Information Security Analyst - IAM

Role Purpose

We’re strengthening least‑privilege, Zero Trust access across our enterprise and customer environments. You’ll be the hands‑on owner for day‑to‑day identity lifecycle operations, SSO federation, privileged access safeguards, and audit‑ready evidence, partnering closely with Infra/Cloud, AppSec, and our managed SOC. Our IAM stack centers on federated SSO (SAML/OIDC), Microsoft Entra ID, AWS IAM / IAM Identity Center with permission boundaries/SCPs, MFA for privileged roles, Session Manager, and evidence via CloudTrail and service logs.

Why This Role Matters

Neology’s global operations demand a proactive security posture. By embedding identity management best practices into every layer of technology and process this role is vital to protecting sensitive data, reducing operational risk, supporting business agility and innovation, and meeting compliance requirements. As cyber threats evolve this role gets to adapt the implementation of Zero Trust principles and advanced authentication and identity management for long term security and efficiency.

Key Responsibilities

• Expand federated SSO (SAML/OIDC) for workforce users; Entra to AWS IAM Identity Center; Keycloak used for application SSO/OIDC where appropriate.


• Operate federated SSO: Configure/maintain SAML/OIDC integrations in Entra and Keycloak; manage app registrations, claims, conditional access, and SCIM where supported.


• Review and refine role‑based access (RBAC) designed for least privilege.


• Design and manage AWS access: Build and govern roles, permission boundaries, and SCPs across accounts; administer IAM Identity Center assignments aligned to RBAC and least‑privilege.


• Design and implement provisioning/deprovisioning tied to HR/IdP lifecycle; quarterly access reviews.


• Maintain evidence in Jira Service Management, Confluence, and SharePoint for version control, audit trails, and reporting.


• Migrate on‑prem AD (as needed) to cloud native IdP.


• Identity lifecycle (JML): Execute and continuously improve automated provisioning/deprovisioning; ensure immediate revocation on term/role change; drive quarterly access recertifications with control owners.


• Privileged access safeguards: Enforce MFA for privileged roles, govern break‑glass account procedures (issuance, vaulting, monitoring, drills).


• Session security & logging: Maintain Session Manager posture; validate CloudTrail/identity logs are complete, immutable, and integrated with SOC detection and reporting.


• Evidence & audit readiness: Maintain the access control matrix, role assignments, MFA enforcement reports, and change records in JSM/Confluence/SharePoint; close findings on schedule.


• App IAM enablement: Partner with product teams to design app‑level RBAC/ABAC, token scopes, and service‑to‑service identity patterns; review IaC changes touching IAM.


• Controls operations: Run access reviews, entitlement clean‑ups, and toxic‑combo checks; measure and reduce standing privileges; champion “no local accounts” exceptions down to zero.


• Incident support: Execute account lockout, session kill, and key rotation (e.g., KMS/JWKS) procedures during incidents; produce IAM evidence for post‑incident reports.


• Continuous hardening: Contribute to remote‑access controls, segmentation, and 2FA enforcement for admin paths; validate IdP–AWS–Keycloak trust configurations.

Required Qualifications

• Bachelor’s degree in Information Security, Computer Science, or related field.


• 3–5+ years in IAM or security engineering with hands‑on experience in Microsoft Entra ID, AWS IAM / IAM Identity Center, and SAML/OIDC/OAuth2 integrations.


• Working knowledge of RBAC/ABAC, permission boundaries, SCPs, conditional access, and MFA enforcement for privileged roles.


• Experience administering Keycloak (realms, clients, identity brokering, token policies) or equivalent.


• Proficiency with log analysis and evidence gathering from CloudTrail and IdP/application logs; comfort partnering with an external SOC.


• Familiarity with regulated environments and audit frameworks (e.g., ISO 27001, SOC 2, NIST 800‑53); strong documentation skills in JSM/Confluence/SharePoint.


• Scripting/automation (PowerShell, Python, or similar).

Preferred Skills

• Experience replacing SSH/RDP with Session Manager and governing break‑glass workflows.


• Background integrating Entra with on‑prem AD and third‑party IdPs; familiarity with KMS/JWKS key rotation.


• Exposure to Terraform or IaC workflows touching IAM policies/roles (review/guardrail mindset). Compliance as Code.


• Certifications: Azure (Identity & Access Admin), AWS Security Specialty, SSCP/Security+, CISSP, or similar.
  

Tools You’ll Use
Microsoft Entra ID, AWS IAM/IAM Identity Center, Keycloak, CloudTrail/identity logs, Jira Service Management, Confluence, SharePoint; scripting with PowerShell/Python.

Location

This position is fully remote unless located in the San Diego area. Then occasional trips to the Corporate Office in Carlsbad may be requested (training, meetings, etc.). Applicants must be located in one of the following states: AL, CA, CO, FL, GA, KS, KY, MD, MI, MN, MO, NC, NJ, NV, NY, OH, OK, OR, SC, TX, VA, WA .

Compensation

We offer a base pay of $90,000 - $120,000, plus incentive compensation and benefits. Please note that the base pay shown is a guideline, and individual total compensation will vary based on factors such as qualifications, skill level, competencies and work location. We also offer health plans, including flexible spending accounts, a 401(k) Plan with company match, and PTO. 

Sponsorship

This is a full-time, permanent position. US Citizens and those who are authorized to work independently in the United States are encouraged to apply. This includes GC-EAD, H4-EAD, and L1-EAD. We are unable to sponsor at this time. No OPT-EAD, H-1B, or TN candidates please.

About Neology

Neology, Inc. is a global technology company headquartered in Carlsbad, California, with manufacturing and operations facilities in North America, Latin America, Europe, and Asia Pacific. We’re partnering with our customers to [re]imagine mobility by combining Artificial Intelligence with state-of-the-art tolling, automated vehicle identification and classification, data processing, and digital payment systems – all delivered with superior service. It’s our mission to help communities around the world enhance mobility, increase sustainability, improve safety, and generate increased revenue.