We are seeking a hands-on IAM Engineer to serve as the builder and integrator within our Identity & Access Management function. This role is responsible for translating IAM architecture and security policy into scalable, automated, and production-ready identity controls.
You will design, configure, integrate, and automate identity solutions across enterprise systems, ensuring clean provisioning logic, reliable workflows, and high-quality configuration management.
This is an execution-focused engineering role for someone who thrives on building, integrating, and automating — not just designing.
Configure and deploy SailPoint connectors
Build and maintain AD / Entra ID provisioning logic
Develop and enhance lifecycle workflows (Joiner-Mover-Leaver, exceptions, emergency disable)
Configure dynamic groups
Build and maintain transforms and rules
Integrate HR and non-employee source systems
Integrate Privileged Access Management (PAM) platforms
Connect identity data with SIEM systems
Integrate ticketing systems for automated provisioning and approval flows
Automate identity refresh cycles
Manage automated exception expirations
Implement provisioning error handling and retry logic
Ensure repeatable, deterministic, and duplication-free automation
Support lower environments (Dev, QA, UAT)
Perform testing and validation prior to production release
Manage configuration changes and environment promotion
Ensure strong logging and troubleshooting practices
Maintain high standards for code quality
Own configuration management practices
Ensure clean, documented, and scalable implementations
3+ years of hands-on SailPoint configuration and build experience
Working experience with Active Directory and Entra ID
Strong understanding of Azure IAM concepts
Experience working with REST APIs and JSON
Strong PowerShell scripting skills
Experience with identity data management and schema definition
Hands-on experience with authentication and federation standards:
SCIM
SAML
OAuth
OpenID Connect
Strong understanding of CI/CD concepts
Experience with environment promotion strategies
Logging, monitoring, and troubleshooting expertise
Automation-first mindset:
Repeatable processes
Predictable outcomes
No duplication
Error-resistant design
Identity processes run cleanly and automatically
Provisioning errors are rare and traceable
Environments are stable and predictable
Integrations are scalable and well-documented
Architecture becomes operational reality through clean execution
Vaco by Highspring values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply.
Vaco by Highspring is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race (including but not limited to traits historically associated with race such as hair texture and hair style), color, sex (includes pregnancy or related conditions), religion or creed, national origin, citizenship, age, disability, status as a veteran, union membership, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, political affiliation, or any other protected characteristics as required by federal, state or local law.
Vaco by Highspring and its parents, affiliates, and subsidiaries are committed to the full inclusion of all qualified individuals. As part of this commitment, Vaco by Highspring and its parents, affiliates, and subsidiaries will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact
HR@vaco.com
.Vaco by Highspring also wants all applicants to know their rights that workplace discrimination is illegal.
By submitting to this position, you agree that you will be giving Vaco by Highspring the exclusive right to present your as a candidate for the foregoing employment opportunity. You further agree that you have represented information about yourself accurately and have not affirmatively misrepresented your qualifications. You also agree to maintain as confidential, to the fullest extent permitted by law, any information you learn from Vaco by Highspring about the position and you will limit disclosure of information about the position only to the extent necessary to perform any obligations in furtherance of your application. In exchange, Vaco by Highspring agrees to exercise reasonable efforts to represent you through all solicitation, job screening and resume dispersal.
Vaco by Highspring and its parents, affiliates, and subsidiaries (“we,” “our,” or “Vaco by Highspring”) respects your privacy and are committed to providing transparent notice of our policies.
Determining compensation for this role (and others) at Vaco by Highspring depends upon a wide array of factors including but not limited to:
With that said, as required by local law, Vaco by Highspring believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.