Job Summary
The Identity and Access Management (IAM) Engineer is responsible for the implementation, administration, support, and continuous improvement of the health system’s identity security and access management technologies. This role ensures that workforce members, contractors, vendors, clinicians, and other authorized users are granted appropriate access to systems and data while maintaining compliance with organizational policies, regulatory requirements, and cybersecurity best practices. The IAM Engineer works closely with Information Security, Information Technology, Human Resources, Clinical Informatics, and application owners to support identity lifecycle management, authentication services, privileged access management, and access governance initiatives. The position plays a critical role in protecting patient information, reducing identity-related risks, and supporting secure access across on-premises, cloud, and clinical technology environments.
Essential Job Functions
The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.
§ Responsible for AD Group Lifecycle, SSO/MFA Onboarding, Privileged Access Workflows, JML Automation
§ Specific Project Focus on Identity Governance Rollout, PAM Implementation, APP Onboarding
§ Owns enterprise identity and access management operations, including RBAC governance, privileged access management, identity lifecycle, service account governance, and compliance with HIPAA identity security requirements.
§ Administer and support enterprise identity and access management platforms and services.
§ Implement and maintain identity lifecycle management processes, including provisioning, modification, and deprovisioning of user accounts.
§ Support role-based access control (RBAC) and least-privilege access models across enterprise systems and applications.
§ Administer and support authentication technologies, including single sign-on (SSO), multi-factor authentication (MFA, and federation services.
§ Configure and maintain identity governance and administration (IGA) solutions and automated access workflows.
§ Support privileged access management (PAM) solutions, including privileged account onboarding, credential vaulting, session monitoring, and access reviews.
§ Collaborate with Human Resources, application owners, and IT teams to ensure timely and accurate access provisioning and termination processes.
§ Perform periodic user access reviews, entitlement reviews, and certification activities to support compliance requirements.
§ Investigate and resolve IAM-related incidents, access issues, authentication failures, and account management requests.
§ Assist with implementation and maintenance of Microsoft Entra ID, Active Directory, LDAP, and related identity services.
§ Support integration of enterprise applications with identity platforms using SAML, OAuth, OpenID Connect, SCIM, and related protocols.
§ Participate in cybersecurity incident response activities involving identity compromise, unauthorized access, or privileged account misuse.
§ Develop and maintain IAM documentation, standards, procedures, and operational runbooks.
§ Assist with audit requests, compliance assessments, and regulatory reviews related to access management controls.
§ Support cloud identity security initiatives across Microsoft 365, Azure, AWS, and other enterprise platforms.
§ Monitor IAM systems for operational health, security risks, and policy compliance.
§ Participate in IAM modernization projects and continuous improvement initiatives.
§ Stay current on identity security trends, threats, technologies, and industry best practices.
Knowledge & Skills
Education & Experience
§ Bachelor's degree in Information Technology, Information Security, Computer Science, Information Systems, or a related field required.
§ Equivalent combination of education and relevant experience may be considered.
§ Minimum of 3 to 5 years of experience supporting identity and access management, directory services, cybersecurity, or enterprise infrastructure technologies.
§ Experience administering Microsoft Active Directory, Microsoft Entra ID (Azure AD), and enterprise authentication platforms.
§ Experience implementing and supporting single sign-on (SSO) and multi-factor authentication (MFA) technologies.
§ Experience supporting identity governance, access provisioning, and access certification processes.
§ Experience working with privileged access management (PAM) technologies preferred.
§ Experience integrating applications with identity providers using industry-standard authentication and authorization protocols.
§ Experience supporting healthcare organizations, hospitals, or highly regulated environments preferred.
§ Familiarity with healthcare regulatory requirements, including HIPAA Security Rule access control requirements preferred.
§ Experience supporting cloud-based identity services and Microsoft 365 environments preferred.
Special Skills & Knowledge
§ Strong understanding of identity and access management principles, methodologies, and best practices.
§ Knowledge of identity lifecycle management processes, including onboarding, transfers, role changes, and offboarding.
§ Expertise with Microsoft Active Directory, Microsoft Entra ID, LDAP, and directory services administration.
§ Understanding of authentication and authorization technologies, including SAML, OAuth 2.0, OpenID Connect, Kerberos, and LDAP.
§ Knowledge of single sign-on (SSO), multi-factor authentication (MFA), and federation technologies.
§ Familiarity with identity governance and administration (IGA) solutions and access certification processes.
§ Knowledge of privileged access management (PAM) concepts and technologies.
§ Understanding of role-based access control (RBAC), attribute-based access control (ABAC), and least-privilege principles.
§ Familiarity with Microsoft 365 security controls, Conditional Access policies, and identity protection capabilities.
§ Knowledge of cloud identity architectures and hybrid identity environments.
§ Understanding of healthcare cybersecurity requirements and protection of electronic protected health information (ePHI).
§ Familiarity with audit, compliance, and regulatory requirements related to access management controls.
§ Strong analytical and troubleshooting skills related to authentication, authorization, and account management issues.
§ Ability to interpret access control requirements and translate them into technical solutions.
§ Strong written and verbal communication skills.
§ Ability to document technical procedures, workflows, and system configurations.
§ Ability to work collaboratively with technical teams, business stakeholders, and clinical departments.
§ Strong organizational skills with the ability to manage multiple priorities and projects simultaneously.
§ Commitment to continuous professional development and staying current with evolving identity security threats and technologies.
§ Ability to explain IAM concepts and security requirements to both technical and non-technical audiences.
Top of Form
Bottom of Form
Licenses, Certifications, etc.
Professional certifications such as Security+, Identity and Access Administrator Associate (SC-300), Azure Administrator (AZ-104), CISSP (Associate), CISM, or equivalent preferred.
Requirements
Supervisory Responsibility
§ N/A
Working Conditions & Travel Requirements
§ Hybrid in Austin, TX or Nashville, TN.
§ Travel as needed
Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities. If a reasonable accommodation is needed to perform this position, you need to inform Fortified Health Security People and Culture Team of such request. Signatures below indicate the receipt and review of this job description by the associate assigned to the position and the People and Culture Team.
