Job Information
College of American Pathologists Senior IAM Engineer in Northfield, Illinois
Who we are? As the world's largest organization of board-certified pathologists and leading provider of laboratory accreditation and proficiency testing programs, the College of American Pathologists (CAP) serves patients, pathologists, and the public by fostering and advocating excellence in the practice of pathology and laboratory medicine worldwide.
Our Culture
CAP employees make a meaningful difference by partnering with colleagues customers and members on challenging and rewarding work
CAP provides its employees with an energetic and collaborative work environment and encourage opportunities to further develop their skills—offering reimbursement for educational programs and participation in events that enhance your skills
We offer a generous compensation and benefits package, 401K, and more -- visit Careers at the CAP (https://www.cap.org/careers-at-the-cap) for more details
Brief Description
The Senior Identity & Access Management (IAM) Engineer is responsible for the implementation, operation, and continuous improvement of identity and access management capabilities across the enterprise. This role leads the design and enforcement of identity controls to ensure secure, efficient, and compliant access to systems and data.
The position works closely with security leadership, IT teams, and application owners to implement scalable identity solutions, strengthen authentication and access controls, and support evolving business and security requirements.
Specific Duties
Identity & Access Management Engineering
Designs, implements, and maintains IAM solutions, including Single Sign-On (SSO), Multi-Factor Authentication (MFA), and identity federation
Configures and manages identity platforms (e.g., Microsoft Entra ID, Okta, or similar)
Implements and maintains Conditional Access policies aligned to organizational security requirements
Integrates applications with identity providers using standard protocols (e.g., SAML, OAuth, OpenID Connect)
Access Control & Authentication
Establishes and enforces authentication and access control standards across the environment
Manages and continuously improves MFA strategy, including enforcement, exclusions, and user experience considerations
Supports secure onboarding of applications and services into centralized identity systems
Reviews and improves role-based and attribute-based access models where applicable
Privileged Access & Non-Human Identity Management
Establishes and maintains controls for privileged access, including administrative roles and elevated permissions
Supports the implementation and ongoing improvement of Privileged Access Management (PAM) capabilities
Develops and enforces standards for service accounts and other non-human identities, including credential management and access restrictions
Identifies opportunities to reduce standing privilege and improve least privilege across systems and platforms
Partners with infrastructure and application teams to improve visibility and governance of non-human identities
Identity Lifecycle & Governance
Supports identity lifecycle processes for both human and non-human identities, including provisioning, deprovisioning, and access changes
Identifies opportunities to improve automation and consistency in access management workflows
Partners with IT and business teams to ensure appropriate access controls are implemented and maintained
Contributes to the maturation of identity governance and privileged access capabilities over time
Operational Support & Troubleshooting
Troubleshoots and resolves identity-related issues, including authentication failures and access inconsistencies
Supports incident response efforts involving identity or access-related events
Monitors IAM systems for reliability, performance, and security issues
Collaboration & Continuous Improvement
Works with cross-functional teams to ensure identity services are integrated into new and existing systems
Evaluates and recommends improvements to IAM tools, configurations, and processes
Supports ongoing maturation of identity capabilities, including privileged access and identity governance
Stays current with evolving identity threats, technologies, and best practices
Practice Ownership and Project Oversight
Owns and maintains security standards, control requirements, and guidance within the assigned security practice domain
Leads security scoping activities for enterprise initiatives involving controls within the assigned practice area
Defines security requirements, deliverables, and acceptance criteria for initiatives impacting the practice domain
Oversees alignment of implementation plans to established security standards
Collaborates with project managers and business stakeholders to ensure security milestones are defined, tracked, and documented
Escalates material deviations from established standards and supports formal risk documentation where appropriate
Metrics & Reporting
Develops and maintains key performance indicators and metrics related to the assigned security practice domain
Provides periodic reporting on control maturity, risk posture, and initiative progress
Communicates practice-level performance insights to security leadership and relevant stakeholders
Knowledge/Skills Required/Preferred
Personal:
Detail-oriented with a focus on accuracy and consistency in access control implementation
Strong sense of ownership and accountability for assigned responsibilities
Curious and proactive in identifying opportunities to improve security and processes
Willingness to learn and adapt to evolving technologies and security threats
Collaborative mindset with a focus on enabling the business securely
Demonstrates accountability for outcomes and ability to operate with limited direction
Comfortable working through ambiguity and making sound decisions
Professional:
Ability to work effectively with cross-functional teams including IS, application owners, and business stakeholders
Strong problem-solving and analytical skills, with the ability to diagnose and resolve complex issues
Ability to manage multiple priorities and deliver work in a structured and timely manner
Strong written and verbal communication skills including the ability to explain technical concepts to non-technical audiences
Ability to document processes, configurations, and standards clearly and concisely
Ability to make informed technical decisions and provide guidance on identity-related implementations
Ability to influence stakeholders and drive adoption of security controls and standards
Technical:
Strong understanding of identity and access management concepts including authentication, authorization, and federation
Knowledge of identity protocols such as SAML, OAuth 2.0, and OpenID Connect
Familiarity with Multi-Factor Authentication (MFA), Single Sign-On (SSO), and Conditional Access concepts
Understanding of identity lifecycle management including provisioning and deprovisioning processes
Familiarity with privileged access management (PAM) concepts and service account governance
Ability to troubleshoot identity and access issues across integrated systems
Ability to design and implement access control strategies aligned to security requirements
Strong understanding of modern identity threats and mitigation techniques
Education/Experience
Education:
- Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field (or equivalent experience)
Experience:
5+ years of experience in identity and access management or related security engineering roles
Hands-on experience with IAM platforms such as Microsoft Entra ID, Okta, SailPoint, or similar
Experience implementing SSO, MFA, and identity federation solutions
Strong understanding of authentication and authorization protocols (SAML, OAuth 2.0, OpenID Connect)
Experience designing and implementing Conditional Access or equivalent access control policies
Familiarity with identity lifecycle management and access provisioning processes
Familiarity with privileged access management (PAM) concepts and service account governance
Ability to troubleshoot complex identity and access issues across integrated systems
Related certifications:
Relevant certifications such as Microsoft Identity certifications, CISSP, CISM, or similar are preferred but not required
Additional Criteria
Schedule flexibility to allow for availability required during the CAP’s non-business hours for activities such as resolution of critical issues or outages, managing off-hours maintenance, meetings with offshore teams, or other critical business needs.
Travel is required when necessary; expected to be less than 10%. Travel required when necessary; expected to be less than 10%.
Candidates must reside within 75-miles of the Northfield, IL office and meet in office requirements.
Salary: $118,000 - $150,000
Equal Opportunity Employer The CAP is an equal opportunity/affirmative action employer, providing equal employment opportunities (EEO) to all employees and qualified applicants for employment without regard to race, creed, color, religion, sex, gender identity and/or expression, national origin, age, ancestry, disability or genetic information, military status, sexual orientation, marital status, citizenship status, order of protection status, homelessness, or any other characteristic protected by federal law and the applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. Applicants have rights under Federal Employment Laws: Family and Medical Leave Act Equal Employment Opportunity Employee Polygraph Protection Act
Job Details
Job Family Computer Science
Pay Type Salary