DOOR · 8 hours ago
Senior IAM Engineer - Privileged Access Management & JIT_1157
United States
Full-time
Remote
Senior Level, Lead/Staff
$165K/yr - $175K/yr
15+ years expLATCH LLC is a technical consulting firm providing services to the US Federal Government. They are seeking a Senior IAM Engineer to integrate with Okta and develop secure identity and access management solutions, playing a key role in a fast-paced Agile engineering team.
AppsArtificial Intelligence (AI)Smart HomeSoftware
No H1B
Responsibilities
Designing and implementing identity federation, single sign-on (SSO) and multi-factor authentication (MFA) solutions, and privileged access management (PAM)
Implementing integrations with Okta and supporting related identity protocols
Supporting application onboarding for authentication and authorization
Implementing, sustaining, and troubleshooting PAM solutions within a larger ICAM ecosystem
Enhance and sustain Just in Time (JIT) Provisioning solutions and Privileged Access Management (PAM) for the enterprise identity environment, spanning Okta, Active Directory, USAccess, and integrated identity systems
Implement, refine, and troubleshoot the implementation of PAM and JIT policies, including attribute mapping, profile transformations, directory writes, federation-based triggers, and downstream provisioning updates
Build and maintain Okta Workflows, inline hooks, and API-driven automations to support real-time identity lifecycle events (creation, update, disablement, deprovisioning)
Collaborate with Senior ICAM Engineers to maintain secure, scalable identity federation and single sign-on (SSO) patterns that align with enterprise identity architecture
Create, modify, and publish APIs that support PAM, JIT provisioning, SCIM synchronization, and identity attribute orchestration across the enterprise
Support application onboarding efforts, ensuring each app is integrated with JIT, OIDC, OAuth2, or SAML as appropriate
Design and maintain attribute schemas, group rule logic, and directory synchronization patterns supporting real-time access decisions
Conduct deep troubleshooting of provisioning failures, federation issues, JIT edge cases, and identity attribute conflicts using Okta System Logs, AD event logs, and custom instrumentation
Partner with Enterprise Security, Directory Services, and Identity Governance teams to ensure JIT provisioning aligns with Zero Trust and identity assurance requirements
Produce high-quality technical artifacts, including ICAM diagrams, provisioning flows, SOPs, runbooks, and integration documentation
Mentor junior identity engineers on JIT provisioning best practices, secure attribute handling, and Okta-centered automation strategies
Participate in Agile ceremonies, contributing to backlog refinement, sprint planning, and iterative delivery of identity enhancements
Qualification
Required
Minimum 5+ years of Identity and Access Management (IAM) engineering experience supporting enterprise identity platforms
Minimum 15 years of experience in an IT position, such as systems administration, systems engineering, development, or identity management
Direct, hands-on experience designing, implementing, and troubleshooting privileged access management (PAM) solutions and Just in Time (JIT) Provisioning solutions in Okta or a comparable enterprise IdP (mandatory)
Strong hands-on expertise with OIDC, including authorization flows, token handling, claims, and advanced configuration
Solid experience with authentication protocols SAML and OAuth 2.0, including advanced troubleshooting
Proven, hands-on experience with Okta Workflows, including subflows, error handling, API connectors, and lifecycle automation
Experience working with and developing APIs using modern tools and languages; ability to build or modify API-based automation to support JIT
Experience in Agile or DevOps environments with CI/CD workflows supporting identity integrations
Ability to write clear, concise technical documentation, diagrams, and system integration artifacts
5+ years of relevant experience with Okta
3+ years of relevant experience with privileged access management
10+ years of relevant experience with systems engineering
15+ years of relevant experience in IT fields
Bachelor's degree in Computer Science, Information Systems, or a related field OR no degree with 13+ years of directly relevant systems and development experience
Preferred
Experience implementing PAM, JIT, or SCIM provisioning for federated user populations (internal + external)
Familiarity with cloud identity integration on AWS, Azure/Entra ID, or similar platforms
Working knowledge of Infrastructure as Code tools such as Terraform, especially the Okta provider
Experience supporting ICAM efforts in federal or regulated environments
Understanding of Zero Trust principles, identity lifecycle frameworks, and identity governance patterns
Familiarity with directory services (Active Directory, LDAP), group policy interactions, and directory write-back logic
Benefits
401(k)
401(k) matching
Dental insurance
Health insurance
Paid time off
Parental leave
Professional development assistance
Referral program
Vision insurance
Company
DOOR
DOOR (formerly Latch) is a Building Intelligence company redefining how buildings operate.
201-500 employees
Funding
Current Stage
Public CompanyTotal Funding
$342.12MKey Investors
AvenirBrookfield Asset ManagementRRE Ventures
2021-06-07Post Ipo Equity· $190M
2021-06-07IPO
2019-08-01Series B· $56M
Leadership Team
Allen Smith
Member Board Of Directors
Recent News
StopPress New Zealand
2025-09-29
Company data provided by crunchbase