Identity & Access Engineer

We’re seeking an experienced Identity & Access Engineer to lead the strategic transition of our enterprise authentication systems from Kerberos to Okta Single Sign-On (SSO), specifically within our Jamf-managed Apple fleet, spanning over 30,000 users globally

Required Skills:

• Architect and lead the migration of Kerberos-based authentication in Jamf to Okta SSO, ensuring minimal disruption across a global user base.
• Design identity and access management workflows that align with Zero Trust principles and modern endpoint management practices.
• Serve as a primary engineer and subject matter expert for Okta integrations with macOS devices and associated tooling (e.g., Jamf Connect, Jamf Pro).
• Collaborate with cross-functional teams (Security, IT, Compliance, Platform Engineering) to assist with project scope, milestones, risk mitigation, and testing strategies.
• Develop and maintain comprehensive documentation, including architecture diagrams, technical runbooks, and transition playbooks.
• Ensure adherence to enterprise security policies, compliance requirements, and audit controls related to identity access.

Required Experience:
Required:

• 5+ years of experience in identity and access management (IAM), infrastructure engineering, or enterprise security.
• Demonstrable experience deploying and managing Okta SSO, with at least one major enterprise-wide rollout.
• Deep understanding of Kerberos, SAML, OAuth, SCIM, and OIDC protocols.
• Extensive hands-on experience with Jamf Pro and Jamf Connect in macOS environments.
• Proven ability to contribute to complex technical projects across large user bases (10,000+ users).
• Strong scripting and automation skills (e.g., Python, or Bash).
• Excellent communication and collaboration skills across technical and non-technical stakeholders.

Preferred:

• Okta Certified Professional or higher-level certifications (e.g., Okta Certified Consultant).
• Jamf Certified Expert (Jamf 400) certification.
• Familiarity with Microsoft Entra ID (formerly Azure AD), Apple Business Manager, and MDM best practices.
• Background in Zero Trust architecture design and deployment.
• Experience supporting hybrid or fully remote workforces