IAM Engineer

Location: Brazil Sao Paulo - Remote

Time Type: Full time

Job Description

The IAM team at WEX is evolving to meet the demands of a rapidly growing and dynamic business. We are seeking an experienced and innovative IAM Automation Engineer - Access Provisioning to join our Directory Services Engineering group. This engineering role is responsible for transforming our current Identity and Access Management processes through strategic automation, robust RBAC development, and user-centric self-service solutions. 

How you’ll make an impact

• Design, develop, and implement automated workflows for the entire identity lifecycle, including user onboarding, offboarding, and role changes (joiner-mover-leaver).

• Utilize scripting languages (e.g., PowerShell, Python,) and API integrations to seamlessly connect HR systems, Active Directory, cloud platforms (e.g., Okta, Azure AD), and various target applications.

• Develop and maintain automation scripts that handle common access requests, significantly reducing manual intervention and improving fulfillment times.

• Analyze existing manual processes to identify high-impact automation opportunities and drive their implementation.

• Collaborate extensively with business units, application owners, and IT stakeholders to analyze user needs and define a comprehensive and granular RBAC model.

• Build, test, and deploy roles that adhere to the principle of "least privilege" necessary for specific job functions.

• Establish processes for maintaining and periodically recertifying roles to ensure ongoing relevance, accuracy, and security compliance.

• Analyze the current IAM ticket queue and operational data to pinpoint the most frequent and time-consuming manual tasks for automation.

• Design and implement intuitive self-service capabilities, enabling users to request access to common applications through a service catalog with automated approval workflows.

• Continuously refine and optimize IAM processes to streamline access reviews, certifications, and overall access management workflows.

• Explore and evaluate opportunities to leverage AI and machine learning (ML) for enhanced IAM capabilities, such as anomaly detection in access patterns, predictive analytics for access reviews, or intelligent automation of complex identity tasks.

• Contribute to the design and implementation of AI/ML models that can improve security posture and operational efficiency within IAM.

• Stay current with AI trends in cybersecurity and identity management.

• Ensure that automated solutions and RBAC models contribute to a strong security posture and facilitate compliance with regulatory frameworks (e.g., GDPR, HIPAA, SOX).

• Support audit requests by providing automated evidence and reporting related to identity and access management controls.

• Provide expert guidance to business and technology stakeholders on IAM best practices, automation possibilities, and the benefits of a well-structured access ecosystem.

• Work collaboratively with other IT teams to integrate IAM solutions into broader enterprise architecture.

Experience you’ll bring

• Bachelor's degree in Computer Science, Information Technology, or a related field, or equivalent practical experience.

• Proven experience as an IAM Engineer or similar role with a strong focus on automation and integration.

• Proficiency in scripting languages such as PowerShell, Ansible and/or Python for automation and API interaction.

• Experience with enterprise-level IAM solutions beyond basic administration (e.g., SailPoint IIQ, Okta Identity Cloud, Azure AD Identity Governance).

• Solid understanding of Active Directory, LDAP, and enterprise identity stores.

• Demonstrable experience with RESTful APIs for integration purposes.

• Strong analytical and problem-solving skills with a proactive approach to identifying and resolving issues.

• Excellent written and verbal communication skills, with the ability to articulate complex technical concepts to both technical and non-technical audiences.

• Ability to work independently and as part of a team in a fast-paced, evolving environment.

Nice to have:

• Deep understanding and practical experience with authentication and authorization protocols (e.g., SAML, OAuth, OIDC, SCIM).

• Experience designing and implementing self-service portals and automated approval workflows within an IAM context.

• Familiarity with cloud security concepts and identity management in public cloud environments (AWS, Azure, GCP).

• Experience with DevOps practices and CI/CD pipelines in an IAM context.

• Exposure to or foundational understanding of AI/ML concepts and their application in security or automation.

• Experience with data analysis tools or platforms relevant to AI/ML model development

Tools/Skills:

• Sailpoint IIQ
• Delinea SSC
• Active Directory
• Github
• Terraform
• Python