Identity and Access Management Engineer

Recruitment notice: Platte River Power Authority does not accept unsolicited resumes from headhunters, recruitment agencies or fee-based placement services. No agency emails, calls, or solicitations to staff are accepted without a valid agreement. Any unsolicited resume submitted to staff will be considered property of Platte River Power Authority and with no obligation to pay any referral fees.

Job summary

Responsible for the implementation, configuration, administration, and operational support of the organization’s Identity and Access Management (IAM) systems and processes. This role ensures that user identities, authentication, and access permissions are securely and efficiently managed across enterprise systems in accordance with defined security architectures, policies, and regulatory requirements.

The IAM Engineer works closely with cybersecurity, infrastructure, application, and business teams to maintain the IAM environment, troubleshoot issues, automate processes, and support identity governance activities. Core responsibilities include administering and supporting Okta as the primary IAM platform, maintaining Active Directory integrations, managing access reviews, supporting multifactor authentication (MFA), single sign-on (SSO), privileged access management (PAM), and assisting with digital certificate lifecycle operations.

This posting closes on September 10 at 5:00 pm MT.

Work environment and schedule

This position works a typical Monday through Friday schedule in a general office environment and may be eligible for hybrid workdays. The successful candidate should reside within a commutable distance. Performing this work requires occasional physical effort to lift and carry light objects and is primarily sedentary; minimal walking or standing is required on an as-needed basis.

Essential duties and responsibilities

- Administer and support the organization’s IAM systems, with primary responsibility for Okta, Active Directory integrations, and related identity services.

- Configure and maintain authentication and authorization solutions, including single sign-on (SSO), multifactor authentication (MFA), privileged access management (PAM), and certificate-based authentication mechanisms.

- Implement identity lifecycle management processes for provisioning, deprovisioning, access changes, and identity federation across cloud and on-premises environments.

- Execute identity governance processes, including conducting access reviews, certification campaigns, and entitlement management activities in accordance with defined policies.

- Monitor IAM platforms for operational health, security events, and performance issues; perform incident investigation and resolution as needed.

- Perform regular system updates, patches, configuration changes, and backup activities to maintain security posture and ensure high availability and scalability.

- Support integration of new applications and services into the IAM environment, ensuring secure and seamless authentication and authorization models.

- Assist in the lifecycle management of digital certificates, including enrollment, renewal, revocation, and troubleshooting of certificate-related authentication issues.

- Collaborate with cybersecurity, infrastructure, and application teams to troubleshoot identity-related incidents and resolve access issues.

- Maintain detailed documentation of IAM configurations, workflows, operational procedures, and troubleshooting guides.

- Participate in disaster recovery testing and maintain readiness of IAM systems for recovery scenarios.

- Stay current with IAM platform updates, new features, cybersecurity threats, and best practices; recommend enhancements where appropriate.

Other functions

- Participate in cross-functional technology and cybersecurity projects, providing identity and access management expertise during system implementations, upgrades, and migrations.

- Support incident response and forensic investigations by analyzing identity-related activities and access patterns.

- Perform other duties and special projects as assigned to support cyber and information security objectives.

Knowledge, skills, and abilities

- Strong working knowledge of identity and access management (IAM) principles, technologies, and best practices, including identity lifecycle management, authentication, and authorization models.

- Proficiency administering and supporting Okta as the primary IAM platform, including experience with SSO, MFA, application integrations, and directory services.

- Familiarity with identity governance processes, including access certifications, entitlement reviews, role management, and least-privilege enforcement.

- Working knowledge of privileged access management (PAM) and privileged identity (PIM) solutions and secure credential handling practices.

- Understanding of Active Directory (AD), Azure AD, LDAP, and federated identity solutions (e.g., SAML, OAuth, OpenID Connect).

- Skill in developing and maintaining automation scripts or connectors (e.g., using Python, or identity orchestration platforms) to improve IAM efficiency and accuracy.

- Ability to monitor, troubleshoot, and resolve identity-related incidents, authentication failures, and provisioning errors.

- Knowledge of digital certificate lifecycle management (issuance, renewal, revocation) and basic PKI concepts.

- Familiarity with regulatory compliance requirements related to identity management and cybersecurity, including NERC CIP, SOX, HIPAA, and the Colorado Privacy Act.

- Ability to generate operational documentation, workflows, technical runbooks, and user-facing support guides.

- Strong analytical and problem-solving skills with a methodical approach to troubleshooting and resolving identity management issues.

- Excellent collaboration and communication skills, with the ability to work effectively across cybersecurity, infrastructure, application, and business teams.

- Commitment to continuous learning and adapting to evolving IAM technologies, operational practices, and cybersecurity threats.

Required qualifications

- Bachelor’s degree in computer science, information security, information systems, or a related technical field; relevant experience may be substituted for education.

- Certification in cybersecurity or IAM, such as:

- Certified Information Systems Security Professional (CISSP)

- Certified Identity and Access Manager (CIAM)

- Certified Information Security Manager (CISM)

- 5 or more years of progressively responsible experience in IAM, security operations, or system administration roles.

- 2 or more years of hands-on experience administering Okta or similar cloud-based IAM platforms in a production environment.

- Experience supporting identity lifecycle management and authentication and authorization services such as privileged access management (PAM), privileged identity management (PIM), and certificate management processes.

- Demonstrated experience performing troubleshooting, automation, and integration of IAM systems with enterprise applications and cloud services.

- Valid driver’s license.

Preferred qualifications

- Okta Certified Administrator or Okta Certified Professional credentials.

- Experience with automation tools and scripting (e.g., Python) to enhance IAM operations.

- Hands-on experience supporting or operating identity governance and administration (IGA) systems (e.g., SailPoint, Saviynt, or equivalent).

- Familiarity with cybersecurity frameworks and standards applicable to critical infrastructure (e.g., NERC CIP, SOX, HIPAA, Colorado Privacy Act).

- Prior experience supporting IAM operations in hybrid cloud and on-premises environments.

Pay

This role is classified as exempt; salaries are paid bi-weekly and are annualized below for reference. Factors that may be used to determine actual salary include specific skills, years of experience, education, and certifications.

- Full range: $119,974 to $173,963

- Hiring range: $119,974 to $146,969