IAM Security Engineer

IAM Security Engineer  

Truveta is the world’s first health provider led data platform with a vision of Saving Lives with Data. Our mission is to enable researchers to find cures faster, empower every clinician to be an expert, and help families make the most informed decisions about their care. Achieving Truveta’ s ambitious vision requires an incredible team of talented and inspired people with a special combination of health, software and big data experience who share our company values. 

This position is based out of our headquarters in the Greater Seattle Area. #LI-onsite

Who We Need

Truveta is rapidly building a talented and diverse team to tackle complex health and technical challenges. We are seeking candidates inspired by the opportunity to securely apply data in the development of real-world health solutions. Beyond core capabilities, we seek problem solvers, passionate and collaborative teammates, and those willing to roll up their sleeves while making a difference. We do things the right way. Our commitment to security and compliance assurance cannot be stressed enough. This position is critical to ensuring we are successful.

If you are interested in the opportunity to pursue purposeful work, join a mission-driven team, and build a rewarding career while having fun, Truveta may be the perfect fit for you.

This Opportunity   

Success in the healthcare industry is predicated on a foundation of trust. We demonstrate our trustworthiness as stewards of health data through three foundational pillars: security, privacy, and compliance.

The successful candidate will design, implement and support solutions that support the company’s Digital Workplace strategy. They will work on leading edge technologies that help modernize endpoint management by leveraging the cloud to quickly deliver end-user improvements.

Responsibilities

• Identity Lifecycle & Access Management
  • Manage and improve provisioning, de-provisioning, and modification processes for user accounts and service principals across cloud and enterprise systems.
  • Conduct access reviews, entitlement cleanups, and role evaluations to ensure least-privilege access.
  • Identify gaps in lifecycle processes and recommend enhancements or workflow automation opportunities.
    
    
• Access Requests & Role Governance
  • Process and validate access requests, ensuring alignment with RBAC models, security policies, and job function requirements.
  • Contribute to the development and refinement of RBAC roles, access policies, and approval workflows.
  • Partner with stakeholders to analyze access patterns and propose more efficient and secure role structures.
    
    
• Application Integration & IAM Enablement
  • Support onboarding applications into IAM systems, including SSO configuration, SCIM provisioning, OAuth app integration, and secure authentication setup.
  • Work with application and engineering teams to ensure proper identity integration and consistent enforcement of IAM standards.
  • Assist with evaluating and implementing new IAM tools or capabilities as the organization evolves.
    
    
• Security Controls & Identity Governance
  • Implement and support IAM security controls such as MFA, Conditional Access policies, PIM, and identity governance features.
  • Monitor for identity threats, misconfigurations, and anomalies; proactively recommend remediation steps.
  • Participate in maturing identity governance processes such as certification campaigns, privileged access workflows, and separation-of-duty reviews.
• Incident Response & Operational Support
  • Troubleshoot and resolve identity-related issues with moderate complexity, including authentication failures, directory sync issues, and access conflicts.
  • Investigate identity-related security alerts and coordinate escalation with Security Operations team as needed.
  • Provide SME support to IT, security, and engineering teams for IAM-related questions and problems.
    
    
• Compliance, Auditing & Reporting
  • Support internal and external audits by preparing access-related evidence, reports, and documentation.
  • Ensure IAM controls and workflows meet regulatory, security, and policy requirements.
  • Develop periodic reports on access activity, privileged accounts, anomalies, and IAM policy adherence.
    
    
• Documentation, Knowledge Sharing & Process Improvement
  • Maintain accurate and detailed documentation of IAM processes, workflows, configurations, and standards.
  • Contribute to internal knowledge bases, runbooks, training materials, and user guides.
  • Continuously evaluate IAM processes and tools to identify opportunities to streamline, standardize, or automate.

Key Qualifications

• The knowledge, skills and abilities typically acquired through the completion of a bachelor's degree program or equivalent degree in a field of study related to Computer Science, Information Security and Information Systems.
• 3-5 years of hands-on experience in an Identity and Access Management (IAM) role, with a strong focus on Azure environments.
• Strong understanding of Azure Entra ID (Azure Active Directory), including Conditional Access, MFA, Identity Governance, PIM, directory services, and RBAC.
• Experience supporting SSO integrations and identity protocols such as SAML, OAuth 2.0, OpenID Connect, and SCIM provisioning.
• Ability to analyze and improve access models, workflows, and entitlements, applying least privilege and zero-trust principles.
• Proficiency with PowerShell or similar scripting tools to automate IAM tasks and streamline operations.
• Experience monitoring for identity-related threats, anomalous login behavior, and misconfigurations in cloud IAM environments.
• Working knowledge of IT/security governance and compliance frameworks (e.g., SOC 2, ISO 27001, NIST) and experience supporting audits or access reviews.
• Strong troubleshooting and diagnostic skills for identity issues involving authentication, authorization, directory sync, and permissions.
• Excellent written and verbal communication skills, including the ability to work cross-functionally with engineering, IT, and security teams.
• Relevant certifications preferred, such as Microsoft SC-300 (strongly preferred), AZ-104, AZ-500, or Security+.
• Ability to work effectively in a fast-paced environment, handle multiple priorities, and take ownership of IAM responsibilities.
• This position requires onsite work at Truveta’s Bellevue, WA office.

Why Truveta?  

Be a part of building something special. Now is the perfect time to join Truveta. We have strong, established leadership with decades of success. We are well-funded. We are building a culture that prioritizes people and their passions across personal, professional and everything in between. Join us as we build an amazing company together. 

We Offer:

• Interesting and meaningful work for every career stage
• Great benefits package
• Comprehensive benefits with strong medical, dental and vision insurance plans
• 401K plan
• Professional development & training opportunities for continuous learning
• Work/life autonomy via flexible work hours and flexible paid time off
• Generous parental leave
• Regular team activities (virtual and in-person as soon as we are able)
• The base pay for this position is $128,000 to $155,000. The pay range reflects the minimum and maximum target. Pay is based on several factors including location and may vary depending on job-related knowledge, skills, and experience. Certain roles are eligible for additional compensation such as incentive pay and stock options.

If you are based in California, we encourage you to read this important information for California residents linked here.

Truveta is committed to creating a diverse, inclusive, and empowering workplace. We believe that having employees, interns, and contractors with diverse backgrounds enables Truveta to better meet our mission and serve patients and health communities around the world. We recognize that opportunities in technology historically excluded and continue to disproportionately exclude Black and Indigenous people, people of color, people from working class backgrounds, people with disabilities, and LGBTQIA+ people. We strongly encourage individuals with these identities to apply even if you don’t meet all of the requirements.

Please note that all applicants must be authorized to work in the United States for any employer as we are unable to sponsor work visas or permits (e.g. F-1 OPT, H1-B) at this time. We appreciate your interest in the position and encourage you to explore future opportunities with us.