Identity & Access Management Engineer - Okta / SailPoint

Cybersecurity Identity & Access Management (IAM) Engineer

We are seeking an expert-level Cybersecurity Identity & Access Management (IAM) Engineer to join our team in Sofia, Bulgaria. This role requires 8- 10 years of focused experience in designing, deploying, and securing complex enterprise IAM systems.

You will be responsible for integrating core directory services (AD), authentication standards (PKI, Radius), and demonstrating a strong command of foundational IAM protocols (LDAP, SAML, OAuth). Experience with industry-leading IAM platforms (SailPoint, Okta, CyberArk) is highly valued.

Key Responsibilities & Technical Deliverables :

• Lead the deployment, configuration, and security hardening of enterprise IAM systems. This includes planning and executing major Identity Lifecycle Management (ILM) projects (joiner / mover / leaver), focusing on automated provisioning, de-provisioning, and Role-Based Access Control (RBAC).
• Expertly deploy and secure IAM systems integrating foundational services such as Active Directory (AD), ensuring synchronization and trust relationships are robust.
• Implement certificate management solutions using Public Key Infrastructure (PKI) for machine and user authentication, and configure and manage Radius servers for secure network access and wireless authentication.
• Design and implement solutions for Access Request Management (ARM) and periodic Access Review and Certification campaigns to minimize access drift and enforce least-privilege principles.
• Apply a strong understanding and practical implementation experience of core IAM protocols including LDAP for directory queries, SAML for web Single Sign-On (SSO), and OAuth / OIDC for modern application and API authorization, ensuring secure authentication across hybrid and multi-cloud environments.
• Design and integrate solutions for managing and securing privileged accounts, focusing on session recording, credential vaulting, and just-in-time access provisioning.
• Develop comprehensive technical documentation, including Low-Level Designs (LLDs) detailing build specifications, operational guides for day-to-day maintenance, and detailed knowledge base (KB) articles for efficient support transition to Tier 1 / 2 teams.
• Maintain the security posture of all deployed IAM infrastructure through regular patching, configuration reviews, and vulnerability assessments. Ensure continuous compliance with internal security policies, audit requirements (e.g., SOX, GDPR), and external regulations related to user access and data protection.
• Monitor the performance and availability of all critical IAM services, developing metrics and alerts to ensure high uptime and responsiveness, and participate in disaster recovery planning and testing.

Preferred Platform Expertise :

(ref : hirist.tech)