Privia Health

IAM Engineer

Posted 17 Hours Ago

Be an Early Applicant

Hiring Remotely in USA

Remote

100K-120K Annually

Senior level

Healthtech

The Role

The IAM Engineer at Privia Health is responsible for designing, implementing, and maintaining identity and governance platforms, ensuring security compliance and optimizing user experience. They will work cross-functionally to enhance security measures, integrate IAM solutions with other systems, and streamline identity lifecycle management.

Summary Generated by Built In

Company Description

Privia Health elevates the patient-provider relationship by delivering tools, talent, and technology built to transform healthcare. Our proven, physician-focused platform is designed to reduce unnecessary costs, achieve better outcomes, and improve patient health and provider well-being.

Job Description

Overview of the Role: Reports to the Sr. Manager of IT Audit & Security. The IAM Engineer fulfills a critical role in the design, implementation, and continuous development of Privia’s identity and governance platforms, Sailpoint IdentityNow and Ping One Identity (ForgeRock), ensuring they meet the organization's IGA and CIAM needs. This position is also vital in maintaining and developing processes and procedures for the authorization, maintenance, governance, and termination of user access for both workforce and non-workforce identities. The IAM Engineer will collaborate across departments to identify and address flaws in the company’s security systems and procedures, working with management to optimize the user lifecycle experience and improve the company’s overall security posture. The IAM Engineer is also responsible for integrating the identity platform with other Privia systems like Google Workspace, HRIS systems, and mission and business-critical systems. They will work with various teams and stakeholders to ensure that workflows related to access and data management comply with security policies, industry standards, and best practices.

CLOUD/SAAS

Experience with user provisioning in cloud environments such as Google Workspace or Microsoft 365.
Familiarity with Google Workspace or Google Cloud is preferred.
Strong understanding of access controls, authentication, and authorization models in cloud-based platforms.

APPLICATION (Applications, Database, Interfaces)

Understanding of securing a three-tier application architecture in the context of identity and access management.
Knowledge of cloud-based security architecture, including multi-cloud environments and the differences between cloud-native applications and virtualized environments such as Citrix or VDI.
Must have proven advanced experience using Identity and Access Management (IAM) and Identity Governance and Administration (IGA) platforms. With a strong preference for expertise in SailPoint IdentityNow or Ping Identity (ForgeRock)

AUTOMATION/SCRIPTING/INTEGRATION

Experience with automation and scripting tools such as GAM (Google Apps Manager), Google Apps Script, Python, PowerShell, JavaScript, and other relevant languages to support identity lifecycle management.
Proficiency in REST and SCIM APIs for automating user provisioning, deprovisioning, and access management across IAM, IGA, and CIAM solutions.
Strong focus on automation, streamlining IAM processes, and identifying integration opportunities to enhance security and efficiency.

IGA/IAM/CIAM/PAM

Extensive experience with Identity Governance and Administration (IGA) platforms, particularly SailPoint IdentityNow, including the implementation of RBAC, ABAC, and automated provisioning workflows.
Expertise in designing and implementing enterprise-level CIAM solutions, particularly with Ping Identity/ForgeRock.
Proven ability to integrate IAM and IGA solutions with single sign-on (SSO) protocols such as SAML, OAuth, and OpenID Connect to enhance security while optimizing user experience.
Strong background in defining and enforcing IAM policies, implementing fine-grained access controls, and managing identity lifecycle events (Joiner, Mover, Leaver) in enterprise environments.
Skilled in leading IAM architecture discussions, providing strategic technical guidance, and driving best practices in identity security across complex SaaS and cloud environments.

EHR/EMR (Preferred)

Experience with application support for an EHR/EMR - athenaOne preferred.
Knowledge in the creation, modification, and termination of user profiles within an EHR/EMR application.

Qualifications

5+ years of experience with designing and building complex IAM/IGA/CIAM implementations.
3+ years of hands-on experience working with SailPoint, including expertise in its implementation, configuration, and management.
5+ years of experience in user provisioning and lifecycle management, with a strong engineering perspective on designing and automating identity solutions. Preference for experience in healthcare technology.
Strong security skills as outlined above, including expertise in IAM, IGA, and CIAM solutions.
Must adhere to all HIPAA rules and regulations.

Preferred Qualifications:

Bachelor's Degree in Computer Science or a related field.

The salary range for this role is $100,000.00 - $120,000.00 in base pay and exclusive of any bonuses or benefits (medical, dental, vision, life, and pet insurance, 401K, paid time off, and other wellness programs). This role is also eligible for an annual bonus targeted at 15% . The base pay offered will be determined based on relevant factors such as experience, education, and geographic location.

Additional Information

All your information will be kept confidential according to EEO guidelines.

Technical Requirements (for remote workers only, not applicable for onsite/in office work):

In order to successfully work remotely, supporting our patients and providers, we require a minimum of 5 MBPS for Download Speed and 3 MBPS for the Upload Speed. This should be acquired prior to the start of your employment. The best measure of your internet speed is to use online speed tests like https://www.speedtest.net/. This gives you an update as to how fast data transfer is with your internet connection and if it meets the minimum speed requirements. Work with your internet provider if you have questions about your connection. Employees who regularly work from home offices are eligible for expense reimbursement to offset this cost.

Privia Health is committed to creating and fostering a work environment that allows and encourages you to bring your whole self to work. Privia is a better company when our people are a reflection of the communities that we serve. Our goal is to encourage people to pursue all opportunities regardless of their age, color, national origin, physical or mental (dis)ability, race, religion, gender, sex, gender identity and/or expression, marital status, veteran status, or any other characteristic protected by federal, state or local law.