IT Engineer

Location: Thiruvarur, Tamil Nadu (Onsite) Function: Security Engineering / Platform (Identity & Access Management) Why this role mattersWe’re working on a secure, multi-tenant SaaS platform and need a hands-on IAM engineer to own the end-to-end identity lifecycle and authorization model—down to table/row/column-level policies. You’ll standardize Joiner-Mover-Leaver (JML) workflows, lead least-privilege RBAC across the product and business apps, and automate everything you can. What you’ll doOwn the IAM lifecycle: Design, develop, and standardize identity lifecycle workflows for employee and service accounts (JML, break-glass, access reviews). Automate provisioning: Configure and maintain automated workflows for provisioning, de-provisioning, and access changes using IdP workflows and APIs to eliminate manual effort and reduce MTTR. Integrate the stack: Complete and maintain key IdP integrations (varying complexity) with business apps and internal services using SCIM 2.0 and OIDC/SAML . Drive least-privilege: Lead the organization-wide RBAC initiative so access maps to job function and need; partner with stakeholders to set/enforce policy. Engineer data-layer RBAC: Design and enforce fine-grained authorization at the schema/table/column/row level (e.g., Postgres RLS, column masking) using attributes like organization, region, and role. Harden the platform: Implement policy-as-code (e.g., OPA/Rego), secrets management, and auditable change controls (GitOps) for IAM. Document everything: Keep clear runbooks, diagrams, and standards for core applications, policies, and processes. Operate & respond: Triage and resolve identity incidents and escalations; drive root-cause and prevention. Governance & culture: Establish IAM policies and guardrails that foster a least-privilege culture across engineering, IT, and business teams. You may be a great fit if youBring 5+ years in fast-paced SaaS environments focused on Identity & Access Management (Okta strongly preferred). Have subject-matter expertise in IdP implementation, JML automation , and integrating SaaS apps using APIs, SCIM, OIDC/SAML . Have led or played a key role in large-scale access-controls/RBAC deployments with cross-functional change management. Partner smoothly with stakeholders to synthesize and present solutions that improve business efficiency . Work autonomously with methodical planning, visibility, and crisp execution. Embrace feedback and a growth mindset ; stay current on identity, security, and privacy best practices. Core skills we valueIdentity: Okta (or similar IdP), Okta Workflows, Lifecycle/JML, adaptive MFA, SCIM directories, groups & claims mapping. AuthZ (product & data): RBAC/ABAC design; PostgreSQL GRANTs & Row-Level Security ; column masking/tokenization; Snowflake/Trino/ClickHouse RBAC a plus. Automation: Scripting (Python/Go/Bash ), Terraform (incl. Okta/AWS providers), CI/CD, GitOps for policy changes. APIs & Integrations: REST/JSON, webhooks, SCIM servers/clients, service account patterns, secrets (Vault/KMS). Observability & Audit: SIEM (Datadog/Splunk/ELK), identity audit logs, access reviews, SoD checks. Compliance mindset: SOC 2 / ISO 27001, data-privacy basics (GDPR/DPF), least-privilege by default. Nice to haveExperience with multi-tenant SaaS isolation models (schema-per-tenant, row-level tenancy, org/workspace scoping). Lakehouse/data-platform security (Iceberg-native catalogs, policy enforcement in query engines). OPA/Rego, Cedar, Apache Ranger/Atlas; Just-In-Time (JIT) access; break-glass with audit. Incident response for identity, tabletop exercises, access review automation. Impact in your first 90 daysStand up standardized JML with automated de-provisioning and zero-touch offboarding. Ship table/row-level RBAC for at least one high-value domain (e.g., customer data) enforced via Postgres RLS and role hierarchies. Deliver an Okta-backed SSO + SCIM integration pack for top SaaS apps and internal services. Publish baseline IAM Policy & Standards and a quarterly access review cadence.