IAM Engineer
Vitol
Vitol is an energy and commodities company with revenues of $331 billion in 2024; its primary business is the trading and distribution of energy products globally – it trades over seven million barrels per day of crude oil and products and, at any time, has 250 ships transporting its cargoes.
Vitol’s clients include national oil companies, multinationals, leading industrial companies and utilities. Founded in Rotterdam in 1966, today Vitol serves clients from some 40 offices worldwide and is invested in energy assets globally including 24mM3 of storage, 850kbpd of refining capacity, and 10,000 service stations. To date, we have committed over $2.5 billion of capital to renewable projects and are identifying and developing low-carbon opportunities around the world.
Job Description
As our IAM Engineer - Modern Authentication specialist, you will own / maintain the technical configuration of our Entra ID tenant with a primary focus on modernizing our authentication systems, as part of a wider Identity & Access Management strategy / project roadmap. Join our growing IAM team to have a hands-on key role on Authentication/Authorization topics, securing application onboarding & systems configuration hardening (ex: conditional access / adaptative MFA), designing, implementing & maintaining a robust, scalable framework to ensure a frictionless end-user experience.
- Access Management & Governance: Define, implement, and maintain Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) models across Vitol identity platforms, including on-prem AD, Entra ID and AWS. Partner with Security, Infrastructure, Cloud and Development teams to establish consistent access control standards across platforms and applications. Support the design and management of access models for applications, APIs, service accounts, cloud platforms and workload identities.
- System and Application Integration: Integrate external and internal applications with Vitol's identity providers for Single Sign-On (SSO) using SAML, OAuth, and OIDC protocols. Lead engagement and workshops with application development teams to support integration. Advise developers on secure authentication and authorization flows, including tokens, claims, scopes, roles, secrets, certificates and redirect URIs.
- Development Team Enablement : Work with Development teams to embed IAM best practices into shared libraries, frameworks, SDKs, templates and reference architectures. Help define reusable authentication and authorization components for Vitol applications. Ensure internal libraries support least privilege, secure token validation, secure session management, claims-based authorization, secretless authentication and modern federation patterns. Act as an IAM subject matter expert, helping teams choose the right protocol and identity architecture.
- Identity Lifecycle Management: Ensure secure provisioning and de-provisioning of user accounts within the "joiner, mover, leaver" (JML) process.
- Policy Enforcement: Implement, maintain and enforce identity security policies, including Multi-Factor Authentication (MFA), Conditional Access and least privileges . Help ensure policies are consistently applied across users, applications and platforms, while balancing security requirements with business usability.
- Troubleshooting & Support: Provide Tier 3 support for identity-related incidents, including authentication, authorization, SSO, federation and access issues. Work with infrastructure, security, cloud and application teams to diagnose root causes and implement effective resolutions.
- Automation: Utilize scripting (e.g., PowerShell, Python) and APIs/SCIM to automate identity lifecycle and access management workflows. Improve operational efficiency by reducing manual tasks, standardising processes and supporting scalable IAM operations.
- IAM as a service : Create and own the documentation of "IAM as a service"; Define onboarding processes, integration patterns and standard operating procedures for IAM services; Provide clear guidance to application teams on how to consume IAM services securely and efficiently.
Qualifications
- Bachelor's degree in Information Security, Computer Science, or a related field - equivalent professional experience will also be considered.
- 4/5+ years in IAM / Authentication / Security engineering
- Deep knowledge of IAM standards and protocols: SAML, OIDC, OAuth2, SCIM, LDAP, PKI basics, and modern auth patterns
- Experience onboarding and supporting SaaS, web, mobile, and API applications & systems with standards/protocols mentioned above into IAM solutions
- Strong understanding of cloud identity patterns (esp. AWS & Azure), hybrid identity, and Zero Trust
- Ability to communicate architecture decisions clearly to technical and non-technical stakeholders
- Hands-on experiences / proven expertise as an Identity Security Engineer (& administrative experience with privileged roles) of following tools/modules/platforms:
- Microsoft Cloud environment:
- Core Microsoft Identity: deep expertise in Entra ID, Entra Connect / Cloud Sync, and Graph API
- Identity Governance: deployment and management of PIM, Access Reviews, and Entitlement Management
- Advanced configuration of Identity Protection (user/sign-in risk), Risk-based Conditional Access, and Microsoft Defender for Identity (MDI)
- EntraID Workload Identities
- Collaboration cross-tenant / multi-tenant organizations
- ADFS / PTA / PHS
- Intune & endpoint integration
- Azure Key Vault & other Azure managed services
- AWS Cloud Environment
- AWS IAM Users, Groups, Roles & Policies Management
- AWS Organizations & Service Control Policies (SCPs)
- AWS IAM Identity Center (SSO) & Federation
- Least-Privilege Enforcement & Access Analysis
- Secrets Management & Temporary Credentials
- AWS KMS for secure credential and key management.
- Modern Authentication Deployment:
- Methods / Passwordless technologies: Windows Hello for Business, FIDO2 security keys, Microsoft Authenticator, Certificate-based Auth
- Protocols: OAuth 2.0, OpenID Connect, SAML 2.0
- Hardware: YubiKeys, TPM-based biometrics, Passkeys
- SSPR / self-service tools, AAD Password Protection
- Application management: app registration, Entreprise App, managed identity, ServicePrincipal…
- Dashboard creation: PowerBI / Workbook Azure
- Scripting: Powershell / Python / etc
- Develop custom scripts from scratch and optimize existing codebase to automate identity workflows and system administration
- Directories: Active Directory
- ADDS & AD authentication services (NTLM / Kerberos)
- 3-tier model & delegation model for AD services
- FSMO roles, GPO management, AD backup/restore…
- Microsoft Cloud environment:
- Certifications: one or more of the following would be held by the candidate: SC-300, AZ-500, MS-500
- Good knowledge of:
- Principles & technical mechanisms of identity & access management, Privileged Access Management
- Cloud/IaC: AWS/Azure/GCP IAM, Terraform, CI/CD
- Observability/Security: SIEM, EDR integrations, centralized logging
Additional Information
Personal Characteristics
- A self-motivated individual who thrives on seeing the results of their work make an impact
- Strong communication skills, both verbally and in writing
- Proven ability to be flexible, work hard, and a sense for the art of the possible
- Methodical, organized and with an attention to detail - in general, in experimental design, and in code!
- Willingness to share their knowledge and learn from others
- An interest in learning about the commodities space
- Resourceful, able to think creatively and adapt in a dynamic environment
- Team player, with an open non-political style and a high level of integrity
What we offer
- Competitive salary and benefits package
- Real-world impacts on a truly global scale
- Entrepreneurial environment within a flat hierarchy, where great ideas come to life quickly
- Close collaboration with various teams and stakeholders across our key regions (eg. London, Singapore, Houston, Geneva)
- A highly motivated MIS organization comprised of experienced individuals with a supportive attitude and great team spirit
- ...accompagner des projets stratégiques liés à la cyberadministration, aux référentiels métiers et à la gestion des identités et des accès (IAM). Vous interviendrez en tant qu'Analyste Métier Senior au sein d'un environnement Agile, avec une forte interaction entre métiers,...EmpfohlenCDI
- ...une équipe en charge des services d’authentification et d’autorisation d’accès. Au sein du domaine Identity & Access Management (IAM), vous interviendrez sur des plateformes critiques permettant la gestion sécurisée des accès à de nombreux services digitaux....EmpfohlenVollzeit
- ...•Expérience de 3 ans et plus dans des équipes Agile/Scrum •Parfaite maitrise du français à l'oral et à l'écrit •Expérience sur IAM / SSO / gestion des accès / Identités numériques •Expérience dans la mise en place de référentiels et des outils correspondants (MDM...EmpfohlenVollzeit
CHF 140000 pro Jahr
...numériques. Pour renforcer les activités « Authentification et autorisation d'accès », il recherche un·e ingénieur·e senior expérimenté·e en IAM, en particulier sur les technologies et protocoles d'authentification SSO et de fédération d'identités en environnement complexe de...Empfohlen- ...collaborateurs en mission chez nos clients grands comptes dans tout secteur d'activité. Mission Nous recherchons un(e) Ingénieur(e) Senior IAM spécialisé(e) en gestion des identités et des accès pour contribuer à l'évolution, à l'exploitation et au support de services d'...Empfohlen
- ...poste : Dans le cadre du renforcement des équipes d'un de nos clients basé à Genève, nous recherchons un(e) Senior Business Analyst IAM (H/F). Responsabilités : - Recueillir, analyser et challenger les besoins métiers auprès des différentes parties prenantes. -...Vollzeit
- ...Pour notre client, une large organisation dans la région d'Annecy, comptant pres de 30k collaborateurs, nous recherchons un Ingénieur IAM SSO Senior H/F . Ce poste est un engagement sur le long terme et requiert une présence sur site d'au moins 3 jours par...
- ...Description du poste Nous recherchons un(e) Analyste métier senior spécialisé(e) en référentiels et Identity and Access Management – IAM . Vous interviendrez sur des projets liés aux identités numériques, à la gestion des accès, aux fédérations d’identités et aux...VollzeitWeihnachten
CHF 140000 pro Jahr
...évolution de la cyberadministration, notre client souhaite se renforcer en analyse métier pour répondre à de nouveaux besoins liés à l'IAM et aux référentiels transversaux. L'analyste effectuera des études, des analyses, des recherches de solutions, la coordination des...Vollzeit- ...clients basé à Genève, nous recherchons un(e) Head of Cyber Security Engineering (H/F). Responsabilités : - Définir et piloter la feuille de... ..., Ansible ou équivalent) - Plateformes de cybersécurité (EDR, IAM, PKI, gestion des certificats) - Automatisation et scripting...Vollzeit
- ...offrant de réelles perspectives d’évolution. En tant que DevOps Engineer chez IVY Partners, vous serez en charge de : Évaluer l'... ...de migration, sécurité, réseau et gestion des accès (IAM). Connaissance des systèmes d’exploitation Windows, RedHat et...Vollzeit
- ...growth journey and are continuously introducing new processes, technologies, and tools. In this role, you will: Be a pivotal engineering contributor to the design, implementation, and operation of Sonar's global network infrastructure spanning all office locations and...
- ...40 offices worldwide. Revenues in 2023 were $400bn. For more information: vitol.com Job Description The Software Engineer will contribute to the maintenance, improvement and support of internal applications, tools and deployment processes used across Vitol...Vollzeit
- .... Define technical requirements for HVAC, ventilation, cooling, heating and sanitary system interventions. Review and coordinate engineering studies, plans and technical documentation across trades (HVAC, electricity, fire protection, etc.). Prepare tender documents, contribute...Temporär
- ...transformations and performance tuning. Cross-stream technical leadership: Provides technical leadership across SQL developers, data engineers, and full stack engineers, ensuring alignment across ingestion, data layers, APIs, and user interfaces. Risk data correctness and...
EUR 90000 - EUR 110000 pro Jahr
....NET Software Engineer, .NET 10.0, C# 14 - Geneva, Switzerland (Tech stack: .NET Software Engineer, .NET 10.0, ASP.NET Core, C# 14, Blazor, JavaScript, React, Microservices, Azure, ASP.NET Core Web API, Agile, Azure SQL, Programmer, Full Stack Developer, Architect, Softwareentwickler...VollzeitRemote jobSoforteinstellungSpätschicht- ...ready to work at the forefront of AI, we want to hear from you. Position description SonarSource is looking for a passionate AI Engineer who will be a driving force in our internal operations. You will play a central role in Sonar's AI transformation, applying your...Vollzeit
- ...growth journey and are continuously introducing new processes, technologies, and tools. In this role, you will: Be a pivotal engineering contributor to the design, implementation, and operation of security controls and automation across our identity platforms, endpoints...
- Org. Setting and ReportingLe poste se situe dans le Groupe de la gestion de la Maintenance, Services centraux d'appui, Division de l'administration à l'Office des Nations Unies à Genève. ResponsibilitiesSous la supervision du superviseur du sous-groupe plomberie et chauffage...Innendienst
- Who is Sonar? Sonar is driving the future of agent-centric software development. As the leader in AI code review and verification, we solve a critical problem: ensuring that software generated by AI-assisted developers or autonomous agents is reliable, secure, and...
CHF 125000 pro Jahr
...and 3rd-line support. Orchestrating cross-departmental initiatives, working in close synergy with cybersecurity and platform engineering teams to align network performance with broader organizational objectives. Managing strategic partnerships with external service...VollzeitRemote job- À propos de nous Nous sommes le premier industriel de la donnée en Europe. Notre métier est de créer, manager et exploiter le patrimoine data de nos clients. Nous avons la conviction que chaque entreprise peut adopter une démarche innovante de gestion de la donnée et créer...
- Everience is an international consulting group delivering AI-augmented digital services and placing people at the heart of the AI revolution. With a presence in Europe, Africa, Asia and America, Everience offers its 4,000-strong workforce the most demanding and ...VollzeitFreelance
- ...from you. Position description At Sonar, we are seeking an innovative Research Engineer to join our Data & Agentic team and pioneer the next generation of our code analysis engine. You will be at the forefront of applying cutting-edge AI, Large Language Model (LLM...Vollzeit
- ...the forefront of revolutionizing global payments and crafting the future of financial transactions? Join Ripple as a Staff Partner Engineer and be part of our dedicated team that crafts and deploys innovative solutions for senders, receivers, exchanges, and fund...Vollzeit
- ...incredible career growth opportunities, join us, and build real world value. THE WORK We are seeking a new Staff Software Engineer to join the Platform Engineering team of our Custody department. In this role, you will own the design and development of secure...Vollzeit
- ...meets security, performance, and interoperability requirements. Qualifications Bachelor’s degree in Computer Science, Data Engineering, Software Engineering, or a related technical field is required, At least 8 years of relevant experience across software...Öffentlicher Dienst
- ...Renewable Energy Engineer / Technician Localisation : Geneva - Zurich Join us to drive Switzerlandâs energy transition by developing, installing, and optimizing solar, biomass, and biogas solutions. Responsibilities : Design, size, and implement renewable...
- ...As an Electrical Engineer, you will join the Engineering Department (EN), specifically the EN-AA-CSE team, to work on the Future Circular Collider (FCC) study. The Future Circular Collider study is developing designs for the next generation of higher-performance...
- ...We're looking for a Senior Azure DevOps Engineer to join our team in Geneva, Switzerland, in an on-site working mode. In this role, you will contribute to building and operating secure cloud and hybrid infrastructure solutions for a highly regulated financial environment...
Wollen Sie mehr Stellenangebote erhalten?
Abonnieren Sie und erhalten Sie ähnliche Stellenangebote wie IAM Engineer. Seien Sie der Erste, der sich bewirbt!
