Senior IAM Engineer

Passionate about precision medicine and advancing the healthcare industry?

Recent advancements in underlying technology have finally made it possible for AI to impact clinical care in a meaningful way. Tempus' proprietary platform connects an entire ecosystem of real-world evidence to deliver real-time, actionable insights to physicians, providing critical information about the right treatments for the right patients, at the right time.

• As a Senior IAM Engineer, you will be the primary architect and guardian of our identity perimeter. You will design, implement, and maintain scalable identity solutions that secure our workforce. Your focus will be on transitioning away from manual provisioning toward a fully automated "Identity-as-Code" model using Okta Workflows and API integrations.

• Key Responsibilities

  • Architectural Leadership: Design and scale our Okta tenant, ensuring high availability and global best practices for SAML, OIDC, and OAuth 2.0 integrations.

  • Automation & Orchestration: Build complex lifecycle management (LCM) flows using Okta Workflows to automate joiner/mover/leaver processes across HRIS, AD, and downstream SaaS apps.

  • Hybrid Identity Management: Manage and optimize the synchronization between Active Directory (AD) and cloud identity providers.

  • API Integration: Develop custom integrations using REST APIs to connect homegrown or niche applications that lack out-of-the-box support.

  • Security & Compliance: Implement Adaptive Multi-Factor Authentication (MFA), Passwordless strategies, and regular access certifications to meet SOC2/ISO 27001/SOX requirements.

  • Escalation Support: Serve as the Tier 3 expert for complex authentication issues and identity-related security incidents.

• Technical Qualifications

  • Okta Mastery: 5+ years of experience managing Okta at an enterprise scale, including advanced Workflows and Okta Expression Language.

  • Protocol Expertise: Deep understanding of the "Identity Trinity":SAML 2.0: XML-based assertions and troubleshooting.OIDC/OAuth 2.0: Scopes, claims, and grant types (Authorization Code vs. Client Credentials).SCIM: Automating user provisioning and deprovisioning.

  • Directory Services: Strong background in Active Directory (Group Policy, Kerberos, DNS) and how it interfaces with modern cloud tenants.

  • Programming/Scripting: Proficiency in Python, PowerShell, or JavaScript for interacting with APIs and automating repetitive tasks.

  • Modern Security: Familiarity with Zero Trust Architecture (ZTA) and Least Privilege principles.

• Soft Skills

  • Problem Solver: You don't just fix the symptom; you find the root cause in the protocol trace.

  • Communicator: Ability to explain complex authentication flows to non-technical stakeholders (e.g., HR or Legal).

  • Continuous Learner: The identity landscape shifts weekly; you enjoy staying ahead of new standards like FIDO2 or Passkeys.

• Bonus Points

  • Okta Certified Professional/Administrator/Consultant.

  • Experience with Infrastructure as Code (Terraform) for managing Okta resources.

  • Experience with Privileged Access Management (PAM) tools.

  • Experience with Identity Governance and Administration (IGA) tools.

#LI-HR1

#LI-Hybrid

CHI - $120,000-$160,000

The expected salary range above is applicable if the role is performed from Illinois and may vary for other locations (California, Colorado, New York). Actual salary may vary based on qualifications and experience. Tempus offers a full range of benefits, which may include incentive compensation, restricted stock units, medical and other benefits depending on the position.

We are an equal opportunity employer. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.