IAM Engineer

As our IAM Engineer - Modern Authentication specialist, you will own / maintain the technical configuration of our Entra ID tenant with a primary focus on modernizing our authentication systems, as part of a wider Identity & Access Management strategy / project roadmap. Join our growing IAM team to have a hands-on key role on Authentication/Authorization topics, securing application onboarding & systems configuration hardening (ex: conditional access / adaptative MFA), designing, implementing & maintaining a robust, scalable framework to ensure a frictionless end-user experience.

• Access Management & Governance: Define, implement, and maintain Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) models across Vitol identity platforms, including on-prem AD, Entra ID and AWS. Partner with Security, Infrastructure, Cloud and Development teams to establish consistent access control standards across platforms and applications. Support the design and management of access models for applications, APIs, service accounts, cloud platforms and workload identities.
• System and Application Integration: Integrate external and internal applications with Vitol's identity providers for Single Sign-On (SSO) using SAML, OAuth, and OIDC protocols. Lead engagement and workshops with application development teams to support integration. Advise developers on secure authentication and authorization flows, including tokens, claims, scopes, roles, secrets, certificates and redirect URIs.
• Development Team Enablement: Work with Development teams to embed IAM best practices into shared libraries, frameworks, SDKs, templates and reference architectures. Help define reusable authentication and authorization components for Vitol applications. Ensure internal libraries support least privilege, secure token validation, secure session management, claims-based authorization, secretless authentication and modern federation patterns. Act as an IAM subject matter expert, helping teams choose the right protocol and identity architecture.
• Identity Lifecycle Management: Ensure secure provisioning and de-provisioning of user accounts within the "joiner, mover, leaver" (JML) process.
• Policy Enforcement: Implement, maintain and enforce identity security policies, including Multi-Factor Authentication (MFA), Conditional Access and least privileges. Help ensure policies are consistently applied across users, applications and platforms, while balancing security requirements with business usability.
• Troubleshooting & Support: Provide Tier 3 support for identity-related incidents, including authentication, authorization, SSO, federation and access issues. Work with infrastructure, security, cloud and application teams to diagnose root causes and implement effective resolutions.
• Automation: Utilize scripting (e.g., PowerShell, Python) and APIs/SCIM to automate identity lifecycle and access management workflows. Improve operational efficiency by reducing manual tasks, standardising processes and supporting scalable IAM operations.
• IAM as a service: Create and own the documentation of "IAM as a service"; Define onboarding processes, integration patterns and standard operating procedures for IAM services; Provide clear guidance to application teams on how to consume IAM services securely and efficiently.