IdM Architect

Job Description

Summary: Kavaliro is seeking an Identity Management (IdM) Engineer to architect, implement, and manage a comprehensive Identity and Access Management (IAM) environment supporting a large, diverse user base. This critical role ensures that all users across the organization have secure, seamless, and role-appropriate access to systems, data, and digital tools. The IdM Engineer will oversee the full identity lifecycle, including automated provisioning, access role management, and deprovisioning. The position plays a key role in strengthening security posture, streamlining access, and maintaining operational continuity across the education environment.

Essential Duties and Responsibilities: Design, automate, and manage the end-to-end identity lifecycle for all user types. Serve as the primary technical owner integrating authoritative systems (HR, ERP, SIS, etc.) with downstream applications. Administer and maintain Microsoft Active Directory, Azure AD (Entra ID), and Google Workspace. Implement and maintain SSO solutions using SAML, OIDC, and SCIM for secure and seamless authentication across approved applications. Develop and enforce Role-Based Access Control (RBAC) policies; manage MFA and Conditional Access to protect sensitive data. Act as the final escalation point for identity-related incidents, troubleshooting complex provisioning and access issues. Ensure IAM processes comply with industry regulations and internal standards; support audits through documentation and reporting. Maintain accurate documentation of IdM architecture, workflows, and policies. Provide technical guidance, training, and support for IAM systems and policies. Perform additional functions as assigned related to IAM security and operations.

Education and Experience: Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience). 3+ years of hands-on IT experience with at least 2 years focused on Identity and Access Management.

Skills and Knowledge: Proficiency in PowerShell scripting for automation and data manipulation. Strong expertise in Active Directory, Azure AD (Entra ID), and hybrid identity environments. Hands-on experience managing Google Workspace identities and groups. Deep understanding of SAML, OIDC, OAuth 2.0, and SCIM protocols. Proven ability to troubleshoot complex issues across interconnected systems. Excellent communication skills, able to translate technical details for non-technical stakeholders.

Certifications (Preferred): Microsoft Certified: Identity and Access Administrator Associate, CompTIA Security+, or equivalent security certification.

Kavaliro provides Equal Employment Opportunities to all employees and applicants. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws. Kavaliro is committed to the full inclusion of all qualified individuals. In keeping with our commitment, Kavaliro will take the steps to assure that people with disabilities are provided reasonable accommodations. Accordingly, if reasonable accommodation is required to fully participate in the job application or interview process, to perform the essential functions of the position, and/or to receive all other benefits and privileges of employment, please respond to this posting to connect with a company representative.

Job Requirements

On-Site

By using best practices and optimal employee recruiting strategies, Kavaliro provides employers with employment solutions by providing the most qualified and professional employees, who can staff both project and permanent positions in order to ensure the ongoing success of all types of businesses. We use a streamlined-yet-thorough approach to staffing that saves our clients administrative time, resources and money.