IAM Engineer
It's fun to work in a company where people truly BELIEVE in what they're doing!
The Senior IAM Engineer is responsible for the technical design, implementation, integration, and operation of Identity and Access Management solutions across on‑premises and cloud environments. The role ensures secure, scalable, and automated identity services, supporting least privilege, compliance, and operational efficiency, with exposure to Privileged Access Management (PAM) controlsWHAT YOU WILL DO:
IAM Engineering and Operations
•Design, configure, and maintain IAM platforms, services, and scalable provisioning/deprovisioning workflows.
•Automate identity lifecycle for joiners, movers, and leavers (JML).
•Integrate IAM solutions with enterprise and cloud applications.
Authentication & Access Control
•Implement SSO, MFA, and federation solutions.
•Configure identity protocols (SAML, OAuth, OpenID Connect).
•Support hybrid identity environments (on‑premises and cloud).
•Implement Conditional Access and risk-based authentication policies.
•Apply Zero Trust principles to identity and access decisions.
Directory & Cloud Identity
•Manage Active Directory and Microsoft Entra ID environments.
•Support cloud IAM services (Azure, AWS, GCP).
Access Management & Governance Support
•Implement role-based access models (RBAC).
•Support access certifications, segregation of duties (SoD), and entitlement management.
•Assist with audit, compliance, and access review activities.
Privileged Access Management (PAM)
•Support PAM controls (e.g. CyberArk, BeyondTrust).
•Assist with privileged account onboarding and lifecycle management.
•Support enforcement of least privilege and controlled access.
Automation & Continuous Improvement
•Automate IAM processes and reduce manual access management via scripting, APIs, and workflows.
Monitoring & Support
•Monitor IAM platforms for availability and security events.
•Troubleshoot authentication and access-related issues.
WHAT YOU WILL BRING TO THE TABLE:
Minimum Education
•Bachelor’s degree in computer science, Information Systems or related field
Required skills and experience:
•Strong hands-on experience with IAM engineering and implementation. Deep understanding of authentication, authorisation, and identity federation.
•Understanding of Privileged account lifecycle, Least privilege and JIT access, Privileged session monitoring
•IAM platforms (e.g. SailPoint, Saviynt, Okta, Ping)
•Active Directory and Microsoft Entra ID
•Cloud IAM (Azure, AWS, GCP)
•PAM tools (e.g. CyberArk, BeyondTrust)
•Scripting (PowerShell, Python, APIs)
•Zero Trust architecture and Conditional Access (Entra ID / Azure AD)
Experience
•7+ years experience in IAM Engineering or operations
•Exposure to enterprise IAM implementations
•Exposure to PAM environments (advantageous)
#LI-KM3
In accordance with the employment equity plan of Tiger Brands and its employment equity goals and targets, preference may be given, but is not limited, to candidates from under-represented designated groups.