SSO Technical Lead

Machinify is a leading healthcare intelligence company with expertise across the payment continuum, delivering unmatched value, transparency, and efficiency to health plan clients across the country. Deployed by over 85 health plans, including many of the top 20, and representing more than 270 million lives, Machinify brings together a fully configurable and content-rich, AI-powered platform along with best-in-class expertise. We’re constantly reimagining what’s possible in our industry, creating disruptively simple, powerfully clear ways to maximize financial outcomes and drive down healthcare costs.

About the Opportunity

Machinify is modernizing its enterprise systems landscape, and single sign-on (SSO) is at the core of our security and user experience strategy. We are looking for an SSO Technical Lead to drive the design, implementation, and enablement of SSO across all enterprise applications from HR and Finance to Sales and Operations.

This is a hands-on technical leadership role that requires strong problem-solving skills, cross-functional collaboration, and the ability to quickly learn and integrate new technologies. You will work closely with business system owners, IT security, and external partners to ensure consistent, secure, and seamless authentication experiences across the company, while aligning with NIST cybersecurity standards, layered defense principles, and least privilege access models.

What You'll Do

• Lead the end-to-end implementation of SSO for all enterprise applications — including HR, Order Management, Operations, Sales, Service, Legal, and Procurement systems.
• Design and configure identity integrations using Entra ID (Azure AD), Okta, or similar identity providers to enable SAML, OIDC, and OAuth-based authentication.
• Implement layered security controls that align with the NIST and HITRUST particularly regarding protection of PHI ( Protected Health Information) and personally identifiable data.
• Apply least privilege access principles across all SSO-enabled applications to ensure users and service accounts have the minimal required access for their roles.
• Partner cross-functionally with system owners, InfoSec, and application teams to assess requirements, plan integrations, and execute go-live with secure authentication flows.
• Standardize and document SSO integration patterns, metadata exchange, and token policies to ensure scalability, consistency, and auditability.
• Collaborate with InfoSec to enforce MFA, conditional access, and continuous monitoring for privileged and non-privileged accounts.
• Maintain and enhance existing SSO configurations, certificates, and policies to support business continuity and compliance with company security policies.
• Evaluate and onboard new SaaS applications, ensuring that each integration adheres to layered security and least privilege principles.
• Troubleshoot and resolve SSO integration issues across multiple identity providers and environments with a focus on security and operational resilience.
• Provide mentorship and knowledge sharing within the IT Applications and Security teams on identity, access management, and cybersecurity best practices.

What You Bring

Required Skills & Experience

• Bachelor’s degree in Computer Science, Information Systems, or related field.
• 5+ years of experience in IT Applications, Identity Management, or System Integration roles.
• Proven experience implementing SSO using Microsoft Entra ID (Azure AD), Okta, Ping, or equivalent.
• Strong understanding of SAML 2.0, OAuth 2.0, OIDC, and SCIM standards.
• Experience integrating SSO with SaaS and on-premise applications (e.g., Workday, Paycom, Salesforce, SAP, Oracle, ServiceNow, Coupa, DocuSign).
• Practical knowledge of the NIST Cybersecurity Framework, and  HITRUST particularly as it applies to authentication, identity, and access control.
• Solid understanding of layered security architecture implementing defense-in-depth controls across network, application, and identity layers.
• Demonstrated experience enforcing least privilege access, role-based permissions, and segregation of duties.
• Strong troubleshooting skills in authentication flows, certificates, and federation services.
• Ability to balance hands-on technical work with stakeholder communication, project management, and documentation.
• Proven ability to work cross-functionally and influence teams in a fast-paced environment.

Preferred Skills

• Familiarity with identity governance and administration (IGA) frameworks and lifecycle automation.
• Exposure to API-based integrations, automation scripts (PowerShell, Python), or workflow orchestration tools.
• Experience in a high-tech or SaaS environment supporting enterprise business systems.
• Security certifications (CISSP, CISM, or Microsoft Identity and Access certifications) are a plus.

What We Offer

• Work from anywhere in the US! Machinify is digital-first.
• Top Medical/Dental/Vision offerings
• FSA/HSA
• Tuition reimbursement
• Competitive salary, 401(k) with company match
• Unlimited PTO 
• Additional health and wellness benefits and perks
• Flexible and trusting environment where you’ll feel empowered to do your best work