Identity & Access Management Engineer (Hybrid/Remote)

A Day in Your Life at MKS

The Identity & Access Management Engineer will be responsible for the ongoing operation and evolution of the Saviynt Identity Governance & Administration (IGA) platform, including designing, implementing, and optimizing identity governance solutions across the enterprise. This role partners closely with security, IT, and application teams to deliver scalable, compliant, and efficient identity lifecycle management.

As a technical expert in identity governance, you will contribute to platform stability, integrations, and continuous improvement while helping advance MKS’s overall IAM maturity.

The ideal candidate is a highly motivated, self‑driven professional who enjoys solving complex problems, learning new technologies, and delivering secure identity solutions.

You Will Make an Impact By

Saviynt Platform Ownership

• Serve as the subject matter expert (SME) for the Saviynt IGA platform
• Oversee configuration, customization, and integration of Saviynt with enterprise systems
• Ensure platform scalability, performance, reliability, and alignment with security standards
• Support ongoing operations including upgrades, maintenance, and issue resolution
• Collaborate with vendors and internal stakeholders to ensure platform success
  
  

Technical Leadership

• Provide technical guidance and knowledge sharing within the IAM team
• Partner with IT and security leadership to prioritize work and deliver solutions
• Contribute to and promote best practices for configuration, development, and operations
  
  

Identity Lifecycle Management

• Design and maintain workflows for user provisioning, de-provisioning, and access reviews.
• Implement role-based access control (RBAC) and attribute-based access control (ABAC) models.
  
  

Integration & Automation

• Develop connectors and integrations between Saviynt/CyberArk and applications (on-prem and cloud).
• Automate identity processes using APIs, scripts, and Saviynt/CyberArk
• Improve operational efficiency through automation and solution optimization
  
  

Security & Compliance

• Ensure adherence to regulatory requirements (e.g., SOX, GDPR).
• Conduct periodic access certifications and audits.
• Implement controls for privileged access management.
  
  

Incident Management & Continuous Improvement

• Troubleshoot and resolve Saviynt platform issues
• Perform root cause analysis and implement preventive measures.
• Stay current with Saviynt product capabilities, roadmap updates, and IAM industry trends
• Recommend enhancements to improve security posture and operational efficiency
  
  

Skills You Bring:

• Strong hands-on experience with Saviynt IGA platform (configuration, workflows, connectors)
• Solid understanding of identity and access management concepts and best practices
• Knowledge of directory services (Active Directory, LDAP), SSO, and federation protocols (SAML, OAuth, OIDC).
• Familiarity with APIs, REST, and scripting languages (PowerShell, Python).
• Proven ability to lead technical teams and manage complex projects.
• Strong problem-solving and analytical skills with minimal supervision and escalate issues as appropriate
• Excellent communication skills for collaboration with stakeholders and vendors.
• Working with an international team and stakeholders (USA, India, Germany, …)
  
  

Requirements

• 5 years in IAM engineering roles, with at least
• 2 years focused on Saviynt.
• Experience in large-scale enterprise environments.
• Demonstrated understanding of risk and compliance frameworks
• Excellent documentation, written and communication skills
• Must be a detail-oriented, well-organized, self-starter able to work in a dynamic environment with the ability to perform multiple tasks
• Highly motivated individual with the ability to self-start, prioritize, and multi-task
  
  

Preferred Requirements:

• Saviynt certification
• Scripting and/or programming skills in technologies, such as PowerShell, SQL, Python, and JSON
• Strong interpersonal and communication skills and the ability to collaborate and work effectively with a wide range of cross-functional teams, vendors, and time zones
• Experience with REST protocols
• Familiarity with standards for SSO technologies such as SAML2, OAuth2
  
  

Physical Demands and Working Conditions:

• Perform activities such as sitting, standing, or typing for extended periods of time
• Regularly requires good manual dexterity and coordination
• Must be able to communicate information and ideas so others will understand
• Must be able to exchange accurate information
• The ability to observe documents and details at close range (within a few feet of the observer)
• Operates in a professional office environment
• Constantly operates a computer and other office productivity machinery
• Noise level in the work environment is usually average
  
  

This position is remote but candidates must be within commutable distance to Andover MA, Broomfield CO, Rochester NY, or Irvin CA. Relocation benefits are not available for this position.

We are interested in a qualified candidates eligible to work in the United States and will not be sponsoring work visas for this position, at this time.

MKS is an equal opportunity employer, including disability, veteran status and all categories protected by law. Please review our EOE statements for additional details. MKS is generally only hiring candidates who reside in states where we are registered to do business.

Compensation and Benefits:

• Salary Pay Range: $ 88,000 - $147,000 per year. This range is a good faith estimate of the expected salary range for this position, based on a wide range of factors including qualifications, experience and training, operational and business needs and other considerations permitted by law.
• Bonus: This position is eligible for a discretionary annual bonus, in an amount to be determined by MKS [or as applicable].
• Benefits: MKS offers a comprehensive benefits package, including health insurance coverage (medical, dental and vision), 401(k) with company match, life and disability insurance, 12 paid holidays, sick time, 15 paid vacation days, [6 weeks fully paid] parental leave, adoption assistance and tuition reimbursement [and for participation in any stock programs, signing bonus, etc.