Staff System Engineer I -Saviynt IGA, IAM, Azure AD, Entra ID

Responsibilities

• Design and implement the full identity lifecycle in Saviynt: joiner provisioning, role assignment, mover workflows, leaver deprovisioning, and account reconciliation
• Lead access review campaign configuration in Saviynt: Role Owner Campaigns, User Access Management Campaigns, manager and role-owner certification workflows, and vacation delegation handling
• Own the Saviynt-Azure AD/Entra ID SSO integration and API authentication architecture for downstream app connectivity
• Drive integration with cross-functional ITG teams to resolve sandbox/dev environment dependencies, connector configuration, and environment refresh protocols
• Set the technical direction for Blue Yonder's IAM architecture across IGA (Saviynt), PAM (Delinea), MFA Everywhere, Conditional Access, and AD/Entra ID
• Design the identity-edge Zero Trust model, replacing VPN-centric access with an identity-first architecture built on Entra ID Conditional Access, Saviynt governance, and Delinea privileged access controls
• Define and maintain the IAM technical roadmap in partnership with the Identity Security manager, translating business and compliance requirements into sequenced engineering deliverables
• Evaluate and guide the consolidation of identity tools around Microsoft E5 (Entra ID, Defender for Identity) and drive rationalization of legacy identity infrastructure
• Architect JIT provisioning capabilities to address access governance gaps, including Blue Yonder personnel with direct admin accounts in customer environments
• Lead M&A IGA design work, establishing a scalable onboarding pattern for acquired entities that integrates into the core Saviynt/AD stackC
• Own the technical controls and evidentiary artifacts that support SOX access review attestation, SOD enforcement, and QAR (Quarterly Access Review) campaigns
• Collaborate directly with Internal Audit to ensure the IGA program's access governance outputs satisfy audit requirements
• Design and implement Segregation of Duties (SOD) rule sets in Saviynt, with clear conflict detection, exception handling, and compensating controls
• Support ISO 42001 AI governance requirements as they intersect with identity tooling and access controls for AI systems
• Ensure access governance controls for SOX-in-scope applications (Salesforce/Apttus, Workday HCM, Workday Strategic Sourcing, ShareWorks, AD) are complete, documented, and auditor-ready ahead of the October 30, 2026 go-live commitment
• Own the technical response to the JSOX deprovisioning deficiency: partner with HR on termination workflow timing, removal of back-end manager approval bottlenecks, and implementation of timely leaver deprovisioning controls that satisfy JSOX requirement
• Serve as the senior technical mentor on the Identity Security team, upleveling engineers on Saviynt platform depth, IAM architecture patterns, and compliance-grade delivery standards
• Establish technical standards for IGA engineering: test case quality, sprint closure criteria, test data generation, and peer review norm
• Act as the technical interface with Saviynt Professional Services, GuidePoint (PAM managed services), and Microsoft (Entra ID/Defender), ensuring vendor deliverables meet Blue Yonder's architecture and compliance requirements
• Contribute to the Security AI Agents program by identifying identity-adjacent automation opportunities (e.g., Saviynt, Delinea, Entra ID MCP integrations)

Requirements

• 8+ years of experience in Identity & Access Management, Identity Security Engineering, or Security Engineering roles with demonstrated delivery of enterprise IAM programs
• Deep, hands-on Saviynt implementation experience: connector configuration, role management, access request workflows, access review campaigns, and Workday/AD/Salesforce in

Benefits

Additional Information

Scope: We are seeking an experienced and technically deep Staff Security Engineer to lead Blue Yonder's Identity & Access Management engineering program. This role serves as the technical owner of the Saviynt IGA implementation-Blue Yonder's most strategically critical security program-while also setting the architecture direction for a wider IAM portfolio spanning privileged access management (Delinea), MFA enforcement, Entra ID/Active Directory, and identity governance policy.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Blue Yonder? Share your experience