Contract: Security Services Engineer (IAM)

Upwork ($UPWK) is the world’s work marketplace. We serve everyone from one-person startups to over 30% of the Fortune 100 with a powerful, trust-driven platform that enables companies and talent to work together in new ways that unlock their potential.

Last year, more than $3.8 billion of work was done through Upwork by skilled professionals who are gaining more control by finding work they are passionate about and innovating their careers.

This is an engagement through Upwork’s Hybrid Workforce Solutions (HWS) Team. Our Hybrid Workforce Solutions Team is a global group of professionals that support Upwork’s business. Our HWS team members are located all over the world.

Work/Project Scope:

We are seeking a Security Services Engineer specializing in Identity and Access Management (IAM) to join our Security Services Engineering team. In this role, you will be responsible for designing, implementing, and maintaining secure identity and access solutions across the enterprise. You will work closely with all the key business units such as IT, HR, and Engineering teams to ensure secure authentication, authorization, and identity lifecycle management.

This role is ideal for someone who thrives in a dynamic environment, enjoys solving complex problems, and has a deep understanding of identity infrastructure and automation.

Key Responsibilities:

• Design, implement, and maintain IAM solutions across internal and cloud-based systems including SSO, MFA, RBAC, and provisioning platforms.
• Automate identity lifecycle processes (joiner/mover/leaver workflows) using Python and PowerShell or other scripting languages.
• Administer and support identity governance platforms such as SailPoint.
• Collaborate with internal teams to support secure access control across cloud and on-premises environments.
• Analyze and resolve access-related issues and requests, ensuring security, speed, and simplicity in the user experience.
• Support compliance and audit readiness for identity and access controls (e.g., SOC 2, ISO 27001).
• Maintain detailed documentation of configurations, policies, and procedures.

Must Haves (Required Skills):

• 3–5+ years of experience in cybersecurity or IT, with 2+ years specifically in IAM or identity governance in cloud-native or SaaS environments.
• Strong experience with identity platforms such as Okta, Azure AD, Google Workspace, or Ping Identity.
• Technical familiarity with SSO, MFA, RBAC, SCIM, SAML, OAuth/OIDC, and IAM-related API integrations.
• Experience with cloud IAM (AWS IAM, GCP IAM, or Azure IAM), especially within CI/CD pipelines or platform engineering contexts.
• Familiarity with IAM automation or scripting using PowerShell, Python, Bash, or similar.
• Understanding of zero trust principles, secure access architecture, and modern remote work security models.
• Strong analytical and troubleshooting skills in complex IAM ecosystems.
• Excellent written and verbal communication skills.

Preferred Skills:

• Experience supporting distributed or remote-first teams in a high-scale tech environment.
• Familiarity with DevSecOps and infrastructure-as-code (IaC) principles as they relate to access controls.
• Experience with privileged access management (PAM) tools like CyberArk or BeyondTrust.
• Ability to translate technical IAM requirements into business-aligned solutions and clear documentation.
• Demonstrated ability to work independently in a fast-paced, agile, and collaborative environment.
• Industry certifications such as CISSP, GIAC, GSEC, or identity-specific credentials are a plus but not required.

Upwork is proudly committed to fostering a diverse and inclusive workforce. We never discriminate based on race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

Additionally, a criminal background check may be run on a candidate after a conditional offer to perform your services for Upwork is made. Qualified applicants with arrest or conviction records will be considered in accordance with applicable law, including the California Fair Chance Act and local Fair Chance ordinances.