Security Engineer III

**Security Engineer III (IAM / IGA Security Engineer)** **Position Overview** We are seeking a highly skilled **IAM / IGA Security Engineer** to design, implement, and operate our **enterprise Identity Governance and Administration (IGA)** platform. This role plays a critical part in securing access to systems and data while enabling operational efficiency through automation, policy-driven governance, and scalable identity lifecycle management. The ideal candidate has strong hands-on experience with **IGA platforms—especially MidPoint (preferred)** —and excels at designing identity solutions that balance **security, compliance, and user experience** . You will collaborate closely with Security, IT, HR, and business stakeholders to deliver a modern, resilient IAM ecosystem. **Key Responsibilities** **IGA Platform Design & Engineering** + Design, implement, and maintain **Identity Governance & Administration (IGA)** solutions using **MidPoint** or equivalent platforms (SailPoint, Saviynt, Omada) + Configure and customize IGA capabilities: + Identity lifecycle management (Joiner / Mover / Leaver) + Access requests and approvals + Role management and RBAC + Policy enforcement and access certifications + Build and optimize **enterprise-grade identity models** to support scale, performance, and resiliency + Lead platform upgrades, performance tuning, and continuous improvements **Identity Lifecycle & Access Governance** + Design and automate **end-to-end identity lifecycle workflows** + Implement **birthright access models** based on role, department, and business needs + Build access request workflows that balance **security, compliance, and usability** + Implement and manage **periodic access certification campaigns** + Integrate and govern **privileged access** via PAM systems and elevated access workflows + Identify and remediate **orphaned accounts, excessive privileges, and access risks** **Integration & Automation** + Develop and support integrations with: + **Authoritative identity sources** (HR systems) + **Directories & IAM providers** (Active Directory, Azure AD / Entra ID, Okta) + **Cloud platforms** (AWS IAM, Azure RBAC, GCP IAM) + **SaaS and enterprise applications** + Build custom extensions using: + **Python, PowerShell, Groovy, or Java** + REST and SOAP APIs + SCIM and event-driven provisioning + Design data mappings and transformations to reconcile identity data across systems + Implement **monitoring, logging, and alerting** for identity and provisioning events **Security, Compliance & Risk Management** + Define and enforce: + Least-privilege access + Segregation of Duties (SoD) + Access policies and governance controls + Support compliance initiatives including: + **SOX, SOC 2, ISO 27001, HIPAA, GDPR** + Generate audit-ready reports on: + User access + Entitlements + Certifications + Policy violations + Maintain IAM documentation, architecture diagrams, and operational runbooks **Collaboration & Operational Support** + Partner with **HR, IT Operations, Security, and application teams** + Serve as a technical advisor on: + IAM best practices + RBAC and least privilege + Zero Trust principles + Troubleshoot and resolve complex IAM issues + Support security incidents involving identity compromise or unauthorized access + Train IT teams and business owners on IAM tools and processes **Continuous Improvement & Strategy** + Stay current with **IAM trends and emerging technologies** , including: + Passwordless authentication + FIDO2 + Identity analytics + Decentralized identity + Measure and optimize IAM effectiveness via metrics and feedback + Evaluate new tools and contribute to the **IAM technology roadmap** + Influence enterprise IAM architecture and long-term strategy **Required Qualifications** **Experience** + **5+ years** of hands-on Identity & Access Management experience + **3+ years** working with IGA platforms + Proven experience with at least one major IGA solution: + MidPoint (preferred) + SailPoint (IdentityIQ / IdentityNow) + Saviynt + Omada + Strong experience with: + Identity lifecycle management + Access certifications + RBAC and role engineering **Technical Skills** + **IGA Platforms:** Deep technical expertise in MidPoint or equivalent + **Directories:** Active Directory, Azure AD / Entra ID, LDAP + **Protocols:** SAML, OAuth 2.0, OIDC, SCIM + **Automation & Scripting:** Python, PowerShell, Groovy, Java + **APIs & Integration:** REST, SOAP, integration patterns + **Cloud IAM:** AWS IAM, Azure RBAC, GCP IAM + **Databases:** SQL and IAM data modeling + **SSO & MFA:** Okta, Ping, Azure AD, MFA technologies **Soft Skills** + Strong communication skills — able to explain complex IAM topics to non-technical audiences + Collaborative mindset with cross-functional teams + Proven ability to drive IAM initiatives from design through production + Customer-focused approach to access management + Comfortable operating in fast-paced, evolving environments **Education & Certifications** + Bachelor’s degree in Computer Science, IT, Cybersecurity, or equivalent experience + Preferred certifications: + CISSP + CIAM + CompTIA Security+ Vendor-specific IAM certifications (SailPoint, Saviynt, Microsoft) **Preferred / Nice-to-Have Qualifications** + Hands-on experience implementing and operating **MidPoint** + Experience across **multiple IGA platforms** + Privileged Access Management (CyberArk, BeyondTrust, Delinea) + Identity analytics and access risk tooling + Infrastructure as Code (Terraform, Ansible) + DevSecOps / CI‑CD IAM integrations + Experience in **highly regulated industries** + Contributions to **open-source IAM projects** + Knowledge of emerging identity technologies (passwordless, decentralized identity) **Why This Role Matters** You will help secure the organization’s most critical assets by ensuring the _right people have the right access at the right time_ —while reducing friction through automation and intelligent governance. **Who we are:** At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson. Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act. If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing TalentExperienceGlobalTeam@grp.pearson.com. **Job:** Engineering **Job Family:** TECHNOLOGY **Organization:** Corporate Strategy & Technology **Schedule:** FULL\_TIME **Workplace Type:** Hybrid **Req ID:** 23018