Identity and Access Management Engineer [Hybrid or Remote]

Scope of Position

About Us

EDF power solutions North America has been providing clean energy solutions throughout the U.S., Canada, and Mexico since 1987. We are a market-leading independent power producer and service provider, serving utilities, corporations, industries, communities, institutions, and investors with reliable, low-carbon energy solutions that help meet growing demand.

From developing and building scalable wind (onshore and offshore), solar, storage (battery and pumped storage hydro), smart EV charging, microgrids, green hydrogen, and transmission projects, to maximizing performance and profitability through skilled operations and maintenance and innovative asset optimization, our teams deliver expert solutions along the entire value chain—from origination to commercial operation. Be a part of an innovative and collaborative team environment that fosters our goal of delivering renewable solutions to lead the transition to a sustainable energy future.

Benefits & Perks

EDF power solutions offers best-in-class employee benefits, including the following:

• Competitive bonus incentives. This position is eligible for our annual bonus program.
• Comprehensive health coverage. We provide low-cost health & wellness coverage for employees and their eligible dependents.
• Rewarding 401k. We provide a generous matching contribution.
  
  

We Are Also Proud To Offer

• Favorable paid time off programs, including paid parental leave after one year of service.
• Rewarding learning & career development and advancement opportunities.
• Supportive mentorship & buddy programs.
  
  

Salary Range: The full pay range for this role is $107,200 - $178,600 annually , and the good faith estimated starting pay for this position upon hire is $125,000 - $140,000 annually . We generally base our salary decisions on factors including but not limited to, relevant work and leadership experience, education, demonstrated performance, internal equity, and in some cases, geographic location.

Scope Of Job

The I dentity and A ccess M anagement (IAM) Engineer serve s as the strategic anchor, technical implementer, and cultural champion for Identity and Access Management within the Cybersecurity team. As the cornerstone of the modern security program, this role ensur es that the right individuals have the right access to the right resources at the right times and for the right reasons.

This role is integral to the day-to-day management of the IAM infrastructure and identity lifecycle from onboarding to offboarding. The IAM Engineer define s the identity strategy, hands-on architect , implement s enterprise -grade toolsets, and build s the seamless operational processes required to support them.

In addition to deep technical deployment, this role act s as the organization’s chief IAM representative - collaborating with cross-functional teams, educating the business on why identity security matters, and breaking down complex security protocols into friction-free user experiences. By bridging the gap between engineering excellence and strategic vision, you will directly mitigate security risks, enable business productivity, support regulatory compliance, and fortify our overall security posture against unauthorized access and data breaches.

Work Mode: Hybrid - San Diego, CA or Remote (U.S. only)

Responsibilities

• IAM Platform Administration & Engineering
• Core Administration: Administer s and configure s core IAM platforms and technologies, such as (e.g., Clear Skye, Veza, Entra ID Governance, Okta, Ping Identity) , or similar enterprise-grade solutions.
• Standard Integration: Engineer s and support s integration between the IAM platform and target applications using standard protocols like SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and SCIM.
• Custom Integration: Develop s custom connectors and workflows to integrate non-standard, legacy, or homegrown applications into the centralized IAM framework.
• Directory Services: Manage s and secure s the organization's directory services, including Active Directory and LDAP, ensuring data integrity, synchronization, and replication health.
• Automation: Develop s and maintain s automation scripts (using PowerShell, Python, etc.) to streamline repetitive IAM tasks, such as user provisioning, report generation, and system health checks.
• Strategy, Architecture & Roadmap
• Strategic Roadmap: Looks ahead, and c ontribute s to the development and refinement of the organization's broader cybersecurity strategy and technology roadmap, specifically within the identity domain.
• Architecture & Deployment: Architect s , designs, deploy s , and maintain s the enterprise-wide Identity and Access Management (IAM) infrastructure, including core platforms for Identity Governance (IGA), Access Management (AM), and Privileged Access Management (PAM).
• Future-Proofing : Evaluate s emerging IAM technologies, trends, and security threats, providing recommendations for strategic improvements and enhancements to the identity program.
• Business Collaboration, Training & Evangelism
• Stakeholder Collaboration: Collaborate s closely with application owners, infrastructure teams, HR, and business stakeholders to gather access requirements and ensure IAM services meet business needs.
• SME & Training: Provide s subject matter expertise and training to IT support teams, application developers, and end-users on IAM policies, tools, and best practices.
• Authentication Security: Spearhead s the design s and integration of Single Sign-On (SSO) and Multi-Factor Authentication (MFA) solutions to provide a seamless and secure authentication experience across a diverse portfolio of cloud (SaaS) and on-premise applications.
• Operations, Support & Incident Management
• Proactive Monitoring: Proactively monitor s the health, performance, and security of IAM systems, identif ies potential issues, analyz es logs, and respond s to system-generated alerts.
• Incident Response: Partner s with stakeholders to investigate and respond to identity-related security incidents, such as compromised accounts or anomalous access patterns.
• Technical Escalation: Act s as the primary technical point of contact for troubleshooting and resolving complex authentication, authorization, and access-related incidents and service requests from end-users and application teams.
• Technical Documentation: Develop s and maintain s comprehensive technical documentation, including architectural diagrams, configuration guides, operational runbooks, and disaster recovery plans for all IAM systems.
• Identity Governance, Compliance & Audit
• V ital cyclical tasks that take up very little day-to-day effort to support (e.g., quarterly access reviews or annual audits).
• Lifecycle Management: Manage s the complete identity lifecycle for all users (employees, contractors, vendors, partners), encompassing automated onboarding, access provisioning, attribute changes, and timely de-provisioning processes.
• Least Privilege Models: Develop s , implement s , and enforce s granular access control policies and Role-Based Access Control (RBAC) models to uphold the principle of least privilege throughout the organization's digital ecosystem.
• Privileged Access: Design s and manage s robust Privileged Access Management (PAM) solutions to secure, monitor, and control access to critical infrastructure and sensitive accounts.
• Access Governance: Lead s and execute s periodic access certification campaigns, requiring business owners to review and validate user access rights to maintain compliance and reduce access creep.
• Audit s & Compliance: Participate s actively in internal and external audit activities by providing evidence, explaining controls, and remediati on or findings related to identity and access management.
• Other duties as assigned
  

Supervision Of Others

N/A

Working Conditions

95 % of time is spent in the office environment utilizing computers (frequent use of various Microsoft software/programs), phones, and general office equipment. 5 % of time is spent outside of the office visiting vendors’ and/or internal customer sites in addition to attending various conferences and meetings .

Fiscal Responsibilities

N/A

Education/Experience

Qualifications

• Bachelor’s degree required, e quivalent years of experience in this specific field may be substituted for a degree.
• Minimum of 6 years of experience in IT/Cybersecurity, with a t least 4-years heav il y focus ed on IAM administration, directory services, and federation protocols (SAML, OIDC, OAuth).
• Certifications such as CISSP, CompTIA Security , and/or vendor-specific credentials (e.g., Okta Certified Professional, Microsoft Certified: Identity and Access Administrator Associate) preferred.
• Demonstrated experience writing technical documentation, standard operating procedures (SOPs), and runbooks for identity management.
• Hands-on experience managing enterprise directory services, particularly Microsoft Active Directory (AD) and LDAP.
• Experience in integrating IAM solutions with a wide range of applications, including SaaS (e.g., Salesforce, Workday, Office 365) and on-premises systems.
  
  

Skills/Knowledge/Abilities

• Deep expertise in at least one leading IAM platform (e.g., Clear Skye, Veza, Entra ID Governance, Okta, Ping Identity)
• Strong proficiency in modern authentication and authorization protocols, including SAML, OAuth 2.0, OIDC, and SCIM.
• Ability to manag e enterprise directory services, particularly Microsoft Active Directory (AD) and LDAP.
• Solid scripting and automation skills using languages like PowerShell, Python, or Shell scripting to manage infrastructure and processes.
• In-depth understanding of core IAM concepts such as Identity Lifecycle Management, Single Sign-On (SSO), Multi-Factor Authentication (MFA), and Federation.
• Practical knowledge of Privileged Access Management (PAM) and Identity Governance and Administration (IGA) principles and solutions.
• Ability to integrat e IAM solutions with a wide range of applications, including SaaS (e.g., Salesforce, Workday, Office 365) and on-premise s systems.
• Familiarity with cloud infrastructure identity models, particularly AWS IAM, Azure IAM, and Google Cloud IAM.
• Understanding of networking concepts (TCP/IP, DNS, firewalls, load balancers) as they relate to IAM system connectivity and security.
• Knowledge of security frameworks and compliance regulations such as NIST, ISO 27001, SOX, GDPR, and HIPAA.
• Exceptional analytical and problem-solving abilities, with a knack for deconstructing complex technical issues and developing effective solutions.
• Strong interpersonal and communication skills, capable of explaining complex technical concepts to both technical and non-technical audiences.
• A collaborative mindset with a proven ability to work effectively in cross-functional teams with developers, system administrators, and business stakeholders.
• Meticulous attention to detail, especially when dealing with security configurations, access rights, and policy enforcement.
• A strong sense of ownership and accountability, with the drive to see projects through from conception to completion.
• Ability to manage multiple priorities in a fast-paced environment while maintaining a high standard of quality.
• A proactive and continuous learner, dedicated to staying current with the rapidly evolving landscape of identity security.
  
  

Physical Requirements

Ability to lift 50lbs to install and manage hardware components.