IT Engineer

Location: Thiruvarur, Tamil Nadu (Onsite) Function: Security Engineering / Platform (Identity & Access Management) Why this role matters We’re working on a secure, multi-tenant SaaS platform and need a hands-on IAM engineer to own the end-to-end identity lifecycle and authorization model—down to table/row/column-level policies. You’ll standardize Joiner-Mover-Leaver (JML) workflows, lead least-privilege RBAC across the product and business apps, and automate everything you can. What you’ll do - Own the IAM lifecycle: Design, develop, and standardize identity lifecycle workflows for employee and service accounts (JML, break-glass, access reviews). - Automate provisioning: Configure and maintain automated workflows for provisioning, de-provisioning, and access changes using IdP workflows and APIs to eliminate manual effort and reduce MTTR. - Integrate the stack: Complete and maintain key IdP integrations (varying complexity) with business apps and internal services using SCIM 2.0 and OIDC/SAML. - Drive least-privilege: Lead the organization-wide RBAC initiative so access maps to job function and need; partner with stakeholders to set/enforce policy. - Engineer data-layer RBAC: Design and enforce fine-grained authorization at the schema/table/column/row level (e.g., Postgres RLS, column masking) using attributes like organization, region, and role. - Harden the platform: Implement policy-as-code (e.g., OPA/Rego), secrets management, and auditable change controls (GitOps) for IAM. - Document everything: Keep clear runbooks, diagrams, and standards for core applications, policies, and processes. - Operate & respond: Triage and resolve identity incidents and escalations; drive root-cause and prevention. - Governance & culture: Establish IAM policies and guardrails that foster a least-privilege culture across engineering, IT, and business teams. You may be a great fit if you - Bring 5+ years in fast-paced SaaS environments focused on Identity & Access Management (Okta strongly preferred). - Have subject-matter expertise in IdP implementation, JML automation, and integrating SaaS apps using APIs, SCIM, OIDC/SAML. - Have led or played a key role in large-scale access-controls/RBAC deployments with cross-functional change management. - Partner smoothly with stakeholders to synthesize and present solutions that improve business efficiency. - Work autonomously with methodical planning, visibility, and crisp execution. - Embrace feedback and a growth mindset; stay current on identity, security, and privacy best practices. Core skills we value - Identity: Okta (or similar IdP), Okta Workflows, Lifecycle/JML, adaptive MFA, SCIM directories, groups & claims mapping. - AuthZ (product & data): RBAC/ABAC design; PostgreSQL GRANTs & Row-Level Security; column masking/tokenization; Snowflake/Trino/ClickHouse RBAC a plus. - Automation: Scripting (Python/Go/Bash), Terraform (incl. Okta/AWS providers), CI/CD, GitOps for policy changes. - APIs & Integrations: REST/JSON, webhooks, SCIM servers/clients, service account patterns, secrets (Vault/KMS). - Observability & Audit: SIEM (Datadog/Splunk/ELK), identity audit logs, access reviews, SoD checks. - Compliance mindset: SOC 2 / ISO 27001, data-privacy basics (GDPR/DPF), least-privilege by default. Nice to have - Experience with multi-tenant SaaS isolation models (schema-per-tenant, row-level tenancy, org/workspace scoping). - Lakehouse/data-platform security (Iceberg-native catalogs, policy enforcement in query engines). - OPA/Rego, Cedar, Apache Ranger/Atlas; Just-In-Time (JIT) access; break-glass with audit. - Incident response for identity, tabletop exercises, access review automation. Impact in your first 90 days - Stand up standardized JML with automated de-provisioning and zero-touch offboarding. - Ship table/row-level RBAC for at least one high-value domain (e.g., customer data) enforced via Postgres RLS and role hierarchies. - Deliver an Okta-backed SSO + SCIM integration pack for top SaaS apps and internal services. - Publish baseline IAM Policy & Standards and a quarterly access review cadence.