) experiences that delight end-users. Work closely with application owners to eliminate password sprawl, streamline onboarding/offboarding, and enforce adaptive multi-factor authentication (MFA) based on contextual risk.
• • Conduct regular access certification campaigns and entitlement reviews. Automate recertification workflows, remediate excessive privileges, and present findings to audit committees with clear remediation timelines.
• • Mentor junior engineers and cross-functional teams through brown-bag sessions, architecture reviews, and hands-on labs. Foster a culture of security-first thinking across Development, Infrastructure, and Business Operations.
• • Troubleshoot complex IAM incidents—whether Kerberos delegation failures, SAML assertion mismatches, or SCIM provisioning errors—and restore service within agreed SLAs while documenting root-cause analyses.
• • Align IAM initiatives to SOX, SEC, and state privacy regulations. Translate compliance requirements into technical controls, evidence collection processes, and gap-remediation plans that satisfy both internal auditors and external regulators.
• • Leverage scripting and programming (PowerShell, Python, or similar) to automate repetitive tasks such as user provisioning, group lifecycle management, and privilege elevation workflows, freeing your team for higher-value strategic work.
• • Participate in enterprise-wide projects (M&A integrations, cloud migrations, new product launches) as the IAM domain lead. Ensure identity requirements are embedded early, avoiding costly retrofits and security gaps.
• • Represent D.A. Davidson at industry forums, vendor councils, and working groups. Bring back fresh ideas, benchmark data, and partnership opportunities that keep our identity program ahead of the curve.