Senior Identity and Access Management (IAM) Engineer

We are united in our mission to make a positive impact on healthcare. Join Us! 

• South Florida Business Journal, Best Places to Work 2024
• Inc. 5000 Fastest-Growing Private Companies in America 2024
• 2024 Black Book Awards, ranked #1 EHR in 11 Specialties
• 2024 Spring Digital Health Awards, “Web-based Digital Health” category for EMA Health Records (Gold)
• 2024 Stevie American Business Award (Silver), New Product and Service: Health Technology Solution (Klara)

Who we are:

We Are Modernizing Medicine (WAMM)! We’re a team of bright, passionate, and positive problem-solvers on a mission to place doctors and patients at the center of care through an intelligent, specialty-specific cloud platform. Our vision is a world where the software we build increases medical practice success and improves patient outcomes. Founded in 2010 by Daniel Cane and Dr. Michael Sherling, we have grown to over 3400 combined direct and contingent team members serving eleven specialties, and we are just getting started! ModMed's global headquarters is based in Boca Raton, FL, with a growing office in Hyderabad, India, and a robust remote workforce across the US, Chile, and Germany.

ModMed is hiring a Senior Identity and Access Management (IAM) Engineer in our Corporate IT team. This individual will manage Cybersecurity-type systems, including identity and access management (IAM) platforms, and a variety of related enterprise applications, infrastructure, onboarding/offboarding and software licensing compliance systems; in addition, this person will work closely with the InfoSec and Compliance teams on investigations and audits, including evidence collection, remediation and attestation. The ideal candidate will have a broad understanding of systems administration with specialized experience in cybersecurity tools, protocols, and governance. They will play a critical role in ensuring that our workforce has secure, compliant, and efficient access to enterprise systems. If you are passionate about solving complex IAM challenges and building scalable, secure systems, this is the role for you.

Your Role:

• Architect and Own Our Identity Fabric: Design, build, and operate our core IAM platforms, primarily Okta, Active Directory, and LDAP, ensuring scalability, reliability, and security.
• Drive End-to-End Automation: Take full ownership of the digital identity lifecycle (Joiner-Mover-Leaver). Engineer robust, automated workflows for provisioning, de-provisioning, and access changes, using scripting (Python/Bash) and tools like Okta Workflows.
• Champion Security and Compliance: Evolve and enforce our identity governance framework to support the principle of least privilege. Lead periodic access reviews and partner with our InfoSec team to ensure we meet and exceed regulatory standards (HIPAA, PCI).
• Serve as our IAM Subject Matter Expert: Act as the go-to expert for identity protocols (SAML, OAuth2, OIDC, SCIM) and lead the integration of new applications into our SSO and lifecycle management ecosystem.
• Enhance and Document Core Processes: Create clear, comprehensive documentation for technical workflows, standard operating procedures (SOPs), and user guides to empower our teams and support self-service capabilities.
• Collaborate and Respond: Partner with application owners and our security incident response team on identity-related initiatives and investigations.

Skills & Requirements:

• Experience: 3+ years of hands-on experience in an Identity and Access Management role, with a deep focus on architecting and administering Okta in a complex enterprise environment.
• Technical Depth: Expert-level knowledge of integrating applications with SSO, MFA, and automated lifecycle management. Deep familiarity with identity protocols (SAML, OAuth2, SCIM).
• Automation Mindset: Strong scripting proficiency in at least one language (Python, PowerShell, or Bash preferred) for automating tasks and integrating systems via RESTful APIs.
• Directory Services Expertise: Strong background in managing and integrating with traditional directory services like Active Directory and LDAP.
• Problem-Solving Skills: Proven ability to troubleshoot complex integration and authentication issues, from the network layer up to the application.
• Ownership and Communication: Exceptional documentation skills and the ability to work independently, manage priorities effectively, and communicate technical concepts to diverse audiences.
• Location:  Thus position is based in our Boca Raton, FL headquarters.

Bonus Points (Nice to Have):

• Okta Certified Administrator or similar.
• Experience with Okta Workflows for complex process automation.
• Familiarity with dedicated identity governance (IGA) platforms like SailPoint or Saviynt.
• Bachelor's degree in Computer Science, Information Security, or a related field.

Core Tech Stack:

• IAM: Okta (Universal Directory, SSO, MFA, Workflows), Active Directory, LDAP (freeipa)
• Protocols: SAML, OAuth2, OpenID Connect, SCIM, LDAP
• Scripting: Python, Bash, PowerShell

Infrastructure: AWS, Google Cloud, Windows/Linux Servers

#LI-KM1

ModMed Benefits Highlight:  At ModMed, we believe it’s important to offer a competitive benefits package designed to meet the diverse needs of our growing workforce. Eligible Modernizers can enroll in a wide range of benefits:

India

• Meals & Snacks: Enjoy complimentary office lunches & dinners on select days and healthy snacks delivered to your desk,
• Insurance Coverage: Comprehensive health, accidental, and life insurance plans, including coverage for family members, all at no cost to employees,
• Allowances: Annual wellness allowance to support your well-being and productivity,
• Earned, casual, and sick leaves to maintain a healthy work-life balance,
• Bereavement leave for difficult times and extended medical leave options,
• Paid parental leaves, including maternity, paternity, adoption, surrogacy, and abortion leave,
• Celebration leave to make your special day even more memorable, and company-paid holidays to recharge and unwind.

United States

• Comprehensive medical, dental, and vision benefits, including a company Health Savings Account contribution,
• 401(k):  ModMed provides a matching contribution each payday of 50% of your contribution deferred on up to 6% of your compensation. After one year of employment with ModMed, 100% of any matching contribution you receive is yours to keep.
• Generous Paid Time Off and Paid Parental Leave programs,
• Company paid Life and Disability benefits, Flexible Spending Account, and Employee Assistance Programs,
• Company-sponsored Business Resource & Special Interest Groups that provide engaged and supportive communities within ModMed,
• Professional development opportunities, including tuition reimbursement programs and unlimited access to LinkedIn Learning,
• Global presence and in-person collaboration opportunities; dog-friendly HQ (US), Hybrid office-based roles and remote availability for some roles,
• Weekly catered breakfast and lunch, treadmill workstations, Zen, and wellness rooms within our BRIC headquarters.

PHISHING SCAM WARNING: ModMed is among several companies recently made aware of a phishing scam involving imposters posing as hiring managers recruiting via email, text and social media. The imposters are creating misleading email accounts, conducting remote "interviews," and making fake job offers in order to collect personal and financial information from unsuspecting individuals. Please be aware that no job offers will be made from ModMed without a formal interview process, and valid communications from our hiring team will come from our employees with a ModMed email address (first.lastname@modmed.com). Please check senders’ email addresses carefully.  Additionally, ModMed will not ask you to purchase equipment or supplies as part of your onboarding process. If you are receiving communications as described above, please report them to the FTC website.