IAM Engineer
Veracity Software Inc
•
Raleigh, NC
0
0
0
0
Mid-Senior level
Posted April 17, 2026
Job link
Thinking about this job
Responsibilities
Commitments
Responsibilities
- Explain and implement identity federation protocols (SAML, OAuth, OIDC)
- Work with SSO products beyond just configuration (actual integrations, flows, security)
- Apply IAM core concepts to real-world automation and network identity scenarios
- Ask scenario-based questions:
- Look for hands-on integration experience with SSO products, not just platform administration.
- Probe for security awareness: token expiration, replay attacks, certificate management.
- Principles of authentication vs. authorization
- Role-based access control (RBAC), attribute-based access control (ABAC)
- Identity lifecycle management (provisioning, de-provisioning, governance)
- SAML, OAuth, and OpenID Connect
- SAML 2.0: Assertions, bindings, metadata, IdP vs.
- OAuth 2.0: Grant types (Authorization Code, Client Credentials, Implicit, Device Flow), scopes, tokens (access, refresh, ID)
- OpenID Connect (OIDC): Identity layer on top of OAuth, ID token structure, claims
- Hands-on with enterprise SSO platforms (Okta, Ping Identity, Azure AD, ForgeRock, etc.)
- Experience integrating apps with SSO (SAML/OAuth flows)
Commitments
Duration: 12-24 Months
Location: Raleigh, NC/Charlotte, NC/Dallas, TX/Minneapolis, MN/Chandler, AZ - Hybrid Role (3 Days Onsite/2 Days WFH)
They are getting candidates who are stronger on Configuring, troubleshooting part in their interview.
They still need person to come in person interview, if, they go for in person then it would be 1 and done.
Not Met Priorities
What still needs stronger evidence
Requirements
- Explain and implement identity federation protocols (SAML, OAuth, OIDC)
- Work with SSO products beyond just configuration (actual integrations, flows, security)
- Apply IAM core concepts to real-world automation and network identity scenarios
- Look for hands-on integration experience with SSO products, not just platform administration.
- Probe for security awareness: token expiration, replay attacks, certificate management.
- IAM Core Concepts
- Principles of authentication vs. authorization
- Role-based access control (RBAC), attribute-based access control (ABAC)
- Identity lifecycle management (provisioning, de-provisioning, governance)
- Federation and trust models
- SAML, OAuth, and OpenID Connect
- SAML 2.0: Assertions, bindings, metadata, IdP vs.
- SP roles
- OAuth 2.0: Grant types (Authorization Code, Client Credentials, Implicit, Device Flow), scopes, tokens (access, refresh, ID)
- OpenID Connect (OIDC): Identity layer on top of OAuth, ID token structure, claims
- JWT: Structure, validation, signature verification
- SSO Products & Ecosystem
- Hands-on with enterprise SSO platforms (Okta, Ping Identity, Azure AD, ForgeRock, etc.)
- Experience integrating apps with SSO (SAML/OAuth flows)
- Understanding of MFA, adaptive authentication, and conditional access policies
Preferred Skills
- Look for hands-on integration experience with SSO products, not just platform administration.
- SAML, OAuth, and OpenID Connect
- SAML 2.0: Assertions, bindings, metadata, IdP vs.
- SP roles
- OAuth 2.0: Grant types (Authorization Code, Client Credentials, Implicit, Device Flow), scopes, tokens (access, refresh, ID)
- Hands-on with enterprise SSO platforms (Okta, Ping Identity, Azure AD, ForgeRock, etc.)
- Experience integrating apps with SSO (SAML/OAuth flows)
- Understanding of MFA, adaptive authentication, and conditional access policies
Job Title: IAM Engineer
Duration: 12-24 Months
Location: Raleigh, NC/Charlotte, NC/Dallas, TX/Minneapolis, MN/Chandler, AZ - Hybrid Role (3 Days Onsite/2 Days WFH)
Need strong profiles with IAM Core Concept, SAML Outh, and SSO products
They are getting candidates who are stronger on Configuring, troubleshooting part in their interview. However; not very strong on IAM Core concepts, SAML, OUTH and SSO products
They still need person to come in person interview, if, they go for in person then it would be 1 and done.
We should look for IAM architects/engineers who can:
Explain and implement identity federation protocols (SAML, OAuth, OIDC)
Work with SSO products beyond just configuration (actual integrations, flows, security)
Apply IAM core concepts to real-world automation and network identity scenarios
Screen candidates based on below:
Ask scenario-based questions:
"Explain how OAuth differs from SAML and when you'd use each.”
"Walk me through the SAML authentication flow between an IdP and SP.”
Look for hands-on integration experience with SSO products, not just platform administration.
Probe for security awareness: token expiration, replay attacks, certificate management.
Candidate Focus Areas:
IAM Core Concepts
Principles of authentication vs. authorization
Role-based access control (RBAC), attribute-based access control (ABAC)
Identity lifecycle management (provisioning, de-provisioning, governance)
Federation and trust models
SAML, OAuth, and OpenID Connect
SAML 2.0: Assertions, bindings, metadata, IdP vs. SP roles
OAuth 2.0: Grant types (Authorization Code, Client Credentials, Implicit, Device Flow), scopes, tokens (access, refresh, ID)
OpenID Connect (OIDC): Identity layer on top of OAuth, ID token structure, claims
JWT: Structure, validation, signature verification
SSO Products & Ecosystem
Hands-on with enterprise SSO platforms (Okta, Ping Identity, Azure AD, ForgeRock, etc.)
Experience integrating apps with SSO (SAML/OAuth flows)
Understanding of MFA, adaptive authentication, and conditional access policies
Duration: 12-24 Months
Location: Raleigh, NC/Charlotte, NC/Dallas, TX/Minneapolis, MN/Chandler, AZ - Hybrid Role (3 Days Onsite/2 Days WFH)
Need strong profiles with IAM Core Concept, SAML Outh, and SSO products
They are getting candidates who are stronger on Configuring, troubleshooting part in their interview. However; not very strong on IAM Core concepts, SAML, OUTH and SSO products
They still need person to come in person interview, if, they go for in person then it would be 1 and done.
We should look for IAM architects/engineers who can:
Explain and implement identity federation protocols (SAML, OAuth, OIDC)
Work with SSO products beyond just configuration (actual integrations, flows, security)
Apply IAM core concepts to real-world automation and network identity scenarios
Screen candidates based on below:
Ask scenario-based questions:
"Explain how OAuth differs from SAML and when you'd use each.”
"Walk me through the SAML authentication flow between an IdP and SP.”
Look for hands-on integration experience with SSO products, not just platform administration.
Probe for security awareness: token expiration, replay attacks, certificate management.
Candidate Focus Areas:
IAM Core Concepts
Principles of authentication vs. authorization
Role-based access control (RBAC), attribute-based access control (ABAC)
Identity lifecycle management (provisioning, de-provisioning, governance)
Federation and trust models
SAML, OAuth, and OpenID Connect
SAML 2.0: Assertions, bindings, metadata, IdP vs. SP roles
OAuth 2.0: Grant types (Authorization Code, Client Credentials, Implicit, Device Flow), scopes, tokens (access, refresh, ID)
OpenID Connect (OIDC): Identity layer on top of OAuth, ID token structure, claims
JWT: Structure, validation, signature verification
SSO Products & Ecosystem
Hands-on with enterprise SSO platforms (Okta, Ping Identity, Azure AD, ForgeRock, etc.)
Experience integrating apps with SSO (SAML/OAuth flows)
Understanding of MFA, adaptive authentication, and conditional access policies