Senior Identity Security Engineer

Role Overview

As a Senior Identity Security Engineer, you will spearhead our identity management strategy and play an essential role in identifying and remediating identity security gaps. The role is hands-on and requires a candidate who is knowledgeable with common industry identity tools such as Sailpoint or CyberArk. Collaboration is key, as the candidate will be a bridge between policy-driven directives and technical implementation.

What You'll Do 

• Lead the integration of SailPoint with key business applications and platforms to enable seamless identity lifecycle management and access provisioning. 

• Oversee and continuously improve the quarterly access review process, ensuring all privileged access is accurately reviewed and fully compliant with regulatory requirements. 

• Administer and enhance the CyberArk platform, designing and implementing robust privileged access management (PAM) controls to strengthen enterprise security posture. 

• Architect, enforce, and maintain identity security policies across Azure Active Directory (Entra ID) and Microsoft Active Directory environments. 

• Develop and maintain comprehensive identity security standards, ensuring they evolve with emerging threats and business requirements. 

• Implement controls to monitor compliance with identity security standards and proactively address deviations. 

• Partner with senior security engineering teams to incorporate industry best practices and align identity strategies with broader security initiatives. 

• Collaborate with IT and key business stakeholders to drive consistent adoption of identity security policies across all applications and environments. 

• Document technical processes, configurations, and procedures, contributing to a centralized security knowledge base. 

• Leverage scripting to automate IAM workflows, streamline processes, and enhance operational efficiency. 

• Provide expert-level support during security incidents, focusing on identity and access-related threats and vulnerabilities. 

What We're Looking For 

• 7+ years of experience in cybersecurity or Identity and Access Management (IAM), with a proven track record leading end-to-end implementations of SailPoint IdentityNow (IDN) and/or CyberArk Privileged Access Management (PAM) solutions. 

• Strong proficiency in scripting, with the ability to automate complex IAM workflows, streamline operations, and support infrastructure-as-code initiatives. 

• Deep understanding of zero-trust security principles as they apply to identity management, including least privilege access, continuous authentication, and contextual access controls. 

• Integration with CI/CD pipelines and infrastructure-as-code (e.g., Terraform). 

• Proven experience with Privileged Access Management (PAM) and Identity Governance & Administration (IGA) platforms, ideally with CyberArk and SailPoint IdentityNow. 

• Deep technical knowledge of directory services, including Active Directory, Azure Active Directory, and LDAP, with hands-on experience in integration and troubleshooting. 

• Hands-on integration with SAML, OAuth, OpenID Connect, SCIM, LDAP. 

• Expertise in RBAC, ABAC, JIT provisioning, policy-based access control. 

• Implementation and lifecycle management with established industry applications and tools 

• Demonstrated ability to collaborate with cross-functional IT teams, including Infrastructure, Security, Compliance, and Application Owners, to drive IAM initiatives. 

• Solid understanding and practical experience with Access Certification, Segregation of Duties (SoD), and audit readiness for regulatory and compliance frameworks such as SOC, PCI-DSS, SOX, HIPAA, and GDPR. 

 What We'd Love to See

• Strong grasp of IAM architecture and strategy across hybrid and multi-cloud environments (e.g., Azure, AWS, GCP), including cloud-native identity controls and best practices. 

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related technical discipline. 

• Security certifications such as Microsoft Certified: Azure Security Engineer Associate, Azure Security Fundamentals, SailPoint Identity Security Administrator/Engineer, CISSP, or other relevant credentials are highly desirable. 

About AvidXchange

AvidXchange is a leading provider of accounts payable (“AP”) automation software and payment solutions for middle-market businesses and their suppliers. By trade, we are a technology company, but if you ask anyone who works here, they’ll tell you our people are at the core of who we are. We focus on creating a culture of Diversity, Inclusion & Belonging, and are proud to be a safe place where teammates can bring their whole selves to work. At AvidXchange, mindset is everything. We are Connected as People, Growth Minded, and Customer Obsessed. These three mindsets represent our culture – who we are, who we’ve always been, and they guide us to improve every day. Since our founding in 2000 in Charlotte, NC, we’ve created a company of over 1,600 teammates working across the U.S., or remotely. AvidXchange is proud to be Certified™ as a Great Place to Work®. The prestigious recognition is based on anonymous data from our teammates and makes official what our teammates have known for years – that AvidXchange is a Great Place to Work®. 

Who you are: 

• A go-getter with an entrepreneurial mindset – that means you are not afraid of taking risks, winning big or facing the unknown. 
• Someone who understands that business is people centric. Connecting with others as humans first allows you to develop mutually beneficial working relationships. 
• Focused on making a difference for our customers. AvidXchange exists to help solve complex problems for our customers so we can all realize our potential. 

What you’ll get:  

AvidXchange teammates (we call them AvidXers) get the perks and prestige of a publicly traded tech company paired with the flexibility of a founder-led startup. We help our AvidXers develop as professionals and as human beings, providing work/life balance, development programs, competitive benefits and equity options. At AvidXchange, we are building more than a tech company – we are building an experience. We remain committed to a culture where you can fully be 'you’ – connected with others, chasing big goals, and making a meaningful impact. If you want to help us grow while realizing your potential and creating stories you’ll tell for years, you’ve come to the right place.

AvidXers enjoy:  

• 18 days PTO* 
• 11 Holidays (8 company recognized & 3 floating holidays) 
• 16 hours per year of paid Volunteer Time Off (VTO) 
• Competitive Healthcare 
• High Deductible Heath Plan Option that has $0 monthly premium for teammate-only coverage 
• 100% AvidXchange paid Dental Base Plan Coverage
• 100% AvidXchange paid Life Insurance 
• 100% AvidXchange paid Long-Term Disability 
• 100% AvidXchange paid Short-Term Disability  
• Employee Assistance Program (EAP) - Provides counseling services, legal and financial consultations and health advocacy for Teammates and their eligible dependents
• Onsite Health Clinic with Atrium Health - available to Teammates and their eligible dependents
• 401(k) Match: 100% match on the first 3% of your salary, plus 50% match on the next 2%
• Parental Leave: 8 weeks 100% paid by AvidXchange** 
• Discounts on Pet, Home, and Auto insurance 
• BrightDime Financial Wellness Tool, offered free to teammates 
• WeeCare Childcare Service: helps teammates find affordable daycare, childcare, and tutors 40% less expensive than traditional daycare centers 
• Perks at Work: free discount program that provides teammates the opportunity to save on items from electronics, movie tickets, car buying, vacations, and more 
• Onsite gym fitness center, yoga studio, and basketball court
• Tuition Reimbursement up to the federal maximum of $5,250***
• Hybrid Workplace Flexibility
• Free parking

*Fully granted from beginning of year, pro-rated if hired mid-year 

**Must be full-time for at least 3 months

***Must be full-time for at least one year 

Equal Employment Opportunity

AvidXchange is an equal opportunity employer. AvidXchange is committed to equal employment opportunity in accordance with applicable federal, state, and local laws. AvidXchange will not discriminate against applicants for employment on any legally recognized basis. This includes, but is not limited to veteran status, race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age and physical or mental disability.