Lead Identity & Access Management Engineer

We are seeking an experienced Lead Engineer to spearhead our global Directory Services, Authentication Services, and Privileged Access Management (PAM) initiatives. As a key member of our Identity and Access Management (IAM) team, you will lead a distributed team of engineers, driving the design, implementation, and optimization of secure, scalable, and innovative IAM solutions. This role requires deep technical and hands on experience, a passion for automation, and the ability to foster collaboration across global teams.

At Aon, we shape decisions for the better to protect and enrich the lives of people around the world.

As an organization, we are united through trust as one inclusive team, and we are passionate about helping our colleagues and clients succeed.

• Leadership and Team Management
• Lead, mentor, and motive a global team of engineers, fostering a culture of collaboration, innovation, and continuous improvement
• Provide technical guidance, training, and career development support to team members to enhance their skills in IAM technologies
• Prioritize and delegate tasks effectively, ensuring alignment with organizational goals and project timelines.
• Technical Strategy and Execution
• Design, implement, and maintain robust Directory Services (e.g. Active Directory, LDAP, Azure AD), Authentication Services (e.g. SSO, MFA, OAuth, SAML) and Privileged Access Management solutions.
• Identify synergies across the IAM pillars to streamline processes, enhance our security posture, and improve user experience.
• Drive the development and adoption of automation to eliminate manual processes, leveraging tools like PowerShell, Python, or other scripting languages
• Cross Functional Collaboration
• Partner with other engineering cybersecurity engineers and IT teams to align IAM strategies with broader organizational objectives.
• Collaborate with stakeholders to define requirements, assess risk, and implement solutions that meet compliance and security standards (e.g. NIST, ISO 27001, GDPR)
• Innovation and Optimization
• Proactively identify opportunities to enhance system performance, scalability, and reliability through automation and modern IAM practices
• Stay current with industry trends and emerging technologies in IAM, recommending and implementing best practices.
• Incident Response and Problem Resolution
• Oversee incident response for IAM-related issues, ensuring rapid resolution and root-cause analysis
• Develop and maintain documentation, runbooks, and processes to ensure operational excellence

• Experience
• 8+ years of experience in IAM, with at least 3 years in a leadership or lead engineer role managing global distributed teams
• Proven expertise in Directory Services (e.g. Microsoft Active Directory, Azure AD / Entra ID, LDAP) .. Authentication Services (e.g. Okta, SAML, OAuth), and Privileged Access Management (e.g.. CyberArk and Beyond Trust).
• Technical Skills
• Strong proficiency in scripting and automation tools (e.g PowerShell, Python, and other scripting tools) to streamline IAM workflows.
• Deep understanding of IAM protocols, standards, and frameworks (e.g. Kerberos, LDAP, SCIM, OAuth 2.0, SAML).
• Experience with cloud-based IAM solutions
• Familiarity with security standards and compliance requirements (e.g. NIST, SOC 2 GDPR)
• Leadership Skills and Soft Skills
• Exceptional ability to prioritize efforts, manage competing demands, and deliver results in a fast-paced environment.
• Strong communication skills, with the ability to articulate complex technical concepts to both technical and non-technical stakeholders
• Proven track record of mentoring and motivating engineers, fostering a collaborative and inclusive team culture
• Education
• Bachelor's degree in computer science, Information Technology, or a related field for equivalent experience).
• Relevant certifications (e.g. CISSP, CISM, Microsoft Certified Identity and Access Administrator, or equivalent) are a plus
• Preferred Qualifications
• Experience with DevOps practices and tools (e.g.. CI\CD pipelines, infrastructure as Code) to integrate IAM solutions into broader IT workflows
• Knowledge of zero-trust security models and their application in IAM.
• Prior experience working in a global, distributed team environment with diverse cultural and time zone considerations.

Why Join Us?

• Impact: Lead transformation IAM initiatives that enhance security and efficiency for a global organization.
• Innovation: Work with cutting-edge technologies and drive automation to solve complex challenges.
• Growth: Join a collaborative team where your leadership and technical expertise will shape the future of our IAM strategy.

In addition to our comprehensive benefits package, we encourage an inclusive workforce. Plus, our agile, inclusive environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two "Global Wellbeing Days" each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions, but we also recognize that flexibility goes beyond just the place of work... and we are all for it. We call this Smart Working!

Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued.

Aon values an innovative and inclusive workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace.

Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. People with criminal histories are encouraged to apply.

We welcome applications from all and provide individuals with disabilities with reasonable adjustments to participate in the job application, interview process and to perform essential job functions once onboard. If you would like to learn more about the reasonable accommodations we provide, email ReasonableAccommodations@Aon.com

For positions in San Francisco and Los Angeles, we will consider for employment qualified applicants with arrest and conviction record in accordance with local Fair Chance ordinances.

Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time.

The salary range for this position (intended for U.S. applicants) is $135,000 to $170,000 annually. The actual salary will vary based on applicant's education, experience, skills, and abilities, as well as internal equity and alignment with market data. The salary may also be adjusted based on applicant's geographic location.

This position is eligible to participate in one of Aon's annual incentive plans to receive an annual discretionary bonus in addition to base salary. The amount of any bonus varies and is subject to the terms and conditions of the applicable incentive plan.

Aon offers a comprehensive package of benefits for full-time and regular part-time colleagues, including, but not limited to: a 401(k) savings plan with employer contributions; an employee stock purchase plan; consideration for long-term incentive awards at Aon's discretion; medical, dental and vision insurance, various types of leaves of absence, paid time off, including 12 paid holidays throughout the calendar year, 15 days of paid vacation per year, paid sick leave as provided under state and local paid sick leave laws, short-term disability and optional long-term disability, health savings account, health care and dependent care reimbursement accounts, employee and dependent life insurance and supplemental life and AD&D insurance; optional personal insurance policies, adoption assistance, tuition assistance, commuter benefits, and an employee assistance program that includes free counseling sessions. Eligibility for benefits is governed by the applicable plan documents and policies.

#LI-NS1

#LI-REMOTE