Identity & Access Management Engineer

Description
Ready to join a team that's all in? At Imprivata, we deliver unified access and security management programs that eliminate friction, empowering healthcare and mission-critical organizations to work smarter, faster, and more securely.
We believe work can be more than a job or task-it's a collective spirit; the type that emboldens creativity, embraces challenge, and fosters excitement. We are constantly raising the bar on what's possible, owning the outcome of our triumphs and trials, staying nimble amidst change, and cultivating an environment where we win together. Here, your ideas matter, your differences are celebrated, and your work drives real results-for your career, your teammates, and our customers.
When you join Imprivata, you embark on a shared journey of ambition and growth. We're committed to building an inclusive workplace where everyone feels valued and supported. If you're looking for a place to match your passion with purpose-and where every day you can make an impact-you'll find it here.
We are seeking an Identity & Access Management Engineer to join our team. This is a hybrid opportunity based out of our Waltham, MA office.
Job Summary
The Identity & Access Management (IAM) Engineer will help to mature our enterprise identity program, strengthen access governance, and eliminate privilege risk and sprawl across a hybrid environment. This role will build scalable access controls, automate lifecycle workflows, and integrate modern authentication technologies. Partnering with Security Engineering, IT, and Compliance, this role will ensure our identity stack is resilient, auditable, and aligned with Zero Trust principles. The IAM Engineer focuses on solving complex access challenges, reducing identity and access complexity, and proactively closing privilege gaps.
Duties and Responsibilities

• Design, implement, and maintain enterprise identity governance controls, including RBAC/ABAC models, SoD policies, and classification-based access.
• Deploy and operate IAM platforms (e.g., AD360, Azure AD) to automate provisioning, deprovisioning, access requests, and lifecycle management.
• Lead remediation of identity-based risk by reducing privilege paths and hardening AD/Azure AD and connected systems.
• Implement and manage MFA, conditional access, and contextual access controls (device, location, time-based) for privileged and high-risk users.
• Integrate and oversee privileged access management (PAM), including vaulting, session monitoring, and elevation workflows.
• Automate access reviews, entitlement validations, and user lifecycle processes in collaboration with cross-functional stakeholders.
• Partner with Detection Engineering and SecOps to enrich SIEM/SOAR with identity context, behavioral signals, and threat intelligence.
• Support compliance and incident response through robust access logging, audit evidence, documentation, and response to identity-related threats.
• Other duties as assigned and required

Required Qualifications

• Bachelor's degree in Computer Science, Information Technology, Engineering, or a related field, or equivalent combination of technical education and relevant hands-on experience.
• 3+ years of experience in a similar engineering role.
• Experience with IAM and identity governance platforms (Azure AD, AD DS, AD360, Okta) across cloud and hybrid environments.
• Hands-on expertise with modern authentication and access controls, including MFA, FIDO2, certificates, conditional access, and GPO.
• Strong grasp of identity governance and Zero Trust concepts such as RBAC, ABAC, SoD, and least privilege.
• Experience with PAM solutions and identity threat detection using tools like CyberArk, BloodHound, and SIEM/SOAR.
• Ability to automate IAM processes with PowerShell or Python, supported by solid troubleshooting, documentation, compliance, and basic Linux knowledge

This position offers a total compensation range of $100,000.00 to $110,000.00 (inclusive of base salary and variable compensation, such as bonuses and incentives). In addition, more information about Imprivata's benefit offerings can be found here. This range represents the high and low end of Imprivata's compensation range for this position. Actual compensation will vary and may be above or below the range based on various factors, such as a candidate's location, skills, experience, and qualifications.
At Imprivata, we have a top-notch work environment, developmental opportunities, a competitive total rewards package, and the desire to have fun. If you have the skills and qualifications as we have described above, we want to hear from you!
Imprivata provides equal employment opportunities, regardless of race, religion, age, sex, national origin, disability status, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
#LI-Hybrid #LI-SF1