# Senior Identity Engineer

**Company:** [SmithRx](https://hotfix.jobs/companies/smithrx)
**Location:** Lehi, UT
**Role:** Security Engineering
**Experience:** 5+ years
**Skills:** Okta, Aws Iam, Opa, Rego, Workday, SAML, OIDC, Oauth 2.0, SCIM, Aws Sso, Zero Trust, HIPAA
**Posted:** 2026-07-03

> Lead modernization of identity stack as technical cornerstone of Identity & Access pod, focusing on Non-Human Identity (NHI), AI agent governance, Okta/Workday integration, AWS IAM, OPA/Rego policies, and zero-trust solutions in a HIPAA-regulated healthcare environment. Requires 5+ years IAM experience with deep Okta and cloud expertise.

## Job Description

## Responsibilities
- Architect and manage HR-driven provisioning by integrating Okta with Workday (Workday-as-a-Master) to automate complex attribute mapping and secure JML lifecycles.
- Engineer and deploy robust SSO (SAML 2.0, OIDC, OAuth 2.0) and SCIM provisioning for major enterprise applications, particularly Salesforce and Google Workspace.
- Design least-privilege policies and manage AWS Identity Security, including cross-account role assumption, identity federation via Okta, and AWS SSO (Identity Center).
- Implement decoupled authorization for cloud-native applications utilizing Open Policy Agent (OPA) and authoring strict access policies in Rego.
- Secure autonomous AI workflows by assigning distinct identities to AI models, governing their API access, and applying strict sandboxing.
- Own the lifecycle for traditional non-human identities (service accounts, OAuth tokens, API keys, X.509 certificates) to prevent secret sprawl.
- Implement zero-trust device posture checks by integrating MDM telemetry and device certificates with Okta for macOS and Windows endpoints.
- Mentor junior engineers, conduct architecture reviews, write documentation/runbooks, and elevate identity security maturity.

## Requirements
- 5+ years of hands-on experience engineering, deploying, and managing enterprise IAM environments with deep Okta expertise.
- Strong hands-on background in AWS IAM, OPA, Rego, and designing zero-trust cloud architectures.
- Proven track record discovering, managing, and rotating machine identities, with a forward-looking approach to securing programmatic AI workflows.
- Advanced experience integrating core HRIS platforms (Workday) with Identity Providers, and managing complex fleet authentication (macOS/Windows).
- Solid understanding of access control principles in highly regulated sectors (e.g., Healthcare, HIPAA, Privacy), including continuous access reviews and audit logging.
- Passion for maintaining detailed documentation and translating complex identity concepts into scalable, automated solutions.

## Nice-to-Haves
- Okta, AWS or SANS relevant Identity certifications.
- Deep experience mapping identity controls directly to ISO, SOC2, HITRUST, and specific privacy regulation frameworks.

## Similar roles

- [Senior Software Engineer](https://hotfix.jobs/jobs/2ad28874-4486-42ff-949a-ec54985c2762) - Snowflake - Bellevue, WA - $200k – $288k/yr
- [Software Security Engineering Manager, Secure Frameworks](https://hotfix.jobs/jobs/26e1ecde-76c2-491f-951c-78e9c075c076) - Anthropic - San Francisco, CA - $405k – $485k/yr
- [Founding Security Engineer](https://hotfix.jobs/jobs/6deb6526-e0c3-42a9-9c29-360c4354d869) - Forus - New York, NY
- [Manager, Supply Chain Protection & Loss Intelligence](https://hotfix.jobs/jobs/9e3a84ce-58cf-480f-bf1d-6fefa2cf89bf) - Flexport - Miami, FL
- [Physical Security Manager](https://hotfix.jobs/jobs/053f4772-7be2-438c-b890-e7752ae44a12) - Crusoe - Dallas, TX

**Apply:** https://hotfix.jobs/jobs/2b832255-eed5-4386-83ca-ec9b072eb837
**Canonical:** https://hotfix.jobs/jobs/2b832255-eed5-4386-83ca-ec9b072eb837