NRECA is a unique national trade association providing advocacy, financial services and business support services to over 900 consumer owned electric cooperatives across the country. NRECA employees are united by our mission, inclusive culture, collaborative workplace and commitment to service excellence. As a "best place to work" employer, we operate with integrity, transparency, and a spirit of innovation.

Summary of Position

The IAM Engineer supports Identity and Access Management (IAM) tools, enhance processes, and improve policies related to user access and identity management and is responsible for delivering enterprise-wide Identity, Access, Directory and Authentication Services with capability to support Cloud and On-Prem Application services. THIS IS A HYBRID POSITION, located in Arlington, VA.

Key Responsibilities

• Provide technical leadership to a team of engineers to ensure successful delivery of IDP and IAM projects.
• Design, implement and maintain identity and access management solutions using Okta, Ping, Azure AD, OAuth, OIDC, SAML, Header-based authentication, SiteMinder (if available), LDAP, SCIM, e-directory, and other relevant technologies.
• Serve as a subject matter expert on authentication services, providing guidance and technical leadership to team members.
• Evaluate and recommend new IDP and IAM technologies and solutions that will help meet business needs.
• Ensure compliance with company and industry security standards and policies.
• Implement automation to streamline and improve identity management processes.
• Troubleshoot and resolve identity and access management issues
• Familiarity with DevOps tools and a mindset to promote a culture of automation Fostering Innovation and Automation: Developing and/or supporting the introduction of new and improved methods, products, procedures, or technologies
• Manage Applications Credentials, User Access Policy Management
• Troubleshoot MFA and Single-Sign on issues with Ping, Azure AD
• Assist application teams through the SDLC process (including requirements gathering, configuration, testing to integrate applications/systems with AM and PAM solutions)

Required Qualifications and Skills

• 8+ years experience in a technical role such as security, network, systems, or software engineer with at least 5 years focused on IAM
• 8+ years of experience engineering IAM solutions in AWS, Azure, or a large scale IDP implementation (Okta, Ping, etc)
• Working experience with SSO domains realms, rules, responses, and policies is expected with a minimum of 5 years of implementation experience with SSO and federation using SAML, OAuth, OIDC, Federation, APIs as well as experience with automating provisioning and deprovisioning access solutions
• Integration experience with SAML, OpenID Connect, Oauth, passwordless authentication, Multi Factor Authentication
• User directories: Understanding of LDAP, Virtual Directory Services, Directory Services, and Active Directory
• Experience must be at an Architecture Senior Engineering level with a proven record of designing and deploying complex systems for large enterprise level organizations

Formal Education Required:

Bachelor's Degree in Computer Science, Information Systems, Systems and Technology, Business Administration, or related field. Master's degree preferred.

Preferred Qualifications

• Experience with most standard Authentication protocols (Eg.: OAuth, OAuth2, OIDC, WS-Fed, WS-Trust, SAML, LDAP, SCIM) is required

Essential Physical Requirements

• Requires close visual acuity to perform activities, such as: preparing and analyzing data and figures; transcribing and writing; viewing a computer terminal; and reading details
• Requires ability to exert up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly to move objects. If the use of arm and/or leg controls requires exertion of forces greater than that for sedentary work and the worker sits most of the time, the job is rated for light work

Additional Requirement:

The preceding job description has been written to reflect management's assignment of essential functions. It does not prescribe or restrict the tasks that may be assigned. All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, or other legally protected status.

NRECA is committed to working with and providing reasonable accommodation to individuals with physical and mental disabilities. If you need special assistance or an accommodation while seeking employment, please e-mail humanresources@nreca.coop or call: 703-907-5992 - NRECA Arlington Human Resources. Please call 402-483-9275 - NRECA Lincoln Human Resources, for Lincoln, NE employment opportunities. We will make a determination on your request for reasonable accommodation on a case-by-case basis.

The U.S. Equal Employment Opportunity Commission (EEOC) recently released the '' poster, which updates and replaces the previous "EEO is the Law" poster and "EEO Is the Law Poster Supplement".

Pay Transparency Non-Discrimination. NRECA will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay. Please see the Pay Transparency Nondiscrimination Provision for more information.

E-Verify. As a Federal Contractor, NRECA is required to participate in the E-Verify Program to confirm eligibility to work in the United States. For information please click on the following link: .

For more information about life at NRECA please visit .