Identity and Access Management Consultant

Who We Are:

Collective Insights is a group of experienced consultants who looked around and decided to create a different kind of partnership for the modern enterprise: one focused on increasing the business value of tailored transformation and technology solutions.  We are rooted in three guiding principles:

• Transform Clients
• Nurture Careers
• Uplift Communities

What Makes Us Unique:

At CI our core values are not just a set of words on a wall; they are uniquely woven into the fabric of who we are as a company. 

• We Have Compassion: We respect each other and are free from bias of any kind in how we approach our work. We show esteem and honor for one another and the clients we serve.
• We Have Integrity: We are truthful, honest, and open in our actions and relationships, and perform our work with a high ethical standard.
• We Are Responsible: We are focused on growth the right way while fulfilling our obligations to each other and our clients.
• We Are Trusting: We have confidence in one another to do what we have committed to do. We always assume positive intent.

Don’t just take our word for it, hear it directly from our people:

Job Description:

As an Identity and Access Management Consultant, you will build and integrate identity solutions across Identity & Access Management, Identity Governance & Administration, Privileged Access Management and machine identity/secrets. You will configure platforms, engineer policies and connectors, automate deployments (IaC/CI‑CD), and validate end‑to‑end flows with high quality and documentation. Primary platforms include Microsoft Entra ID & Entra ID Governance (primary), Okta, Ping, SiteMinder/OAM, SailPoint/Saviynt, CyberArk/BeyondTrust/Delinea EPM, and Azure Key Vault / Entra workload identity federation.

What You Will Be Doing: 

• Solution Design: Configure OIDC/SAML apps, Conditional Access, device trust, FIDO2/Passkeys, step‑up auth; implement lifecycle workflows (joiner/mover/leaver), access packages, access reviews, SCIM connectors; onboard privileged accounts/secrets, session recording, JIT elevation, endpoint privilege controls; implement Key Vault/managed identity, AKS federation, certificate enrollment/renewal, and secret rotation automation.

• Client Engagement: Translate architecture into build tasks and acceptance criteria; communicate trade‑offs and impacts in clear, actionable terms.

• Implementation: Automate with Terraform/Bicep, PowerShell/Python, and CI/CD (Azure DevOps/GitHub Actions); enforce policy‑as‑code, testing (unit/integration), linting, and code reviews; execute cutovers, blue‑green/rollback, and performance tuning.

• Compliance & Risk Management: Implement controls that satisfy regulatory and security requirements (e.g., NIST 800‑63, ISO 27001, HIPAA/HITRUST, PCI‑DSS, SOX, FedRAMP, NYDFS 500). Ensure privileged access, secrets, and logs meet auditability and SoD expectations.

• Technical Leadership: Demonstrate technical depth, mentor other resources, and contribute scripts, modules, and how‑tos; participate in design and threat‑model reviews.

• Documentation & Reporting: Maintain as‑built docs, config baselines, runbooks, and knowledge transfer materials; provide status, risk/issue tracking, and metrics (e.g., MFA coverage, JML SLAs, privileged onboarding).

• Continuous Improvement: Instrument monitoring/alerting (Log Analytics/KQL), validate DR/backups, and tune policies for usability and security; contribute accelerators that reduce delivery time/cost.

• Practice Development: Support demonstrations, POCs, and SoW inputs (effort estimates, assumptions, dependencies).

What You Bring:

• Experience: 2–5+ years implementing IAM across at least two areas (SSO/MFA, IGA, PAM/EPM, machine identity), including scripting and CI/CD.

• Education: Bachelor’s in Computer Science, Information Security, or related field—or equivalent practical experience.

• Technical Expertise: Hands‑on with Entra ID (Conditional Access, PIM, B2B/B2C/External ID), Okta/Ping; SailPoint or Saviynt; CyberArk/BeyondTrust/Delinea EPM; Azure Key Vault, managed identity, AKS federation; APIs/Graph; Terraform/Bicep; PowerShell/Python; CI/CD with Azure DevOps/GitHub Actions; observability (KQL/Log Analytics). Development of scripts using tools like powershell/python/javascript/Logic Apps/Power Automate/Flow/Automation Accounts utilizing APIs including Graph API/Rest/SOAP/XML.
• Solution Design and Implementation Experience: Ability to translate architecture into secure, testable designs with clear acceptance criteria and rollback plans. Track record of integrating HRIS/AD/LDAP/SaaS, migrating legacy WAM, and delivering high‑quality builds with automated testing and code review discipline.

• Problem-Solving & Communication: Strong debugging, performance tuning, and root‑cause analysis; bias for automation and simplification. Concise documentation and status reporting; ability to explain technical decisions to mixed audiences.

• Industry Knowledge: Appreciation of regulated‑industry expectations and common audit asks for identity controls and evidence.
• Client-Facing Skills: Comfortable leading working sessions, Knowledge Transfer, and UAT support; proactive in surfacing risks/assumptions.

• Demonstrated Passion: Contributions to scripts/modules, community forums, or knowledge sharing; stays current on passkeys, tenant isolation, and identity threat defenses.

• Certifications (highly desirable): Microsoft SC‑300, AZ‑500; Okta, Ping, SailPoint, Saviynt; CyberArk Defender/Sentry; BeyondTrust/Delinea; HashiCorp Terraform Associate; AZ‑104.

Additional Requirements:

Availability for periodic client travel and professional engagements. Commitment to continuous learning and keeping pace with evolving identity platforms, patterns, and threats.

Join us: