Sr. Identity and Access Management Engineer

At Zelis, we Get Stuff Done. So, let’s get to it! A Little About Us Zelis is modernizing the healthcare financial experience across payers, providers, and healthcare consumers. We serve more than 750 payers, including the top five national health plans, regional health plans, TPAs and millions of healthcare providers and consumers across our platform of solutions. Zelis sees across the system to identify, optimize, and solve problems holistically with technology built by healthcare experts – driving real, measurable results for clients. A Little About You You bring a unique blend of personality and professional expertise to your work, inspiring others with your passion and dedication. Your career is a testament to your diverse experiences, community involvement, and the valuable lessons you've learned along the way. You are more than just your resume; you are a reflection of your achievements, the knowledge you've gained, and the personal interests that shape who you are. Position Overview Lead for Single Sign One (SSO) and cloud-based authentication and multi-factor authentication (MFA) policy management.

Overview

We are seeking a highly skilled and motivated Senior IAM Engineer to join the Identity and Access Management (IAM) team. This is a hands-on technical engineering role focused on designing, implementing, and supporting enterprise Single Sign-On (SSO) integrations, Multi-Factor Authentication (MFA), and access control policies within Microsoft Azure (Entra ID). This role is ideal for someone who thrives in dynamic environments and is passionate about Security, Identity Architecture, Authentication Protocols, and Automation. The position will work closely with IAM peers across Identity Governance (SailPoint) and Privileged Access Management (CyberArk) to ensure cohesive and secure identity operations across the enterprise.

Key Responsibilities

• Lead the design, implementation, and ongoing management of enterprise Single Sign-On (SSO) integrations within Microsoft Entra ID (Azure AD), including SAML, OAuth, and OpenID Connect (OIDC) configurations.
• Configure and manage application provisioning integrations using SCIM and Just-In-Time (JIT) methodologies, including attribute mappings, profile transformations, and lifecycle alignment with upstream identity sources.
• Manage and evolve the organization’s Multi-Factor Authentication (MFA) strategy. Ensure secure configuration, policy enforcement, and user experience optimization.
• Assist in the configuration and ongoing management of Conditional Access Policies, including risk-based access controls, device compliance requirements, location-based controls, and Zero Trust alignment.
• Support and manage Azure App Registrations in alignment with enterprise standards, including delegated and application permissions, client secrets/certificates, API exposure, and service principal configurations.
• Partner closely with the Identity Governance (IGA) and Privileged Access Management (PAM) teams to ensure SSO integrations, application onboarding, access provisioning, and privileged access controls are properly aligned.
• Troubleshoot authentication, federation, and token-related issues across SAML/OIDC flows, performing root cause analysis and implementing durable engineering solutions.
• Drive automation and process improvement initiatives using PowerShell, Microsoft Graph API, and related tools to enhance operational efficiency and scalability.
• Develop and maintain comprehensive knowledge articles, architecture diagrams, and SOPs related to SSO, MFA, Conditional Access, and Azure identity configurations.
• Stay current on emerging identity security threats, authentication standards, and Microsoft roadmap updates to proactively strengthen enterprise authentication posture.

Qualifications

• Proven technical experience implementing and managing enterprise Single Sign-On (SSO) solutions in Microsoft Entra ID (Azure AD).
• Strong hands-on experience with authentication and federation protocols including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and SCIM.
• Experience configuring and managing Multi-Factor Authentication (MFA) solutions (Duo and/or Microsoft Authenticator preferred).
• Working knowledge of Conditional Access Policy design and implementation within Azure.
• Experience with Azure App Registrations, service principals, and API permission management.
• Proficiency in PowerShell scripting and experience leveraging Microsoft Graph API for automation and identity management tasks.
• Strong troubleshooting skills related to authentication flows, token issuance, federation errors, and provisioning integrations.
• Excellent communication and collaboration skills with the ability to work cross-functionally across security, infrastructure, development, and governance teams.

Preferred Qualifications

• Microsoft certifications (e.g., SC-300: Identity and Access Administrator Associate).
• Experience with identity governance platforms (e.g., Sail

Apply tot his job Apply To this Job