Senior IAM Engineer

If you're passionate about building a better future for individuals, communities, and our country-and you're committed to working hard to play your part in building that future-consider WGU as the next step in your career.

Driven by a mission to expand access to higher education through online, competency-based degree programs, WGU is also committed to being a great place to work for a diverse workforce of student-focused professionals. The university has pioneered a new way to learn in the 21st century, one that has received praise from academic, industry, government, and media leaders. Whatever your role, working for WGU gives you a part to play in helping students graduate, creating a better tomorrow for themselves and their families.

The salary range for this position takes into account the wide range of factors that are considered in making compensation decisions including but not limited to skill sets; experience and training; licensure and certifications; and other business and organizational needs.

At WGU, it is not typical for an individual to be hired at or near the top of the range for their position, and compensation decisions are dependent on the facts and circumstances of each case. A reasonable estimate of the current range is :

Grade : Technical 410

Pay Range : $140,200.00 - $217,200.00

Job Description

Senior Identity & Access Management (IAM) Engineer

Location : Salt Lake City, UT (Hybrid) | Relocation Assistance Provided

Build the future of secure access at WGU

At Western Governors University, our mission is to change lives through education-and protecting the data and systems that make that possible is critical to our success. We're on a journey to modernize our entire Identity & Access Management (IAM) ecosystem, and we're looking for a Senior IAM Engineer who's ready to take ownership, lead with expertise , and build something transformational from the ground up.

You'll help migrate WGU's IAM systems from Ping Identity and SailPoint IIQ to Microsoft Entra ID, designing a modern, automated environment that strengthens security, improves user experience, and sets the standard for best practices university-wide . This is a hands-on engineering role where you'll not only build but also mentor, influence, and elevate the way IAM is done at scale.

What You'll Do

Design, implement, and maintain IAM solutions that enable secure, efficient access for students, staff, and systems across the university.

Lead the modernization initiative -driving our migration to Microsoft Entra ID and building automation and best practices into every step.

Develop and optimize role-based access control (RBAC), single sign-on (SSO), and authentication protocols (SAML, OAuth, OIDC).

Automate and improve identity lifecycle processes-reducing onboarding time from days to minutes.

Troubleshoot and resolve complex IAM issues across environments and applications.

Collaborate cross-functionally with product managers, infrastructure teams, and security leadership to define strategy and policies aligned with FERPA and university standards.

Mentor and coach a team of self-taught engineers-helping them grow in IAM engineering best practices, coding, and architecture.

Stay ahead of the curve, exploring new IAM tools, AI capabilities, and emerging technologies to continually evolve WGU's approach to secure identity management.

Why You'll Love It Here

This is not your average IAM role. You'll be walking into a greenfield opportunity-a chance to shape how a major institution manages identity and access from the ground up. You'll see the direct impact of your work every day :

Faster onboarding for employees and students.

Fewer support tickets and smoother user experiences.

Stronger compliance and data protection.

A modern IAM environment built for the future of education.

You'll join a collaborative, down-to-earth team where engineers support each other, knowledge-share openly, and celebrate wins together. If you've ever wanted to build something lasting and mentor others while still staying hands-on, this is your chance.

What You'll Bring

Required Qualifications

Bachelor's degree in Computer Science , Information Technology, or related field (or equivalent experience).

6 + years of experience in software engineering or IAM engineering roles.

Deep expertise in Microsoft Entra ID (Azure AD) and role-based access control (RBAC).

Strong understanding of authentication standards-SAML, OAuth, and OpenID Connect-and ability to explain these to non-technical stakeholders.

Proficiency in at Java or Python

Proven experience implementing SSO, MFA, and IAM solutions across complex environments.

Familiarity with Ping Identity, SailPoint IIQ, or other IAM tools.

Excellent communication skills and the ability to work cross-functionally with technical and non-technical partners.

Preferred Qualifications

Experience designing IAM architectures in cloud or hybrid environments (Azure, AWS).

Working knowledge of APIs, data security, and automation frameworks.

Familiarity with scripting languages (PowerShell, Bash) and tools (Git, JIRA, IntelliJ / VS Code).

Experience in higher education or nonprofit environments a plus .

Spanish language skills are a bonus.

Who You Are

You're equal parts engineer, problem-solver, and mentor. You bring both technical depth and strong communication skills. You're comfortable questioning "how we've always done it" and replacing it with smarter, automated, modern solutions. Most importantly, you care deeply about making systems more secure and user-friendly-because you know that every minute saved helps students and faculty focus on what really matters : learning.

Position & Application Details

Full-Time Regular Positions (classified as regular and working 40 standard weekly hours) : This is a full-time, regular position (classified for 40 standard weekly hours) that is eligible for bonuses; medical, dental, vision, telehealth and mental healthcare; health savings account and flexible spending account; basic and voluntary life insurance; disability coverage; accident, critical illness and hospital indemnity supplemental coverages; legal and identity theft coverage; retirement savings plan; wellbeing program; discounted WGU tuition; and flexible paid time off for rest and relaxation with no need for accrual, flexible paid sick time with no need for accrual, 11 paid holidays, and other paid leaves, including up to 12 weeks of parental leave.

How to Apply : If interested, an application will need to be submitted online. Internal WGU employees will need to apply through the internal job board in Workday.

Additional Information

Disclaimer : The job posting highlights the most critical responsibilities and requirements of the job. It's not all-inclusive.

Accommodations : Applicants with disabilities who require assistance or accommodation during the application or interview process should contact our Talent Acquisition team at recruiting@wgu.edu.

Equal Employment Opportunity : All qualified applicants will receive consideration for employment without regard to any protected characteristic as required by law.