Job Application for Senior Identity & Access Management Engineer (Remote) at KBRA

New

Position Title: Senior Identity and Access Management Engineer

Entity: KBRA Holdings, LLC

Employment Type: Full-time

Location: Remote (Remote only in CA, CO, DC, FL, IL, MD, NJ, MA, NY, PA, SC, TX, VA)

Summary/Overview:

We are seeking a highly skilled and detail-oriented Senior Identity and Access Management (IAM) Engineer to join our Information Security team. The Senior IAM Engineer designs a modern IAM program for access, authentication and authorization for all business units, including with third-party dependencies. The Senior IAM Engineer collaborates with cybersecurity and technical teams to define, establish, maintain and manage access and identities. Access to systems and applications is managed and maintained following rigorous security design principles, advanced engineering and governance to support provisioning and deprovisioning. This position works closely with IT team members, cybersecurity operations and responders, business units, and third parties. In addition, the Senior IAM Engineer is highly engaged in directory services, technical integrations and governance.

The Senior IAM Engineer works closely with technical teams to design, establish and manage a process of enterprise-wide identities and access controls granted to systems and applications. Best practice IAM principles will be adopted to support provisioning, deprovisioning and changes that are easily tracked, reported and reviewed following established policies. Engineers in this role support senior management to help maintain a safe and secure enterprise technical operation. The Senior IAM Engineer works closely with others to verify solutions are healthy, maintain integrity, perform optimally and are tightly managed to prevent compromise. A good understanding of security principles and practical hands-on experience with host and application configurations, hybrid solutions, directory services and zero trust principles are required to be successful in this role. The ideal candidate preferably possesses five to seven years’ cybersecurity, IAM or IT administration experience.

Job Responsibilities:

Serve on a distributed security and technology team responsible for establishing IAM solutions.
Design and oversee IAM projects from inception to completion, ensuring they remain on time and within budget.
Collaborate with leadership and teammates to implement IAM models aligned with risk posture.
Supply technical IAM architecture for a global and diverse enterprise workforce.
Architect for SSO, directory, zero trust network access, MFA, privileged accounts, automation and behavior analytic systems.
Craft resilient and scalable identity strategies that align with cybersecurity policies and governance structure.
Design the identity lifecycle from onboarding to offboarding, as well as role changes.
Collaborate with stakeholders to define IAM requirements and design comprehensive solutions for business needs.
Create technical documentation with architecture diagrams, configuration guides and operational practices.
Drive adoption of IAM reference architecture for new, existing and emerging IAM technologies.
Create and enforce IAM capability roadmaps to respond to and address business and technology drivers.
Strategize for on-premises, cloud and hybrid infrastructure and applications to support remote workforce.
Conduct business impact analysis and risk assessments based on the level of access granted and recommend improvements.
Work closely with incident responders for potential incidents and escalate to management as needed.
Document access, policies and exceptions, and maintain integrity for audit reviews.
Outline controls to review internal, external and contractor accounts as part of periodic audits.
Make recommendations to improve automation efficiencies, security practices and end user experience.
Communicate security posture to cybersecurity leaders, stakeholders, IT and developers.
Participate in security groups and consortiums for knowledge and building relationships.
Define key performance indicators, operational metrics and SLAs for reporting data to validate success and areas of improvement.
Execute tactical requests along with supporting strategic vision for rigorous and scalable IAM controls.
Interact with business units to understand plans, risk posture, tolerance and IAM support requirements.

Successful candidates will possess the following:

7-10 + years’ experience in cybersecurity administration, with three-plus years’ IAM practitioner experience.
Subject matter expertise in directory services, Microsoft Azure/AWS/GCP, SSO, MFA and role-based access.
Understanding of IAM-related protocols such as Kerberos, SAML, SPML, XACML, SCIM, OpenID and OAuth.
Understanding of cloud computing architecture, technical design and implementations, including IaaS, PaaS and SaaS models.
Experience administering IAM systems, access controls, security and risk management, and governance fundamentals.
Preferable experience with one or more scripting languages (Python, PowerShell and Bash).
Strong written and oral communication skills across varying levels of the organization.
Capacity to comprehend complex technical infrastructure, identities, access controls and least privilege.
Understanding of service design, delivery concepts and control frameworks.
Organizational skills and the ability to prioritize and complete tasks within defined SLAs/SLOs.
Excellent judgment and the ability to make quick decisions when working with complex situations.
High degree of integrity, professionalism and trustworthiness.
Additional Preferred Qualifications:
- Bachelor's degree preferred in information assurance, computer science, engineering or technical field.
- Certifications in IAM or security-related fields (e.g., CISSP, CISM, AWS or Azure Security, Okta Certified Professional, CIAM, CAMS, CIDPRO).
- Experience with modern IAM platforms such as Okta, Auth0, Ping Identity, or ForgeRock.
- Familiarity with cloud platforms (e.g., AWS, Azure, GCP) and their IAM services.
- Knowledge of IT service management (ITSM) tools and processes.

Salary Range:

The anticipated annual base salary range for this full-time position is $140,000 to $170,000. Offer amounts are determined by factors such as experience, skills, geography, and other job-related factors.

Benefits:

Competitive benefits and paid time off
Paid family and disability leave
401(k) plan, including employer match (100% vested)
Educational and professional development financial assistance
Employee referral bonus program
Cell Phone provided

About Us:

KBRA is a full-service credit rating agency registered in the U.S., the EU and the UK, and is designated to provide structured finance ratings in Canada. KBRA’s ratings can be used by investors for regulatory capital purposes in multiple jurisdictions.

More Info:

KBRA encourages applications from all qualified individuals without regard to race, color, religion, gender, sexual orientation, gender identity or expression, age, national origin, marital status, citizenship, disability, and veteran status or any other basis prohibited by federal, state or local law.

#LI-KS1

#LI-HYBRID

First Name

Last Name

Phone

Resume/CV

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

Address

LinkedIn Profile

How soon are you available to start a new role?

Will you require sponsorship to work in the US now or in the future?

What are your base salary expectations and total compensation expectations? (Please specify and please provide a number or range)

Were you referred by a current KBRA employee? If yes, then please indicate the specific KBRA employee. If no, then please say N/A.

Please disclose any outside business activities in which you participate that may present a possibility of conflict of interest to KBRA.

KBRA maintains regulatory requirements and expects potential employees and employees not to engage in any outside employment or other outside activities that could constitute an actual or apparent conflict of interest with their employment with KBRA.

Are you located in any of the following states? CA, CO, DC, FL, IL, MD, NJ, MA, NY, PA, SC, TX, VA If no, then please select No.

Select...

By clicking Submit Application, you acknowledge that you have read the KBRA Privacy Statement, KBRA Europe and UK Employee Data Privacy Notice, and Privacy Notice to California Employees, as applicable, as well as the Greenhouse Privacy Policy.

Select...

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in KBRA’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Gender

Select...

Are you Hispanic/Latino?

Select...

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Veteran Status

Select...

Voluntary Self-Identification of Disability

Form CC-305

Page 1 of 1

OMB Control Number 1250-0005

Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

Alcohol or other substance use disorder (not currently using drugs illegally)
Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
Blind or low vision
Cancer (past or present)
Cardiovascular or heart disease
Celiac disease
Cerebral palsy
Deaf or serious difficulty hearing
Diabetes
Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
Epilepsy or other seizure disorder
Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
Intellectual or developmental disability
Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
Missing limbs or partially missing limbs
Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
Partial or complete paralysis (any cause)
Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
Short stature (dwarfism)
Traumatic brain injury

Disability Status

Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

Senior Identity & Access Management Engineer (Remote)

Apply for this job

Voluntary Self-Identification

Voluntary Self-Identification of Disability