IAM Engineer

ABOUT US

Founded in 1993, Bayview Asset Management is an investment management firm focused on mortgage and consumer credit investments, including whole loans, asset-backed securities, mortgage servicing rights, and other credit-related assets.

POSITION SUMMARY

We are seeking an experienced Identity Access & Management (IAM) Engineer to support our enterprise identity and access management initiatives. This role will focus on authentication, authorization, provisioning, privileged access management (PAM), and overall enterprise IGA administration. The IGA Engineer will play a key role in ensuring secure and efficient access to systems and applications while maintaining compliance with internal policies and regulatory requirements.

Key Responsibilities:

• Design, implement, and maintain IGA solutions to automate user provisioning, deprovisioning, and access reviews.
• Configure and manage role-based access control (RBAC), attribute-based access control (ABAC), and policy-based access controls.
• Develop workflows for user lifecycle management (Joiner-Mover-Leaver).
• Ensure compliance with internal security policies and external regulations.
• Enforce security policies related to authentication and access control.

Privileged Access Management (PAM):

• Implement and maintain PAM solutions to secure access to privileged accounts and credentials.

Enterprise IAM Administration & Support:

• Maintain and optimize IGA platform configurations.
• Monitor and troubleshoot identity-related incidents and service requests.
• Work with cross-functional teams to implement IAM best practices.
• Provide technical guidance on IAM strategies and solutions.

SKILLS & QUALIFICATIONS:

• Hands-on experience with IGA platforms (e.g., SailPoint IdentityNow/IdentityIQ, Saviynt, Okta Identity Governance, Microsoft Entra ID Governance, One Identity, etc.).
• Strong knowledge of authentication protocols and technologies (LDAP, SAML, OAuth, OpenID Connect, Kerberos).
• Experience with PAM solutions (e.g., CyberArk, BeyondTrust, HashiCorp Vault, Thycotic/Delinea).
• Familiarity with Active Directory (AD), Azure AD (Entra ID), SCIM, and API-based integrations.
• Scripting skills in PowerShell, Python, or similar languages for automation.
• Understanding of regulatory requirements related to IAM (e.g., SOX, HIPAA, NIST, ISO 27001).

Preferred Qualifications:

• Experience with Cloud IAM (AWS, Azure, GCP).
• Knowledge of Zero Trust Architecture (ZTA) principles.
• Relevant certifications: CISSP, CISM, GIAC, Microsoft SC-300, SailPoint Certified Engineer, Okta Certified Professional/Administrator, CyberArk Defender/Guardian, etc.

EDUCATION & EXPERIENCE:

• Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent experience).
• Minimum of 5 years of experience managing Microsoft Exchange Server and Active Directory in a large enterprise environment.
• Experience administering Office 365 / Exchange Online environments.

EEO STATEMENT

Bayview is an Equal Employment Opportunity employer. All aspects of employment with the Company are based on merit, qualifications, and business needs without regard to race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, or any other category protected by federal, state, or local law.