Identity and Access Management Engineer

We are a values driven organization putting Relationships FIRST. EagleBank (NASDAQ - EGBN) is focused on being Flexible, Involved, Responsive, Strong, and Trusted. By prioritizing meaningful connections with our customers, employees, and shareholders, we relentlessly deliver the most compelling, valuable service to our customers.

EagleBank is committed to inclusion, equity, and respect. We celebrate diversity and intentionally seek out opportunities to learn from one another's experience. We believe employees are essential to the building of relationships and we prioritize investing in employee growth and wellbeing. Employee involvement is fostered through resource groups, mentorship programs, community service, and scholarship opportunities for continued education. With features including maternity and parental leaves, wellness discounts, healthcare premium sharing, employer funding in your HSA account, and 100% 401(k) matching up to 4%, we pride ourselves in the ways we support our internal relationships. The minimum and maximum projected annualized salary for this position is: $104,215.00 to $173,692.00. Additional compensation may be possible based on experience and skills.

Eagle Bank is seeking a motivated and technically strong IAM Engineer to join our Identity and Access management team within Information Security and contribute to the advancement of our enterprise identity program.

Our IAM function is actively evolving from manual, process-heavy access controls toward a scalable, automated, and architecture-driven identity model. This role offers hands-on exposure to federation, governance, automation, and IAM architecture within a regulated banking environment.

You will play a direct role in strengthening authentication controls, modernizing manual identity processes, and helping shape a more mature, system-enforced governance framework. This is an opportunity for an emerging IAM professional who wants to build engineering depth while contributing to a meaningful security transformation initiative.

Responsibilities:

Lead Federation & SSO: Implement and support enterprise integrations using SAML, OAuth 2.0, and OpenID Connect.
• Secure Authentication: Configure MFA, trust relationships, and secure authentication flows to protect identity perimeters.
• Modernize IAM Architecture: Design scalable workflows and target-state architectures to transition manual processes toward automation.
• Automate Workflows: Develop scripts (PowerShell, Python, Power Automate) and utilize APIs/SCIM to streamline identity lifecycle management.
• Lifecycle Management: Lead and enhance Joiner/Mover/Leaver (JML) processes to ensure seamless user transitions.
• Role Engineering: Refine RBAC models and lead structured role engineering initiatives to align with business needs.
• Governance & Compliance: Drive access certification campaigns, remediation tracking, and policy enforcement.
• Enforce Security Controls: Implement least-privilege access and Segregation of Duties (SoD) to mitigate organizational risk.
• Standardize Onboarding: Create reusable integration patterns and frameworks for onboarding new enterprise applications.
• Incident Response: Troubleshoot complex token, claims, and federation issues while responding to IAM-related control exceptions.
• Risk Management: Monitor IAM control effectiveness and participate in regular risk assessments and audits.
• Technical Documentation: Maintain comprehensive current-state and future-state process flows, control mappings, and technical designs.
• Strategic Roadmapping: Support long-term initiatives focused on reducing manual overhead and increasing system-enforced governance.

Required skills:

• Experience & Identity Core: 3+ years of IAM engineering experience with deep knowledge of Lifecycle Management, RBAC, SSO, MFA, and IGA.
• Authentication Protocols: Expert-level understanding of SAML, OAuth 2.0, and OpenID Connect for secure integrations.
• Platform Expertise: Hands-on experience with enterprise IAM tools like Microsoft Entra ID, SailPoint, Okta,
• Technical & Automation: Proficient in API integrations, scripting (PowerShell/Python), directory services (AD/LDAP), and cloud architecture.
• Governance & Documentation: Ability to map technical controls to frameworks (SOX/NIST) and create detailed architecture diagrams and SOPs.
• Analytical Communication: Strong ability to evaluate security risks and translate complex technical concepts for non-technical stakeholders.

Requirements:

• Bachelor's Degree in Arts/Sciences (BA/BS) in computer science, Information Security, or related field (or equivalent experience).
• 5 years of experience in IAM, Information Security, or related discipline with three years working as an engineer.
• Experience supporting IAM governance and federation platforms
• Familiarity with compliance frameworks applicable to financial institutions (SOX, FFIEC, NIST, etc.).
• Strong understanding and knowledge of authentication protocols (SAML, OAuth 2.0, OpenID Connect).
• Working knowledge on Identity concepts such as Identity lifecycle management, Role Based Access Controls (RBAC), access certifications, Single Sign On (SSO), Multifactor authentication, and Privileged Access Management (PAM).
• Demonstrate experience with or understanding of IAM process automation concepts and technologies.
• Experience working with IAM Platforms (e.g., Microsoft Entra ID, SailPoint, Okta, CyberArk, etc.) and supporting workflows is highly desirable.
• Experience working and implementing technical concepts like APIs, scripts, databases, directory services (LDAP/AD), and cloud platforms (Microsoft Entra ID).
• Familiarity with risk and compliance controls (e.g., SOX, NIST, etc.) is highly desirable.
• Experience developing comprehensive technical documentation for IAM implementations, including architecture diagrams, configuration standards, control mappings, process flows and operational SOPs/runbooks.
• Manage the end-to-end transition of technical implementations to operational teams, providing clear documentation and training to support long-term governance and risk management.
• Analytical mindset with ability to evaluate control effectiveness and procedural alignment
• Excellent communication, interpersonal, and presentation skills, with the ability to articulate technical concepts to non-technical stakeholders.

Preferences:

• Experience with SailPoint IdentityIQ, Saviynt Identity Governance, and Okta
• Experience with cloud environments (Preferably, Microsoft EntraID).
• Industry certifications such as Security+, SC-300, AZ-104, or CISSP Associate.

Don't meet all the requirements? We encourage you to still apply if you think you are the right person to join our community. We are always interested connecting with people inspired by our mission and values. If you aren't hired for this position, your resume will remain available for the next year and might be considered for future openings. Note: You can update your resume as often as needed.