Security Engineer III

Bangalore, Karnataka, India

and 1 more

(Hybrid)

Trending

Job Description

Security Engineer III (IAM / IGA Security Engineer)

Position Overview

We are seeking a highly skilled IAM / IGA Security Engineer to design, implement, and operate our enterprise Identity Governance and Administration (IGA) platform. This role plays a critical part in securing access to systems and data while enabling operational efficiency through automation, policy-driven governance, and scalable identity lifecycle management.

The ideal candidate has strong hands-on experience with IGA platforms—especially MidPoint (preferred)—and excels at designing identity solutions that balance security, compliance, and user experience. You will collaborate closely with Security, IT, HR, and business stakeholders to deliver a modern, resilient IAM ecosystem.

IGA Platform Design & Engineering

• Design, implement, and maintain Identity Governance & Administration (IGA) solutions using MidPoint or equivalent platforms (SailPoint, Saviynt, Omada)

• Configure and customize IGA capabilities:

• Identity lifecycle management (Joiner / Mover / Leaver)

• Access requests and approvals

• Role management and RBAC

• Policy enforcement and access certifications

• Build and optimize enterprise-grade identity models to support scale, performance, and resiliency

• Lead platform upgrades, performance tuning, and continuous improvements

• Design and automate end-to-end identity lifecycle workflows

• Implement birthright access models based on role, department, and business needs

• Build access request workflows that balance security, compliance, and usability

• Implement and manage periodic access certification campaigns

• Integrate and govern privileged access via PAM systems and elevated access workflows

• Identify and remediate orphaned accounts, excessive privileges, and access risks

• Develop and support integrations with:

• Authoritative identity sources (HR systems)

• Directories & IAM providers (Active Directory, Azure AD / Entra ID, Okta)

• Cloud platforms (AWS IAM, Azure RBAC, GCP IAM)

• SaaS and enterprise applications

• Build custom extensions using:

• Python, PowerShell, Groovy, or Java

• REST and SOAP APIs

• SCIM and event-driven provisioning

• Design data mappings and transformations to reconcile identity data across systems

• Implement monitoring, logging, and alerting for identity and provisioning events

• Define and enforce:

• Least-privilege access

• Segregation of Duties (SoD)

• Access policies and governance controls

• Support compliance initiatives including:

• SOX, SOC 2, ISO 27001, HIPAA, GDPR

• Generate audit-ready reports on:

• User access

• Entitlements

• Certifications

• Policy violations

• Maintain IAM documentation, architecture diagrams, and operational runbooks

• Partner with HR, IT Operations, Security, and application teams

• Serve as a technical advisor on:

• IAM best practices

• RBAC and least privilege

• Zero Trust principles

• Troubleshoot and resolve complex IAM issues

• Support security incidents involving identity compromise or unauthorized access

• Train IT teams and business owners on IAM tools and processes

• Stay current with IAM trends and emerging technologies, including:

• Passwordless authentication

• FIDO2

• Identity analytics

• Decentralized identity

• Measure and optimize IAM effectiveness via metrics and feedback

• Evaluate new tools and contribute to the IAM technology roadmap

• Influence enterprise IAM architecture and long-term strategy

Experience

• 5+ years of hands-on Identity & Access Management experience

• 3+ years working with IGA platforms

• Proven experience with at least one major IGA solution:

• MidPoint (preferred)

• SailPoint (IdentityIQ / IdentityNow)

• Saviynt

• Omada

• Strong experience with:

• Identity lifecycle management

• Access certifications

• RBAC and role engineering

• IGA Platforms: Deep technical expertise in MidPoint or equivalent

• Directories: Active Directory, Azure AD / Entra ID, LDAP

• Protocols: SAML, OAuth 2.0, OIDC, SCIM

• Automation & Scripting: Python, PowerShell, Groovy, Java

• APIs & Integration: REST, SOAP, integration patterns

• Cloud IAM: AWS IAM, Azure RBAC, GCP IAM

• Databases: SQL and IAM data modeling

• SSO & MFA: Okta, Ping, Azure AD, MFA technologies

• Strong communication skills — able to explain complex IAM topics to non-technical audiences

• Collaborative mindset with cross-functional teams

• Proven ability to drive IAM initiatives from design through production

• Customer-focused approach to access management

• Comfortable operating in fast-paced, evolving environments

• Bachelor’s degree in Computer Science, IT, Cybersecurity, or equivalent experience

• Preferred certifications:

• CISSP

• CIAM

• CompTIA Security+