**Job Description:** Responsible for the implementation, configuration, and maintenance of the organization’s IAM systems and processes to ensure secure and efficient management of user identities, roles, and access permissions. This role involves developing and deploying IAM solutions that align with organizational policies, regulatory requirements, and industry best practices. The IAM Engineer collaborates closely with other technology teams, cybersecurity, and business stakeholders to manage identity lifecycles, enforce access controls, and streamline user authentication and authorization. Core responsibilities include, but are not limited to, supporting IAM tools and platforms, troubleshooting issues, and contributing to security initiatives such as single sign-on (SSO), multifactor authentication (MFA), and role-based access control (RBAC), privileged access management (PAM), active directory (AD), and certificate services. **Tri-State recognizes the value of a highly-engaged and committed workforce and provides an excellent benefits program that includes:** Medical Insurance, Dental Insurance, Vision Insurance Health Savings Account (HSA), Flexible Spending Accounts (FSA), Tuition Reimbursement, Flexible Work Schedules including compressed work week and telecommuting opportunities to work remotely up to 50%, Life Insurance, 401K, Long Term Disability (LTD), Short Term Disability (STD), Employee Assistant Program (EAP) and Paid Leave Benefits. **IAM Engineer** Hiring Salary Range: $106,000-$135,000 Actual compensation offer to candidate may vary outside of the posted hiring salary range based upon work experience, education, and/or skill level. **Responsibilities:** + Configure, implement, and maintain IAM solutions, including directory services, single sign-on (SSO), multifactor authentication (MFA), and privileged access management (PAM). + Develop and maintain workflows and processes for identity lifecycle management, access provisioning, and deprovisioning. + Manage the lifecycle of digital certificates, including issuance, renewal, revocation, and troubleshooting, to ensure data integrity and secure communications. + Integrate IAM systems with enterprise applications and third-party platforms to streamline authentication and authorization processes. + Administer and maintain IAM platforms, ensuring high availability, performance, and scalability. + Perform regular system updates, patches, and configurations to meet security and operational standards. + Troubleshoot and resolve IAM-related issues in a timely and efficient manner. + Implement role-based access control (RBAC), least privilege principles, and other security best practices. + Collaborate with security and compliance teams to meet regulatory and audit requirements. + Monitor and analyze IAM system logs for suspicious activities and take corrective actions. + Work with business units to gather IAM requirements and provide secure solutions tailored to their needs. + Provide technical guidance and training to technology staff and end-users on IAM processes and technologies. + Develop and deploy automation scripts and tools to improve efficiency and accuracy in IAM operations. + Continuously evaluate and optimize IAM processes to enhance user experience and reduce administrative overhead. + Creating and maintaining documentation of all systems and application configurations and modifications. + Develop, implement, and regularly test disaster recovery and redundancy plans to enhance cybersecurity resilience and ensure secure business continuity during outages or emergencies. + Update recovery plans to reflect changes in technology, threat landscape, and operational requirements. + Maintain comprehensive documentation of IAM configurations, processes, disaster recovery plans, and incident reports. + Maintain compliance with all company policies and procedures and attain knowledge and remain knowledgeable of regulations, laws, standards, and best practices applicable to functional area. + Because Tri-State has an obligation to provide continuous, reliable electric service to its customers, the ability to work overtime at any time of the day or week is considered an essential function of the job. **OTHER DUTIES/RESPONSIBILITIES** + Perform other related duties as assigned. **Qualifications:** Education and Training: + Bachelor’s degree in cybersecurity, computer science, information technology, information security, information assurance, or a related field. + An MS, MBA, or related advanced degree desired. + Professional IAM certification preferred such as Certified Identity Management Professional (CIMP),Certified Identity and Access Manager (CIAM), or Certified Identity and Security Technologist (CIST). Knowledge and Experience: + Eight (8) years’ experience in IAM engineering or a related field. + Proficiency in IAM technologies such as Okta, Azure AD, SailPoint, Ping Identity, or similar platforms. + Strong understanding of directory services (e.g., Active Directory, LDAP). + Experience with security protocols and standards (e.g., SAML, OAuth, OpenID Connect, Kerberos). + Comprehensive knowledge and experience with authentication standards and technologies such as multifactor authentication, JSON Web Token (JWT), etc. + Familiarity with scripting and automation tools (e.g., PowerShell, Python, JavaScript). + Knowledge of cloud platforms (e.g., AWS, Azure, Google Cloud) and their IAM features. + Knowledge of business continuity and disaster recovery planning. + Experience working within a utility or energy sector is desired. Skills: + Excellent problem-solving and critical-thinking abilities, with a strong focus on operational efficiency and performance optimization. + Excellent communication and collaboration skills, with the ability to effectively engage with both technical teams and business stakeholders. + Strong project management abilities, with a focus on hands-on involvement in key projects and initiatives. + Ability to manage multiple priorities and meet deadlines in a fast-paced environment. + High attention to detail, commitment to service excellence and continuous improvement. Other: + Willingness to travel as required for training and meetings throughout service territory. + Must be able to perform all essential functions of the job. **About Us:** Tri-State is a wholesale power supply cooperative, operating on a not-for-profit basis, with 44 members, including 41 utility electric distribution cooperative and public power district members in four states: Colorado, Nebraska, New Mexico and Wyoming. Together with its members, Tri-State delivers reliable, affordable and responsible power and energy services to more than a million electricity consumers across nearly 200,000 square miles of the West. Tri-State was founded in 1952 by its member systems to provide a reliable, cost-based supply of electricity. Headquartered in Westminster, Colo., approximately 1,200 people are employed by Tri-State across five states. Tri-State's electricity is generated from coal, natural gas and hydropower, with a rapidly increasing supply generated from wind and solar. Tri-State delivers power to its members through a transmission system that includes substation facilities, telecommunications sites and over 5,700 miles of high voltage transmission lines. Tri-State's transformative Responsible Energy Plan is reducing emissions, increasing renewable resources, developing new energy services and delivering more flexibility for its members. **Job Identification:** 287 **Job Category:** Information Technology **Posting Date:** 2025-01-14T22:02:24+00:00 **Job Schedule:** Full time **Hiring Salary Range:** $106,000-$135,000 **Locations:** 1100 W 116th Ave, Westminster, CO, 80234, US All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status.