Position Overview

Lead for Single Sign One (SSO) and cloud-based authentication and multi-factor authentication (MFA) policy management.

Overview

We are seeking a highly skilled and motivated Senior IAM Engineer to join the Identity and Access Management (IAM) team. This is a hands-on technical engineering role focused on designing, implementing, and supporting enterprise Single Sign-On (SSO) integrations, Multi-Factor Authentication (MFA), and access control policies within Microsoft Azure (Entra ID).

This role is ideal for someone who thrives in dynamic environments and is passionate about Security, Identity Architecture, Authentication Protocols, and Automation. The position will work closely with IAM peers across Identity Governance (SailPoint) and Privileged Access Management (CyberArk) to ensure cohesive and secure identity operations across the enterprise.

Key Responsibilities

• Lead the design, implementation, and ongoing management of enterprise Single Sign-On (SSO) integrations within Microsoft Entra ID (Azure AD), including SAML, OAuth, and OpenID Connect (OIDC) configurations.

• Configure and manage application provisioning integrations using SCIM and Just-In-Time (JIT) methodologies, including attribute mappings, profile transformations, and lifecycle alignment with upstream identity sources.

• Manage and evolve the organization’s Multi-Factor Authentication (MFA) strategy. Ensure secure configuration, policy enforcement, and user experience optimization.

• Assist in the configuration and ongoing management of Conditional Access Policies, including risk-based access controls, device compliance requirements, location-based controls, and Zero Trust alignment.

• Support and manage Azure App Registrations in alignment with enterprise standards, including delegated and application permissions, client secrets/certificates, API exposure, and service principal configurations.

• Partner closely with the Identity Governance (IGA) and Privileged Access Management (PAM) teams to ensure SSO integrations, application onboarding, access provisioning, and privileged access controls are properly aligned.

• Troubleshoot authentication, federation, and token-related issues across SAML/OIDC flows, performing root cause analysis and implementing durable engineering solutions.

• Drive automation and process improvement initiatives using PowerShell, Microsoft Graph API, and related tools to enhance operational efficiency and scalability.

• Develop and maintain comprehensive knowledge articles, architecture diagrams, and SOPs related to SSO, MFA, Conditional Access, and Azure identity configurations.

• Stay current on emerging identity security threats, authentication standards, and Microsoft roadmap updates to proactively strengthen enterprise authentication posture.

Qualifications

• Proven technical experience implementing and managing enterprise Single Sign-On (SSO) solutions in Microsoft Entra ID (Azure AD).

• Strong hands-on experience with authentication and federation protocols including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and SCIM.

• Experience configuring and managing Multi-Factor Authentication (MFA) solutions (Duo and/or Microsoft Authenticator preferred).

• Working knowledge of Conditional Access Policy design and implementation within Azure.

• Experience with Azure App Registrations, service principals, and API permission management.

• Proficiency in PowerShell scripting and experience leveraging Microsoft Graph API for automation and identity management tasks.

• Strong troubleshooting skills related to authentication flows, token issuance, federation errors, and provisioning integrations.

• Excellent communication and collaboration skills with the ability to work cross-functionally across security, infrastructure, development, and governance teams.

Preferred Qualifications

• Microsoft certifications (e.g., SC-300: Identity and Access Administrator Associate).

• Experience with identity governance platforms (e.g., SailPoint) and privileged access management tools (e.g., CyberArk).

• Experience supporting enterprise MFA migrations or modernization initiatives.

• Familiarity with compliance frameworks such as SOX, HIPAA, or other regulated industry requirements.

#LI-REMOTE

Base Salary Range

$127,000.00 - $160,550.00

At Zelis we are committed to providing fair and equitable compensation packages. The base salary range allows us to make an offer that considers multiple individualized factors, including experience, education, qualifications, as well as job-related and industry-related knowledge and skills, etc. Base pay is just one part of our Total Rewards package, which may also include discretionary bonus plans, commissions, or other incentives depending on the role.

Zelis’ full-time associates are eligible for a highly competitive benefits package as well, which demonstrates our commitment to our employees’ health, well-being, and financial protection. The US-based benefits include a 401k plan with employer match, flexible paid time off, holidays, parental leaves, life and disability insurance, and health benefits including medical, dental, vision, and prescription drug coverage.

Equal Employment Opportunity  
Zelis is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. 
 
We welcome applicants from all backgrounds and encourage you to apply even if you don’t meet 100% of the qualifications for the role. We believe in the value of diverse perspectives and experiences and are committed to building an inclusive workplace for all. 

 

Accessibility Support 
We are dedicated to ensuring our application process is accessible to all candidates. If you are a qualified individual with a disability or a disabled veteran and require a reasonable accommodation with any part of the application and/or interview process, please email TalentAcquisition@zelis.com. 

  

Disclaimer 

The above statements are intended to describe the general nature and level of work being performed by people assigned to this classification. They are not to be construed as an exhaustive list of all responsibilities, duties, and skills required of personnel so classified. All personnel may be required to perform duties outside of their normal responsibilities, duties, and skills from time to time.