We are hiring a Sr. Identity and Access Management Engineer on our Identity and Access Management team at BCBST!
In this role, you will play a critical part in strengthening and scaling our enterprise Identity Governance and Administration (IGA) capabilities, with a strong focus on the Saviynt platform. You’ll support backend IGA operations while driving upgrades, enhancements, and automation across the identity lifecycle. On a day-to-day basis, you’ll design and implement integrations for user provisioning, onboard applications using APIs and connectors, and ensure seamless Joiner-Mover-Leaver (JML) processes. You’ll collaborate across teams to improve access controls, reduce risk, and enhance security posture through automation and emerging AI-driven workflows. This is a highly hands-on role where you’ll work with modern identity technologies, cloud platforms, and complex data sources to deliver scalable and secure identity solutions.
To be successful in this role, in addition to the core job requirements, you’ll bring deep hands-on experience with Saviynt and a strong foundation in IAM and IGA principles. You will be a strong candidate if you have expertise in scripting and automation, building API-based integrations for user lifecycle management, and onboarding systems and applications using SCIM, REST APIs, flat files, JDBC, and directory services like Active Directory and LDAP. Experience with identity federation (SAML, OAuth, OIDC), cloud IAM platforms (Entra ID, AWS IAM, Google Cloud IAM), and tools such as Entra, Okta, or Ping is highly valued. Additionally, strong SQL query development skills, working knowledge of JSON/XML, and experience configuring certifications, access controls, and role-based models (RBAC, SoD rule creation, birthright access) will set you apart—especially if you’ve leveraged automation or AI to optimize identity workflows.
Note:
-
This is a remote, work-from-home position, but the final round of interviews will take place on-site in our Chattanooga, TN office.
-
On-call rotation is required (1 week every 8 weeks).
-
Occasional onsite presence is expected (approximately once per quarter).
-
Sponsorship is not available for this role.
Job Duties & Responsibilities
-
Engineering and implementation of security technology solutions centric to Identity and Access Management security, participating and/or assisting other team members in a rotating on-call schedule to promptly resolve high-priority issues that surface outside of normal business hours.
-
Implementation, integration, configuration, and monitoring of Identity and Access Management solutions to ensure system health and proper SSO, MFA, provisioning/deprovisioning, and reduction of system related errors, while ensuring compliance with corporate security standards and policies.
-
Provides input into Access Control design and implementation, Application Credentials, ABAC (Attribute-Based Access Control) and RBAC (Role Based Access Control) roles, User Access Policy Management, Privileged Access Management, User Entitlements, Workflow, and Rule centralization, while ensuring documentation is kept accurate with environment changes.
-
Scripting, automation, and orchestration to drive efficiencies within Identity and Access Management, while partnering with security and risk teams to implement and maintain security policies and configurations in accordance with corporate requirements and guidelines.
-
Assist in development/management of the password vault solution, while ensuring accounts are properly identified and setup in the centralized repository, actual application/system, and IAM solution with appropriate ownership across all three application/systems.
Job Qualifications
Education
-
Bachelor's Degree in a Computer Sciences or Information Systems related field or equivalent work experience.
Experience
-
5 years - Experience in Information Security and/or IT related experience required.
-
Comprehensive experience configuring and leveraging SSO and step-up authentication to support authorization, including federation services.
Skills\Certifications
-
Demonstrated ability to lead, document, and meet deadlines for projects from milestones to tasks and identify ownership per project with implementation knowledge and expectations.
-
Demonstrated ability to interpret and translate technical and/or or complex concepts into information meaningful to IAM team members and/or business personnel.
-
Proficient in Microsoft Office (Outlook, Word, Excel and PowerPoint).
-
Proven analytical and problem-solving skills and ability to perform non-routine analytical tasks.
-
Proven ability to provide Security integration, automation, and configuration efforts with Security oversight for software in the BCBST environment.
-
Proven ability to determine Technical Security Baselines and ensure the baselines meet BCBST Policy and Standards.
-
Proficient understanding of troubleshooting approaches, including knowledge of underlying security tools, networking, server, application, and cloud environments.
-
Windows scripting and automation methodology (PowerShell, VBScript, Perl, Batch programming).
-
Well-developed understanding of APIs, databases, and file connections for application connections.
-
Proven ability to plan, prioritize, organize, configure, and coordinate across multiple applications and systems.
-
Ability to work independently with minimal supervision or function in a team environment sharing responsibility, roles, and accountability.
-
Preferred CISSP, CISA, CRISC, or SANS certification.
Number of Openings Available
1
Worker Type:
Employee
Company:
BCBST BlueCross BlueShield of Tennessee, Inc.
Applying for this job indicates your acknowledgement and understanding of the following statements:
BCBST will recruit, hire, train and promote individuals in all job classifications without regard to race, religion, color, age, sex, national origin, citizenship, pregnancy, veteran status, sexual orientation, physical or mental disability, gender identity, or any other characteristic protected by applicable law.
Further information regarding BCBST's EEO Policies/Notices may be found by reviewing the following page:
BCBST's EEO Policies/Notices
BlueCross BlueShield of Tennessee is not accepting unsolicited assistance from search firms for this employment opportunity. All resumes submitted by search firms to any employee at BlueCross BlueShield of Tennessee via-email, the Internet or any other method without a valid, written Direct Placement Agreement in place for this position from BlueCross BlueShield of Tennessee HR/Talent Acquisition will not be considered. No fee will be paid in the event the applicant is hired by BlueCross BlueShield of Tennessee as a result of the referral or through other means.