We're looking specifically for folks who place an emphasis on usable security and scaling
successfully through automation. Fanatics is a fast-growing company, and our security program
needs to be able to keep pace with that growth while not disrupting innovation.
As an IAM Engineer, you will be responsible for the overall strategy, planning, development &
support of Fanatics’ IAM solutions and its associated processes. You will provide overall
implementation and direction into the IAM functions across the organization, including
federation, privileged access management, authentication & authorization, certificate
management, security and provisioning identity data.
The IAM Engineer will work as part of Security team, and will work closely with service desk,
systems engineering, network security, audit, application developers and other engineers in
creating functional, scalable and secure IAM operations as well as the design and development
of new business applications. They will also be responsible for identifying, evaluating and
participating in decision making around new and emerging IAM technologies and will support
other areas of Information Security as needed.
RESPONSIBILITIES:
Lead the implementation and development process for the Identify and access
Management (IAM) program with a security focus.
Work with vendors and business partners to develop, implement and manage the IAM
program.
Lead program design and review working directly with business lines on the integration
requirements including provisioning, de-provision, and identity lifecycle into the IAM
platforms.
Develop strategy roadmaps for the IAM systems and the IAM program, develop
enterprise-wide standards for IAM.
Implement or coordinate remediation required by policies, standards, reviews, and
audits, documenting exceptions as necessary.
Define the user access security model for all systems and platforms. Enforcing least-
privilege model.
Provide subject matter expertise in multiple domain focus areas including but not
limited to: Privileged Access Management and Secrets Management tooling such as
CyberArk, Delinea, HashiCorp
Operation and maintenance of the Privileged Access Management and Secrets
Management platforms to support various business use cases, providing in-depth
technical consultation to business application development team to ensure
development of efficient application systems
Support PAM Security Strategy including provisioning, password management and
access policies, SSH key management, API key management and reporting.
Privileged Access Management (PAM)
PAM implementation and operationalization. Support the operation of the PAM
platform to ensure secure and efficient operation and usage for all lines of
business
PAM administration: Manage and mature the PAM platform including safe
design, policy configuration, and session isolation for privileged accounts.
Credential lifecycle: Own automated password/secret rotation, onboarding of
privileged and service accounts, and just-in-time access workflows to reduce
standing privilege.
Certificate/PAM convergence: Support the integration of certificate lifecycle
operations into the PAM platform, leveraging automation to reduce manual
certificate handling.
Auditing & reporting: Produce privileged access usage reports and support audit
evidence requests for SOC 2, PCI DSS, and ITGC controls.
Integrate PAM solution with various technologies. Provide security consultation
on internal projects focusing on business needs, security's role in change
management, and how data is transmitted internally and externally.
Design, configure, and maintain PAM solutions for Linux and Windows tools.
Access Management
Access governance: Support periodic access certifications, least-privilege
reviews, and segregation-of-duties analysis in partnership with Access
Governance and GRC teams.
RBAC/ABAC design: Define and maintain role-based and attribute-based access
models for critical applications.
Provisioning integrations: Build and maintain SCIM, API, and directory-based
integrations connecting HR systems, Active Directory, and downstream
applications.
Certificate Management:
Lifecycle ownership: Manage issuance, renewal, revocation, and inventory of
internal and external TLS/SSL certificates across cloud and on-prem
environments.
Automation: Build automated monitoring and renewal pipelines to eliminate
expiration-driven outages, integrating with CyberArk and internal CI/CD tooling.
PKI hygiene: Maintain certificate authority relationships, key management
standards, and rotation policies aligned to industry best practice.
SSO & Identity
Platform administration: Configure and maintain Okta as the enterprise SSO and
MFA provider, including application integrations (SAML, OIDC, Oauth, SWA),
policies, and group rules.
Authentication engineering: Implement adaptive MFA, conditional access
policies, and passwordless authentication initiatives.
App onboarding: Partner with application and engineering teams to onboard
new applications into Okta, including custom OIDC/SAML integrations for
internal tools.
AI identity operations: Support emerging identity controls for AI agents and
machine identities, including scoped OAuth tokens and service-to-service
authentication.
Lead IAM engineering strategy and execution, set the direction for engineering efforts,
drive technology selection (Including bus vs build decision) and act as the functional
technical leader during implementation.
Establish CIEM, ITDR, IGA strategy, implementation and operationalization
Evaluate and monitor project efforts, timelines, and task management
EDUCATIONAL REQUIREMENTS:
Bachelor’s degree in computer science, Information Systems, or equivalent combination
of education and experience
Relevant Security Certifications
EXPERIENCE REQUIRED:
A minimum of 5 years of experience.
QUALIFICATIONS, KNOWLEDGE, SKILLS & ABILITIES:
Experience designing, implementing, and managing complex IAM Solutions
Strong understanding on Identity and privileged constructs within Cloud environments.
An understanding and demonstrated use of DevOps tools (Bit bucket, Gitlab, Github, Jenkins,
Automated deployment tools) with CI/CD capabilities.
Experience in designing and implementing PAM solutions such as (BeyondTrust, CyberArk,
Delinea) for enterprise organizations.
Experience with password safe tools such as BeyondTrust Password safe and Powerbroker for
both Windows and Linux environments.
Experience with databases, LDAP and directory services, application servers, operating systems
and network infrastructure.
Strong understanding of Identity Lifecycle in regard to privileged accounts and how people use
accounts.
Experience with Zero Trust Security
Proficiency in Active Directory, LDAP, SAML, OAuth, IdPs
Demonstrate an advanced understanding of troubleshooting and configuring Privileged
applications, Privileged ID Management, and API integrations.
An understanding of the emerging authorization mechanisms based on Zanzibar/ReBAC.
Experience with CIEM, ITDR and IGA platforms
Maintain documentation related to IAM processes, configurations, incident response
procedures and run books.
Working knowledge of certificate management / PKI concepts (TLS, CA hierarchies, key
rotation).
Experience with configuration management tools like Terraform, Ansible, etc.
Experience with cloud technologies, e.g. AWS, Azure, GCP, OCI
Advanced programming experience (Python, Go, etc.)
General skills include:
Strong critical thinking and analytical skills
Ability to approach problem solving in a constructive and collaborative way that does
not require absolute security.
The ability to communicate complicated technical issues and risks to programmers,
network engineers and managers.
Strong leadership, project, and team-building skills
Exceptional communication skills with diverse audiences; the ability to be an
infrastructure security subject matter expert who can explain relevant topics to general
audiences.
Want jobs like this matched to you?
Swoopd scores fresh postings against your résumé so you only see the matches that matter.