Engineer Identity and Access Management

Are you excited to build and secure the identity services that power a modern enterprise? Do you enjoy solving complex authentication, access, and identity governance challenges at scale? Join CFA Institute as an IAM Engineer and design, implement, and optimize critical capabilities including SSO, MFA, identity governance, and access lifecycle management across a global technology ecosystem.

The Identity and Access Management (IAM) Engineer is responsible for designing, implementing, and continuously improving IAM systems, services, and controls. This role emphasizes deep technical contribution, solution engineering, and optimization of IAM platforms. The IAM Engineer translates IAM strategy into engineered solutions, develops and enhances identity services (SSO, MFA, identity governance, and access lifecycle), and ensures secure, scalable, and well-integrated IAM capabilities. The IAM Engineer works independently to solve complex technical problems, contributes to architecture and design decisions, and provides technical guidance across IAM initiatives.

The position may be based in approved jurisdictions in the Unites States and reports to the Director Identity and Access Management. It is eligible for flexible work arrangements.

What You’ll Do

IAM Engineering & Solution Development

• Design, build, configure, and enhance IAM solutions, including SSO, MFA, conditional access, identity lifecycle management, and access governance for both workforce and customer IAM.

• Contribute to engineering design, prototyping, and feasibility testing of IAM solutions, ensuring scalability, reliability, and security.

• Develop and maintain integrations between IAM platforms and enterprise applications, infrastructure, and cloud services.

• Implement authentication protocols and access control mechanisms (e.g., SAML, OAuth, OIDC).

Programming, Troubleshooting & Technical Delivery

• Diagnose and resolve complex IAM system issues, leading root-cause analysis and implementing sustainable fixes.

• Participate in and lead technical troubleshooting efforts across identity systems and integrations.

• Develop scripts, automation, and tooling to improve provisioning, monitoring, and access governance processes.

• Support testing, validation, and deployment of IAM solutions, ensuring alignment with technical requirements.

Data, Process & Architecture Analysis

• Analyze current-state IAM processes (joiner/mover/leaver, access reviews) and define optimized future-state workflows.

• Collect and analyze IAM operational data to identify trends, inefficiencies, and improvement opportunities.

• Contribute to IAM data architecture, including identity data models, role design, and entitlement structures.

Security & Risk Management Execution

• Implement and monitor IAM security controls, identifying vulnerabilities and recommending remediation actions.

• Support cybersecurity risk management activities within IAM domains, ensuring alignment with enterprise standards.

• Contribute to audit readiness through evidence collection, control validation, and documentation.

Continuous Improvement & Innovation

• Identify and recommend technical enhancements to improve IAM platform performance, usability, and security posture.

• Evaluate emerging IAM technologies and contribute to innovation initiatives and roadmap inputs.

• Optimize workflows through automation, standardization, and engineering best practices.

What We’re Looking For

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience)

• 5–8 years of experience in IAM, cybersecurity, or related engineering roles.

• Demonstrated hands-on experience implementing IAM technologies (SSO, MFA, identity governance, access lifecycle).

• Strong proficiency in Microsoft Entra ID and Azure B2C and identity lifecycle management.

• Experience with authentication protocols (SAML, OAuth, OIDC) and directory services.

• Working knowledge of scripting/programming (e.g., PowerShell, Python) for automation and application support.

• Experience with system integration, API-based connectivity, and cloud identity architectures.

• Understanding of IAM data structures, role modeling, and access control frameworks.

• Ability to manage complexity by analyzing multi-system IAM environments and resolving issues.

• Optimizes work processes through automation, metrics, and continuous improvement.

• Ensures accountability for technical deliverables and system performance.

• Demonstrates strong technical problem-solving and analytical thinking.

We are not able to provide sponsorship at this time. No agencies, please.

At CFA Institute, we are committed to transparency and equity in our hiring process. In compliance with wage transparency laws in many of the jurisdictions in which we recruit, we provide the following information regarding compensation for this position: Expected salary range: $80,400 - $115,000 per year. All salary ranges are subject to adjustment based on experience, education, and other factors relevant to the position including location. Additional benefits include eligibility for an annual incentive bonus, a 12% employer contribution to a 401(k) or pension plan, and a comprehensive medical benefits package.

#LI-TB1

About CFA Institute

CFA Institute are the global leader in investment excellence and ethics. With nearly 200,000 charterholders across 160 markets, we drive professional growth, ethical behavior, and better markets. We care about our employees’ well-being, offering industry-leading benefits like:

• Comprehensive health coverage for you and your family

• Generous leave and time off

• Competitive retirement plans

• Flexible work options

• Wellness, education, and support programs

If you feel this opportunity could be the next step in your career, we encourage you to click “Apply” and complete our three-minute application.

Be part of a team committed to putting investors first and growing economies. Follow us @CFAInstitute on LinkedIn and X.

Important Message: Your application must clearly demonstrate how you meet the requirements as CFA Institute cannot make assumptions about your education, experience, or location. We thank all those who apply. Only those selected for further consideration will be contacted.

We are an Equal Opportunity Employer. CFA Institute prohibits both discrimination and harassment with regard to all identifying characteristics: any individual employee, group of employees, or prospective employee on the basis of race, color, national origin, citizenship or immigration status, religion, creed or belief, age, marital or partnership status, marital or family status, care giver status, pregnancy and maternity, sexual and other reproductive health decisions, physical abilities/qualities, disability, sexual orientation, gender, gender identity or expression, predisposing genetic characteristic, military or veteran status, status as a victim or witness of domestic violence or sex offense or stalking, unemployment status, infectious disease carrier status, migrant worker status, educational background, socio-economic status, geographic location and culture or any other basis protected by applicable law. This policy impacts all aspects of employment, including but not limited to, recruitment, hiring, compensation, training, development, promotion, demotion, layoff, recall, furlough, transfer, leave of absence, and dismissal. This is a global policy that applies to all CFA Institute employees, regardless of location.

If, due to a disability or current medical condition, you need an accommodation or assistance to complete a job application, you can request one at any stage of the recruitment process. Please send an email to humanresources@cfainstitute.org noting the accommodations or assistance you are requesting. Please do not include any medical or health information in this email. We will review your request and contact you to discuss the possible options and arrangements. We will try our best to provide you with an accommodation or assistance that meets your needs and respects your preferences.

Our application is not compatible with Internet Explorer (IE). We recommend using Chrome.