ActiveJobs

Senior Identity & Access Management (IAM) Engineer

ARTeSYN Biosolutions · Remote - Massachusetts

Full-timeRemotePosted 9 July 2026
Apply on Company Site →

Job description

Repligen is seeking a highly skilled and results-driven Senior Identity & Access Management (IAM) Engineer to join our Global Infrastructure & Operations organization. This role is responsible for the design, implementation, administration, and continuous improvement of enterprise identity, authentication, access management, identity governance, and Public Key Infrastructure (PKI) services across a global environment. The Senior IAM Engineer will serve as the technical owner for Microsoft Entra ID, identity lifecycle management, Single Sign-On integrations, authentication services, privileged access management, certificate services, and network access control platforms. This individual will partner closely with Infrastructure, Cybersecurity, Digital Workplace, HR, Application Owners, and business stakeholders to deliver secure, scalable, and automated identity services that enhance user experience while supporting compliance and security requirements. This is a hands-on engineering role requiring deep expertise in identity technologies, authentication protocols, enterprise integrations, automation, and access governance. The successful candidate will play a key role in advancing Repligen's identity strategy, strengthening access controls, improving operational efficiency, and enabling secure access across cloud, on-premises, and SaaS environments.Remote; candidates must reside in the Eastern Time Zone. ResponsibilitiesOwn the administration, engineering, governance, and continuous improvement of enterprise identity and access management services. Serve as the primary technical owner for Microsoft Entra ID and related identity platforms. Design, implement, and support authentication and authorization solutions across cloud and on-premises environments. Administer and maintain Conditional Access policies, Multi-Factor Authentication (MFA), Identity Protection, passwordless authentication, and modern access management solutions. Design and support Single Sign-On (SSO) integrations utilizing SAML, OAuth, OpenID Connect, LDAP, Kerberos, and SCIM technologies. Manage enterprise application onboarding, identity integrations, access provisioning, and entitlement management processes. Partner with HR, Infrastructure, and application owners to design and automate Joiner, Mover, and Leaver (JML) processes. Implement and maintain role-based access controls (RBAC), access governance standards, segregation of duties, and least-privilege access models. Administer Privileged Identity Management (PIM), privileged access controls, privileged account governance, and delegated administration models. Conduct access reviews, entitlement reviews, and certification activities to ensure appropriate access to systems and applications. Administer and maintain enterprise Public Key Infrastructure (PKI), including certificate authorities, certificate lifecycle management, issuance, renewal, revocation, and governance. Manage digital certificates supporting users, devices, applications, servers, network infrastructure, and cloud services. Support certificate-based authentication, passwordless authentication, and device trust technologies across enterprise platforms. Partner with Network Engineering teams to support secure wired, wireless, VPN, remote access, and device authentication services. Monitor identity, authentication, PKI, and NAC platform health while proactively identifying and addressing operational issues. Develop automation using PowerShell, Microsoft Graph, and related technologies to improve provisioning, governance, monitoring, and reporting processes. Build and maintain operational dashboards, metrics, and reporting related to identity health, access governance, compliance, and platform performance. Support compliance, audit, and regulatory requirements through evidence collection, reporting, and control validation. Partner with Cybersecurity teams to implement secure identity controls aligned with Zero Trust principles and enterprise security standards. Participate in incident response, root cause analysis, and remediation activities related to identity, authentication, and access management services. Create and maintain technical documentation, architecture diagrams, operational runbooks, and support procedures. Evaluate emerging identity, authentication, PKI, and access management technologies and recommend improvements that enhance security, scalability, and user experience. Provide technical guidance and mentorship to IT teams and application owners regarding identity and access management best practices. QualificationsBachelor's degree in Information Technology, Computer Science, Information Systems, Cybersecurity, or a related field, or equivalent experience. Minimum of 7 years of hands-on experience supporting Identity and Access Management technologies in a medium or large enterprise environment. Deep expertise with Microsoft Entra ID, including Conditional Access, Identity Protection, Multi-Factor Authentication, Identity Governance, and access lifecycle management. Strong experience implementing and supporting Single Sign-On technologies, including SAML, OAuth, OpenID Connect, LDAP, Kerberos, and SCIM provisioning. Experience designing and supporting automated Joiner, Mover, and Leaver (JML) processes and identity lifecycle management workflows. Hands-on experience with Privileged Identity Management (PIM), role-based access controls, access reviews, entitlement management, and access certification processes. Experience integrating enterprise SaaS platforms such as Microsoft 365, ServiceNow, Workday, SAP, Concur, Salesforce, MasterControl, and similar business applications. Strong experience with Microsoft Active Directory and hybrid identity environments. Experience administering enterprise Public Key Infrastructure (PKI), including Microsoft Active Directory Certificate Services (AD CS), certificate lifecycle management, and certificate-based authentication. Experience supporting modern identity security platforms such as Beyond Identity, Okta, Duo, Ping Identity, CyberArk, SailPoint, Saviynt, or similar technologies is highly desirable. Strong understanding of modern identity architecture, authentication protocols, Zero Trust principles, passwordless authentication, device trust, and identity-centric security models. Strong PowerShell scripting and automation experience. Experience utilizing Microsoft Graph API and related automation frameworks for identity administration and governance. Working knowledge of compliance controls, audit requirements, and identity governance best practices. Strong analytical, troubleshooting, communication, and documentation skills. Experience supporting global and geographically distributed organizations. Microsoft certifications such as SC-300 (Identity and Access Administrator), SC-100 (Cybersecurity Architect), or equivalent certifications are highly desirable. Our mission is to inspire advances in bioprocessing as a trusted partner in the production of biologic drugs that improve human health worldwide. Focused on cost and process efficiencies, we deliver innovative technologies and solutions that help set new standards in bioprocessing. The estimated salary range for this role, based in the United States of America is $130,000-$180,000. Compensation decisions are dependent on several factors including, but not limited to an individual's qualifications, location, internal equity, and alignment with market data. Additionally, employees are eligible to participate in one of our variable cash programs (bonus or commission) and eligible roles may receive equity as part of the compensation package. We offer a wide range of benefits such as paid time off, health/dental/vision, retirement benefits and flexible spending accounts. All compensation and benefits information will be confirmed in writing at the time of offer.

Verified and listed by ActiveJobs. Applications are made directly on ARTeSYN Biosolutions's own career page — we never sit in the middle.