Identity and Access Management Engineer [Hybrid or Remote]

Scope of Position

About Us:

EDF power solutions North America has been providing clean energy solutions throughout the U.S., Canada, and Mexico since 1987. We are a market-leading independent power producer and service provider, serving utilities, corporations, industries, communities, institutions, and investors with reliable, low-carbon energy solutions that help meet growing demand.

From developing and building scalable wind (onshore and offshore), solar, storage (battery and pumped storage hydro), smart EV charging, microgrids, green hydrogen, and transmission projects, to maximizing performance and profitability through skilled operations and maintenance and innovative asset optimization, our teams deliver expert solutions along the entire value chain—from origination to commercial operation.  Be a part of an innovative and collaborative team environment that fosters our goal of delivering renewable solutions to lead the transition to a sustainable energy future.

Benefits & Perks:

EDF power solutions offers best-in-class employee benefits, including the following:

• Competitive bonus incentives. This position is eligible for our annual bonus program.
• Comprehensive health coverage. We provide low-cost health & wellness coverage for employees and their eligible dependents.
• Rewarding 401k. We provide a generous matching contribution.

We are also proud to offer:

• Favorable paid time off programs, including paid parental leave after one year of service.
• Rewarding learning & career development and advancement opportunities.
• Supportive mentorship & buddy programs.

Salary Range: The full pay range for this role is $107,200 - $178,600 annually, and the good faith estimated starting pay for this position upon hire is $125,000 - $140,000 annually. We generally base our salary decisions on factors including but not limited to, relevant work and leadership experience, education, demonstrated performance, internal equity, and in some cases, geographic location.

Scope of Job: 

The Identity and Access Management (IAM) Engineer serves as the strategic anchor, technical implementer, and cultural champion for Identity and Access Management within the Cybersecurity team. As the cornerstone of the modern security program, this role ensures that the right individuals have the right access to the right resources at the right times and for the right reasons. 

This role is integral to the day-to-day management of the IAM infrastructure and identity lifecycle from onboarding to offboarding. The IAM Engineer defines the identity strategy, hands-on architect, implements  enterprise-grade toolsets, and builds the seamless operational processes required to support them. 

In addition to deep technical deployment, this role acts as the organization’s chief IAM representative - collaborating with cross-functional teams, educating the business on why identity security matters, and breaking down complex security protocols into friction-free user experiences. By bridging the gap between engineering excellence and strategic vision, you will directly mitigate security risks, enable business productivity, support regulatory compliance, and fortify our overall security posture against unauthorized access and data breaches. 

Work Mode:   Hybrid - San Diego, CA or Remote (U.S. only)

Responsibilities

• IAM Platform Administration & Engineering 
  • Core Administration: Administers and configures core IAM platforms and technologies, such as (e.g., Clear Skye, Veza, Entra ID Governance, Okta, Ping Identity) , or similar enterprise-grade solutions. 
  • Standard Integration: Engineers and supports integration between the IAM platform and target applications using standard protocols like SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and SCIM. 
  • Custom Integration: Develops custom connectors and workflows to integrate non-standard, legacy, or homegrown applications into the centralized IAM framework. 
  • Directory Services: Manages and secures the organization's directory services, including Active Directory and LDAP, ensuring data integrity, synchronization, and replication health. 
  • Automation: Develops and maintains automation scripts (using PowerShell, Python, etc.) to streamline repetitive IAM tasks, such as user provisioning, report generation, and system health checks. 
• Strategy, Architecture & Roadmap 
  • Strategic Roadmap: Looks ahead, and contributes to the development and refinement of the organization's broader cybersecurity strategy and technology roadmap, specifically within the identity domain. 
  • Architecture & Deployment: Architects, designs, deploys, and maintains the enterprise-wide Identity and Access Management (IAM) infrastructure, including core platforms for Identity Governance (IGA), Access Management (AM), and Privileged Access Management (PAM). 
  • Future-Proofing: Evaluates emerging IAM technologies, trends, and security threats, providing recommendations for strategic improvements and enhancements to the identity program. 
• Business Collaboration, Training & Evangelism
  • Stakeholder Collaboration: Collaborates closely with application owners, infrastructure teams, HR, and business stakeholders to gather access requirements and ensure IAM services meet business needs. 
  • SME & Training: Provides subject matter expertise and training to IT support teams, application developers, and end-users on IAM policies, tools, and best practices. 
  • Authentication Security: Spearheads the designs and integration of Single Sign-On (SSO) and Multi-Factor Authentication (MFA) solutions to provide a seamless and secure authentication experience across a diverse portfolio of cloud (SaaS) and on-premise applications. 
• Operations, Support & Incident Management
  • Proactive Monitoring: Proactively monitors the health, performance, and security of IAM systems, identifies potential issues, analyzes logs, and responds to system-generated alerts. 
  • Incident Response: Partners with stakeholders to investigate and respond to identity-related security incidents, such as compromised accounts or anomalous access patterns. 
  • Technical Escalation: Acts as the primary technical point of contact for troubleshooting and resolving complex authentication, authorization, and access-related incidents and service requests from end-users and application teams. 
  • Technical Documentation: Develops and maintains comprehensive technical documentation, including architectural diagrams, configuration guides, operational runbooks, and disaster recovery plans for all IAM systems. 
• Identity Governance, Compliance & Audit 
  • Vital cyclical tasks that take up very little day-to-day effort to support (e.g., quarterly access reviews or annual audits). 
  • Lifecycle Management: Manages the complete identity lifecycle for all users (employees, contractors, vendors, partners), encompassing automated onboarding, access provisioning, attribute changes, and timely de-provisioning processes. 
  • Least Privilege Models: Develops, implements, and enforces granular access control policies and Role-Based Access Control (RBAC) models to uphold the principle of least privilege throughout the organization's digital ecosystem. 
  • Privileged Access: Designs and manages robust Privileged Access Management (PAM) solutions to secure, monitor, and control access to critical infrastructure and sensitive accounts. 
  • Access Governance: Leads and executes periodic access certification campaigns, requiring business owners to review and validate user access rights to maintain compliance and reduce access creep. 
  • Audits & Compliance: Participates actively in internal and external audit activities by providing evidence, explaining controls, and remediation or findings related to identity and access management. 
• Other duties as assigned 

Supervision of Others:

N/A

Working Conditions:  

95% of time is spent in the office environment utilizing computers (frequent use of various Microsoft software/programs), phones, and general office equipment. 5% of time is spent outside of the office visiting vendors’ and/or internal customer sites in addition to attending various conferences and meetings.  

Fiscal Responsibilities: 

N/A 

Qualifications

Education/Experience:

• Bachelor’s degree required, equivalent years of experience in this specific field may be substituted for a degree.  

• Minimum of 6 years of experience in IT/Cybersecurity, with at least 4-years heavily focused on IAM administration, directory services, and federation protocols (SAML, OIDC, OAuth). 

• Certifications such as CISSP, CompTIA Security+, and/or vendor-specific credentials (e.g., Okta Certified Professional, Microsoft Certified: Identity and Access Administrator Associate) preferred.  

• Demonstrated experience writing technical documentation, standard operating procedures (SOPs), and runbooks for identity management. 

• Hands-on experience managing enterprise directory services, particularly Microsoft Active Directory (AD) and LDAP. 

• Experience in integrating IAM solutions with a wide range of applications, including SaaS (e.g., Salesforce, Workday, Office 365) and on-premises systems. 

Skills/Knowledge/Abilities:

• Deep expertise in at least one leading IAM platform (e.g., Clear Skye, Veza, Entra ID Governance, Okta, Ping Identity) 

• Strong proficiency in modern authentication and authorization protocols, including SAML, OAuth 2.0, OIDC, and SCIM. 

• Ability to manage enterprise directory services, particularly Microsoft Active Directory (AD) and LDAP. 

• Solid scripting and automation skills using languages like PowerShell, Python, or Shell scripting to manage infrastructure and processes. 

• In-depth understanding of core IAM concepts such as Identity Lifecycle Management, Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Federation. 

• Practical knowledge of Privileged Access Management (PAM) and Identity Governance and Administration (IGA) principles and solutions. 

• Ability to integrate IAM solutions with a wide range of applications, including SaaS (e.g., Salesforce, Workday, Office 365) and on-premises systems. 

• Familiarity with cloud infrastructure identity models, particularly AWS IAM, Azure IAM, and Google Cloud IAM. 

• Understanding of networking concepts (TCP/IP, DNS, firewalls, load balancers) as they relate to IAM system connectivity and security. 

• Knowledge of security frameworks and compliance regulations such as NIST, ISO 27001, SOX, GDPR, and HIPAA. 

• Exceptional analytical and problem-solving abilities, with a knack for deconstructing complex technical issues and developing effective solutions. 

• Strong interpersonal and communication skills, capable of explaining complex technical concepts to both technical and non-technical audiences. 

• A collaborative mindset with a proven ability to work effectively in cross-functional teams with developers, system administrators, and business stakeholders. 

• Meticulous attention to detail, especially when dealing with security configurations, access rights, and policy enforcement. 

• A strong sense of ownership and accountability, with the drive to see projects through from conception to completion. 

• Ability to manage multiple priorities in a fast-paced environment while maintaining a high standard of quality. 

• A proactive and continuous learner, dedicated to staying current with the rapidly evolving landscape of identity security. 

Physical Requirements:  

Ability to lift 50lbs to install and manage hardware components.