IAM Governance Engineer

IAM Governance Engineer

At Cogent Infotech, we believe in creating opportunities that empower individuals and transform organizations. With over 20 years of excellence in consulting and talent solutions, we're proud to build inclusive workplaces and deliver innovative, people-first solutions to clients across the public and private sectors. We value integrity, empathy, and continuous learning, and we welcome you to bring your authentic self as we grow together.

The IAM (Identity & Access Management) Governance Engineer will serve as the bridge between IT operations and cybersecurity, moving beyond simple account creation to architect a secure, automated, and compliant identity ecosystem. This position will be responsible for implementing next-generation Identity Governance (IGA) and lead our transition to a continuous compliance model, leveraging automation, machine learning, and automated UI interactions to secure every application, even those without standard APIs. The IAM Governance Engineer will be the subject matter expert responsible for ensuring that the right individuals have access to the right resources at the right time and validating that access through rigorous governance.

Responsibilities:

• Serve as the primary owner of our Identity Governance and Administration (IGA) platform.
• Ensure the system provides 100% visibility into user access across the enterprise, ingesting data accurately from HRIS, Active Directory, and ERPs.
• Utilize machine learning (ML) and peer-group analysis to ensure dynamic group management. Design policies that adapt to business changes and reduce "role explosion."
• Orchestrate monthly and quarterly access certification campaigns. Reduce "reviewer fatigue" by implementing intelligent risk scoring, allowing managers to focus only on high-risk or anomalous access.
• Configure automated workflows to ensure that when access is revoked during a review, the change is immediately executed in the target application or ITSM tool without manual intervention.
• Develop strategies to ingest identity data from "unmanageable" or legacy applications that lack native APIs and bring these isolated systems into the central governance framework using automated UI interactions.
• Establish monitoring to detect unauthorized permission changes ("access drift") made directly in applications outside of formal approval processes—and trigger automated remediation.
• Lead the technical design for enterprise IAM solutions, ensuring all authentication methods adhere to modern standards (SAML 2.0, OIDC, OAuth).
• Enforce a strict "Identity First" policy for new software. Ensure all SaaS and on-premises applications are integrated into the SSO and IGA platforms before go-live.
• Map and govern granular permissions within cloud infrastructure (AWS/Azure/GCP) to ensure resources are not over-privileged.
• Manage the enterprise Multi-Factor Authentication (MFA) platform to enforce zerotrust access. Serve as the owner of the Public Key Infrastructure (PKI), managing internal Certificate Authorities (CAs) and the lifecycle of digital certificates.
• Manage and support the health of Active Directory (on-prem) and Microsoft Entra ID (Azure AD), ensuring high availability and secure replication.
• Ensure the "Joiner, Mover, Leaver" (JML) processes are optimized and automated to allow immediate access for new hires (Onboarding) and real-time revocation for terminations (Offboarding).
• Utilize PowerShell and API integrations to automate bulk tasks, reporting, and complex attribute syncing between systems.
• Work closely with the Security Operations Center to integrate IAM logs with the SIEM. Proactively tune alerts for identity-based threats such as impossible travel or credential theft.
• Oversee the PAM solution to secure and rotate credentials for high-value administrative accounts.
• Design and enforce strict policies for non-employee identities (contractors, vendors).
• Ensure external access is time-bound, sponsored by an internal manager, and subject to frequent review cycles.

Qualifications: Minimum:

• Bachelor's degree or an equivalent amount of experience.
• 5-7+ years of hands-on experience in Identity and Access Management or Systems Engineering.
• Proven experience administering modern IGA platforms (e.g., SailPoint, Saviynt, or similar SaaS-based governance tools).
• Integration Expertise: Experience connecting "disconnected" or legacy applications to identity platforms using JSON, CSV parsing, or automated UI interaction techniques.
• Deep expertise in Active Directory (Group Policy, DNS, Forest/Domain architecture) and Microsoft Entra ID/Azure AD.
• Strong proficiency in PowerShell or Python for automation and data manipulation.
• Experience managing PKI (Public Key Infrastructure) and Certificate Authorities.
• Experience working directly with auditors to prove compliance and explain "who has access to what and why."
• Ability to mentor junior administrators and ServiceDesk staff, raising the technical proficiency of the team.
• Strong analytical and problem-solving skills with the ability to make sound decisions under pressure.
• Strong ability to explain complex security risks to non-technical business stakeholders.

Preferred:

• Bachelor's degree in computer science, Information Systems, or equivalent experience.
• Experience with Cloud Infrastructure Entitlement Management (CIEM) concepts.
• Certifications: Microsoft Identity and Access Administrator Associate (SC-300).

Cogent Infotech is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment where everyone feels welcome and valued. We encourage applications from individuals of all backgrounds, identities, abilities, and experiences. If you're excited about this role but don't meet every requirement, we still encourage you to apply.

Join Us

At Cogent Infotech, your ideas matter. Join a purpose-driven organization that celebrates diversity, encourages collaboration, and invests in your future.