Apply on Employer Site

Coastal · 10 hours ago

IAM & Enterprise Application Engineer

United States

Full-time

Onsite

Senior Level, Lead/Staff

$130K/yr - $150K/yr

8+ years exp

Coastal is at the forefront of modern banking, combining strong financial infrastructure with cutting-edge Banking-as-a-Service (BaaS) and fintech enablement strategies. The IAM & Enterprise Applications Engineer will own the end-to-end lifecycle for the COTS and SaaS application portfolio, engineering security-first principles into Coastal’s core identity services while partnering with various business units to ensure proper access controls and compliance.

Financial Services

Responsibilities

Design and operate identity lifecycle automation across directories, SaaS apps, and groups using HRIS/source-of-truth and SCIM/API integrations

Define and maintain standard access profiles by role, job family, and team

Build and run access review campaigns both for ad-hoc access and the composition of standard access profiles. Ensure evidence of access review campaign preparation and completion is audit-ready

Configure new applications and federated trusts (SAML/OIDC) in IdPs

Administer authentication, session, conditional access, and device trust policies, ensuring systems are hardened against unauthorized access and common threats, such as credential stuffing and session theft

Develop integrations and scripts (Python, TypeScript, and PowerShell preferred, with knowledge of APIs and webhooks a necessity)

Adopt Infrastructure-as-Code where supported (e.g., Terraform for Okta and Entra)

Lead the COTS/SaaS application lifecycle: intake & vendor assessment, PoC, secure configuration, go-live, ongoing administration, license/usage optimization, and deprecation

Partner with the business unit driving the usage of each application define, document, implement, and administer the application’s access model

Integrate enterprise applications with central identity services (directory/IdP), enabling JIT/SCIM provisioning and deprovisioning

Integrate applications into standard security-relevant operational processes, such as asset management, configuration hardening, data loss prevention, change management, and security monitoring

Map identity and application controls to FFIEC, GLBA, SOX, PCI-DSS, and NIST CSF v2.0 requirements

Centralize application logs and admin activity, partner with business units and the Security Operations team to develop monitoring, and coordinate with Security Operations for incident response and forensics when required

Prepare audit evidence packages (config exports, campaign artifacts, approvals) and lead remediation of exceptions

Qualification

Identity Governance & AdministrationSSO & federation standardsScripting & automationSaaS platform administrationRegulatory familiarityHRIS/ITSM integrationRBAC/ABAC designInfrastructure-as-CodeStakeholder managementProcess mappingDynamic environment adaptabilityMulti-priority managementCommunication skillsEmotional intelligenceProblem-solving

Required

Must-have a blend of business operations understanding and technical expertise

Demonstrated experience in several of the following: Identity Governance & Administration (e.g., Okta IGA/Workflows, SailPoint), directory/IdP (e.g., Entra ID, Okta)

SSO & federation standards (SAML, OIDC, OAuth 2.0), MFA/conditional access, device trust

HRIS/ITSM integration (e.g., Workday/UKG/BambooHR; ServiceNow/Jira) and SCIM/JIT provisioning

RBAC/ABAC design, role mining, separation of duties modeling for financial/operational functions, periodic access reviews

Scripting & automation (PowerShell, Python), REST APIs, webhooks

Experience with IaC or policy-as-code

SaaS platform administration at scale (license management, secure configuration, delegated administration, audit logging)

Regulatory familiarity: FFIEC, GLBA, SOX, NIST CSF/SP 800-53 and evidence automation for audits

Strong stakeholder management, process mapping, and communication skills

Able to influence across teams

Comfortable operating effectively in a dynamic and changing environment (often with unstructured and/or virtual teams)

Ability to manage multiple priorities, meet deadlines, and deliver business results

8+ years in identity engineering, enterprise applications administration, or related fields, preferably in regulated financial-services or cloud-first environments

Preferred

Security certifications, such as CISSP, AZ-500, or GIAC, are a plus

Benefits

Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.

Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions.

Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.

Dental and Vision Insurance: Plans to keep you and your family smiling and seeing clearly.

Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.

Long-Term /Short-Term Disability (LTD): Income protection in the event of a long-term illness or injury.

Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.

401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future.

Paid Time Off: Generous vacation and sick leave policies to support your time away from work.

Holidays: Enjoy 11 paid holidays throughout the year.