IAM Engineer

Description

Enphase Energy is a global energy technology company and a leading provider of solar, battery, and electric vehicle charging products. Founded in 2006, our innovative microinverter technology revolutionized solar power, making it a safer, more reliable, and scalable energy source. Today, the Enphase Energy System enables users to make, use, save, and sell their own power. Enphase is also one of the most successful and innovative clean energy companies in the world, with more than 80 million products shipped across 160 countries.

Join our dynamic teams designing and developing next-gen energy technologies and help drive a sustainable future!

This role at Enphase requires working onsite 3 days a week, with plans to transition back to a full 5 day in office schedule over time.

About role

We are seeking a dedicated and detail-oriented IAM Engineer to join our Information Security team! This role is ideal for professionals passionate about identity security, governance, zero-trust architecture, and delivering secure, scalable, and user-friendly authentication solutions. You will play a key role in designing, deploying, and managing IAM platforms and policies to support secure access to enterprise and cloud systems while ensuring compliance with global security standards.

IAM Operations & Lifecycle Management:

• Manage and operate end-to-end IAM processes including user provisioning, de-provisioning, and Joiner-Mover-Leaver (JML) lifecycle workflows

• Design and maintain account lifecycle management for service accounts, privileged accounts, and application identities

• Lead access certification campaigns, privileged access reviews, and continuous access verification

• Implement and manage self-service IAM capabilities (e.g., account requests, password resets, access approvals) to improve user experience and reduce administrative overhead

• Define and enforce Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and least-privilege models across all environments

Solution Design & Integration:

• Integrate with on-prem and cloud systems such as Active Directory, Azure AD (IDP), LDAP, AWS SSO, and various SaaS platforms

• Enable secure access through Single Sign-On (SSO), Multi-Factor Authentication (MFA), and password less authentication

• Support Privileged Access Management (PAM) and Endpoint Privilege Management (EPM) through tools such as Beyond Trust or other market-leading IAM suites

• Implement automated access request workflows and integration with ITSD systems

Security & Zero Trust Implementation:

• Deploy Zero Trust access policies leveraging context-based controls (e.g., device posture, geolocation, user risk scores)

• Enable identity threat detection, behavioural analytics, and adaptive authentication mechanisms

• Integrate IAM platforms with PAM/EPM tools to secure high-risk roles and critical service accounts

• Support and maintain password less authentication technologies and identity proofing workflows for remote and secure onboarding

Identity Governance:

• Define and maintain automated access provisioning/de-provisioning, multi-level approval workflows, and policy enforcement

• Conduct periodic access reviews across applications, infrastructure, and databases

• Monitor IGA platforms for anomalies, policy violations, and risk indicators

Operations & Compliance:

• Monitor IAM infrastructure and services for availability, SLA adherence, MFA adoption, and compliance posture

• Ensure alignment with SOX, SOC 2, ISO 27001, SOC2, NIST CSF, and organizational policies

• Identify IAM risks, document them in the IS Risk Register, and work with risk teams for remediation

• Assist with internal and external audits related to IAM, IGA, and privileged access controls

Stakeholder Engagement & Knowledge Sharing:

• Collaborate with regional IT teams, InfoSec, application owners, and business stakeholders to ensure IAM strategy aligns with business objectives

• Promote adoption of self-service capabilities to reduce operational overhead

• Develop and maintain clear documentation, architecture diagrams, SOPs, and user training materials

• Conduct IAM training, awareness sessions, and support onboarding for IT and end-users

Who you are and What you bring

Education: Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or a related IT field with 3+ years of experience

Hands-On Experience With:

• IAM tools: Microsoft Entra ID, AWS IAM, Beyond Trust (Password Safe, PRA, EPM)

• IGA platforms: Path Lock or other market-leading IAM suites

• Protocols & Standards: SAML 2.0, OAuth 2.0, OpenID Connect, LDAP

• Directory Services: Active Directory, Azure AD, LDAP

• Scripting & Automation: Python, Java or Bash scripting for access automation and reporting

• Data Visualization: Grafana, ELK Stack, or Incorta for IAM dashboards and KPIs

• Compliance Frameworks: Strong understanding of SOX, SOC2, ISO 27001, NIST CSF, GDPR, HIPAA

Good to Have:

• Hands-on experience with EDR, SIEM/XDR platforms such as CrowdStrike, SecureWorks, or ELK Stack for identity-related anomaly detection and monitoring

• Deep understanding of security controls and risk mitigation in cloud (AWS, Azure) and on-premises environments

• Exposure to Zero Trust architecture implementation beyond IAM, including network segmentation, device trust, and continuous verification.

Soft Skills:

• Strong analytical, problem-solving, and critical thinking capabilities

• Clear, concise, and effective verbal and written communication skills

• Highly organized and detail-oriented, with strong documentation practices

• Ability to manage multiple IAM projects simultaneously in a dynamic, fast-paced environment

• Proactive, self-motivated, and eager to stay current on IAM innovations and Zero Trust architectures