Job Description, Responsibilities & Requirements
About the Position
We are seeking a Lead AI-Augmented IAM Security Engineer to lead the hands-on implementation, configuration, automation, and day-to-day operation of enterprise Identity and Access Management (IAM). This is a senior delivery-and-operations leadership role that works within the designs, standards, role models, and policies set by IAM architects and security leadership, while guiding a team of engineers in execution. The focus is on leading the building, configuration, scripting, running, and troubleshooting of IAM, mentoring engineers, and ensuring operational excellence - not defining target-state architecture, role models, or governance policy.
Responsibilities
- Lead a team of IAM engineers, providing technical direction, mentorship, code and configuration reviews, and ensuring quality, consistency, and on-time delivery of IAM work.
- Plan, prioritize, and coordinate the team's workload across IAM projects, operational tasks, incidents, and AI-automation initiatives, balancing delivery against operational stability.
- Implement, configure, and operate IAM solutions and controls based on architecture, standards, and designs defined by IAM architects and security leadership, and ensure the team executes consistently against those standards.
- Own and oversee identity lifecycle (Joiner / Mover / Leaver) processes, including automated provisioning and deprovisioning across target systems.
- Drive configuration of core IAM capabilities, including SSO, federation, MFA, and passwordless authentication, conditional access, RBAC/ABAC role models, and least-privilege access.
- Lead the development and deployment of IAM integrations and connectors with cloud platforms, SaaS applications, enterprise systems, directories, authoritative source systems, databases, and APIs.
- Oversee access certification and review campaigns, entitlement clean-up, and segregation-of-duties (SoD) rule configuration in line with access policies defined by architects and the business.
- Operate and govern Privileged Access Management controls, including credential vaulting, secrets rotation, session management, and just-in-time and just-enough access.
- Define and uphold standards for automation scripts, workflows, and IAM tooling built using PowerShell, Python, REST APIs, SCIM, Terraform, or similar technologies.
- Oversee IAM platform health monitoring, incident response, troubleshooting, patching, upgrades, and configuration hardening, acting as a senior escalation point.
- Maintain IAM logging, alerting, and monitoring practices, and ensure backup and recovery procedures are executed according to defined runbooks and resilience requirements.
- Drive the adoption of AI-assisted automations and agentic workflows that reduce manual effort across daily IAM operations, such as access request triage, entitlement analysis, anomaly detection, root-cause analysis, privileged access review support, compliance evidence collection, and documentation generation.
- Lead the integration of AI agents and LLM-backed automations into IAM systems and operational pipelines, connecting models to internal tools, APIs, directories, ticketing, and IAM platforms via function calling, SCIM, REST, and webhooks.
- Establish and curate reusable prompts, structured-prompting patterns, and prompt templates, and implement retrieval over IAM policies, role catalogs, runbooks, and documentation (for example RAG) so AI assistants answer from current authoritative internal sources.
- Define and enforce output verification, human-in-the-loop approval gates, and rollback paths in AI-assisted IAM workflows, so no AI-driven change reaches production access without review.
- Implement and govern security and privacy controls for IAM AI usage, including least-privilege access for agents, secrets and credential handling, prompt-injection resistance, redaction of sensitive identity data, and full auditability of AI-driven actions.
- Monitor AI-assisted IAM automations in production, measure their accuracy and impact, continuously tune prompts, tools, and workflows, and ensure the team produces operational documentation, runbooks, and standard operating procedures while supporting audits and compliance evidence requests.
- Partner with IAM architects, security leadership, and stakeholders across engineering, infrastructure, security operations, compliance, and business teams to translate strategy into executable delivery plans.
- Grow the team through hiring input, onboarding, coaching, performance feedback, and individual development planning.
Requirements
- Bachelor's degree in Computer Science, Cybersecurity, Engineering, or equivalent practical experience.
- 5+ years of hands-on experience implementing or operating Identity and Access Management solutions.
- 1+ years of leadership experience, such as tech lead, team lead, squad lead, or engineering manager, with proven ability to direct, mentor, and grow a team of engineers.
- Demonstrated leadership skills, including the ability to set technical direction, prioritize workload, run reviews, resolve conflicts, drive accountability, and represent the team to stakeholders.
- Strong experience with at least one enterprise IAM, IGA, PAM, or federation platform.
- Deep understanding of IAM concepts, including identity lifecycle, authentication and authorization, SSO, federation, MFA, RBAC/ABAC, least privilege, and privileged access.
- Solid knowledge of common IAM protocols and standards such as SAML, OAuth 2.0, and OpenID Connect, alongside SCIM, LDAP, and Kerberos.
- Proven experience configuring IAM controls, policies, connectors, and access governance workflows at enterprise scale.
- Working knowledge of cloud IAM concepts across at least one major cloud platform such as Azure, AWS, or GCP.
- Strong scripting and automation experience using at least one of PowerShell, Python, Bash, REST APIs, SCIM, or Terraform, with the ability to set coding and automation standards for the team.
- Demonstrated capability to work closely with and influence developers, architects, infrastructure engineers, security operations, compliance teams, and business stakeholders.
- Competency to define, follow, maintain, and continuously improve IAM and security processes, leading change execution from tickets, runbooks, and designs while escalating design-level questions appropriately.
- Practical experience leading AI-assisted productivity and automation beyond basic chatbot usage, including building AI agents, automating repetitive IAM tasks, integrating LLMs with tools and documents, prompt engineering, and using AI tools securely with awareness of sensitive identity data.
- Strong communication and stakeholder-management skills, with the ability to explain IAM issues, technical decisions, trade-offs, and remediation steps to both technical and non-technical audiences, including senior leadership.
Nice to Have
- Familiarity with IAM platforms such as Microsoft Entra ID, Active Directory, and Okta, alongside Ping Identity, ForgeRock, Auth0, SailPoint, Saviynt, or CyberArk.
- Experience with CIAM, B2B/B2C identity, customer identity, external identity, or partner access scenarios, plus SIEM/SOAR integrations for IAM monitoring, alerting, and automated response.
- Experience with CI/CD-based IAM deployment, configuration-as-code, and automated testing of IAM changes.
- Familiarity with AI/LLM platforms or frameworks such as Azure OpenAI, Amazon Bedrock, and Microsoft Copilot Studio, alongside LangChain, AutoGen, or Power Automate.
- Understanding of AI security risks, including data leakage, prompt injection, excessive agency, insecure tool use, model governance, and sensitive identity data exposure.
- SC-300, Okta Certified Professional / Administrator / Consultant, SailPoint, Saviynt, CyberArk, or Ping Identity certifications, CISSP, CISM, CISA, CCSK, CCSP, SSCP, AI-900, or AWS Certified AI Practitioner.
We Offer
- Hybrid work arrangement in the Republic of Lithuania.
- Opportunity to work in a dynamic and innovative environment.
- Competitive salary and benefits package.
- Professional development opportunities.
- Collaborative and inclusive company culture.
About the Company
[Company description if present]