Senior IAM Engineer

Passionate about precision medicine and advancing the healthcare industry? Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time. As a Senior IAM Engineer, you will be the primary architect and guardian of our identity perimeter. You will design, implement, and maintain scalable identity solutions that secure our workforce. Your focus will be on transitioning away from manual provisioning toward a fully automated "Identity-as-Code" model using Okta Workflows and API integrations. Key Responsibilities Architectural Leadership: Design and scale our Okta tenant, ensuring high availability and global best practices for SAML, OIDC, and OAuth 2.0 integrations. Automation & Orchestration: Build complex lifecycle management (LCM) flows using Okta Workflows to automate joiner/mover/leaver processes across HRIS, AD, and downstream SaaS apps. Hybrid Identity Management: Manage and optimize the synchronization between Active Directory (AD) and cloud identity providers. API Integration: Develop custom integrations using REST APIs to connect homegrown or niche applications that lack out-of-the-box support. Security & Compliance: Implement Adaptive Multi-Factor Authentication (MFA), Passwordless strategies, and regular access certifications to meet SOC2/ISO 27001/SOX requirements. Escalation Support: Serve as the Tier 3 expert for complex authentication issues and identity-related security incidents. Technical Qualifications Okta Mastery: 5 years of experience managing Okta at an enterprise scale, including advanced Workflows and Okta Expression Language. Protocol Expertise: Deep understanding of the "Identity Trinity":SAML 2.0: XML-based assertions and troubleshooting.OIDC/OAuth 2.0: Scopes, claims, and grant types (Authorization Code vs. Client Credentials).SCIM: Automating user provisioning and deprovisioning. Directory Services: Strong background in Active Directory (Group Policy, Kerberos, DNS) and how it interfaces with modern cloud tenants. Programming/Scripting: Proficiency in Python, PowerShell, or JavaScript for interacting with APIs and automating repetitive tasks. Modern Security: Familiarity with Zero Trust Architecture (ZTA) and Least Privilege principles. Soft Skills Problem Solver: You don't just fix the symptom; you find the root cause in the protocol trace. Communicator: Ability to explain complex authentication flows to non-technical stakeholders (e.g., HR or Legal). Continuous Learner: The identity landscape shifts weekly; you enjoy staying ahead of new standards like FIDO2 or Passkeys. Bonus Points Okta Certified Professional/Administrator/Consultant. Experience with Infrastructure as Code (Terraform) for managing Okta resources. Experience with Privileged Access Management (PAM) tools. Experience with Identity Governance and Administration (IGA) tools. #LI-HR1 #LI-Hybrid CHI - $120,000-$160,000 The expected salary range above is applicable if the role is performed from Illinois and may vary for other locations (California, Colorado, New York). Actual salary may vary based on qualifications and experience. Tempus offers a full range of benefits, which may include incentive compensation, restricted stock units, medical and other benefits depending on the position. We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Tempus was founded in August of 2015 by Eric Lefkofsky, after his wife was diagnosed with Breast Cancer. Shortly after he founded the company in an effort to bring the power of technology and artificial intelligence to cancer care, he convinced Ryan Fukushima to join as the company’s first employee. Ryan and Eric began assembling a world class team, focused on building the first version of a platform capable of ingesting real time healthcare data in an effort to personalize diagnostics. We built the platform for oncology and have expanded it to neuropsychiatry, cardiology, infectious disease (through COVID), and radiology. Despite our rapid growth, our mission remains the same—to help make sure patients are on the right drug at the right time, so they can live longer and healthier lives. We’re looking for people who can change the world. Who question the status quo and don’t shy away from tough problems. For the builders who are never done building and the learners who are never done learning. We’re looking for passionate people with undying curiosity. Those who want to attack one of the most challenging problems mankind has ever faced. Head on.

Salary : $120,000 - $160,000