IAM Engineer

Job Title: IAM EngineerDuration: 12-24 MonthsLocation: Raleigh, NC/Charlotte, NC/Dallas, TX/Minneapolis, MN/Chandler, AZ - Hybrid Role (3 Days Onsite/2 Days WFH)Need strong profiles with IAM Core Concept, SAML Outh, and SSO productsThey are getting candidates who are stronger on Configuring, troubleshooting part in their interview. However; not very strong on IAM Core concepts, SAML, OUTH and SSO productsThey still need person to come in person interview, if, they go for in person then it would be 1 and done.We should look for IAM architects/engineers who can:Explain and implement identity federation protocols (SAML, OAuth, OIDC)Work with SSO products beyond just configuration (actual integrations, flows, security)Apply IAM core concepts to real-world automation and network identity scenariosScreen candidates based on below:Ask scenario-based questions:"Explain how OAuth differs from SAML and when you'd use each.”"Walk me through the SAML authentication flow between an IdP and SP.”Look for hands-on integration experience with SSO products, not just platform administration. Probe for security awareness: token expiration, replay attacks, certificate management. Candidate Focus Areas: IAM Core ConceptsPrinciples of authentication vs. authorizationRole-based access control (RBAC), attribute-based access control (ABAC)Identity lifecycle management (provisioning, de-provisioning, governance)Federation and trust models SAML, OAuth, and OpenID ConnectSAML 2.0: Assertions, bindings, metadata, IdP vs. SP rolesOAuth 2.0: Grant types (Authorization Code, Client Credentials, Implicit, Device Flow), scopes, tokens (access, refresh, ID)OpenID Connect (OIDC): Identity layer on top of OAuth, ID token structure, claimsJWT: Structure, validation, signature verification SSO Products & EcosystemHands-on with enterprise SSO platforms (Okta, Ping Identity, Azure AD, ForgeRock, etc.)Experience integrating apps with SSO (SAML/OAuth flows)Understanding of MFA, adaptive authentication, and conditional access policies