Identity & Access Management (IAM) Engineer

Founded over 35 years ago, First Quality is a family-owned company that has grown from a small business in McElhattan, Pennsylvania into a group of companies, employing over 5,000 team members, while maintaining our family values and entrepreneurial spirit. With corporate offices in New York and Pennsylvania and 8 manufacturing campuses across the U.S. and Canada, the companies within the First Quality group produce high-quality personal care and household products for large retailers and healthcare organizations. Our personal care and household product portfolio includes baby diapers, wipes, feminine pads, paper towels, bath tissue, adult incontinence products, laundry detergents, fabric finishers, and dishwash solutions. In addition, we manufacture certain raw materials and components used in the manufacturing of these products, including flexible print and packaging solutions.

Guided by our values of humility, unity, and integrity, we leverage advanced technology and innovation to drive growth and create new opportunities. At First Quality, you'll find a collaborative environment focused on continuous learning, professional development, and our mission to Make Things Better.

We are seeking an experienced Identity & Access Management (IAM) Engineer to join our IT team and support a rapidly growing North American–based manufacturing organization working remotely. This role is critical to ensuring secure, efficient, and compliant access to our best-in-class enterprise systems, including cloud based, SaaS and on-prem solutions, as well as a wide portfolio of niche manufacturing and enterprise applications.

Primary responsibilities include:

• Help develop and enforce IAM policies, standards, and procedures for the enterprise which include both human identities and non-human identities.

• Onboarding/Offboarding - Automating provisioning/deprovisioning via PowerShell or other.

• Manage user lifecycle (provisioning, de-provisioning, RBAC, access reviews) and integrate IAM with cloud services.

• Maintain proper directory health, optimization, and hygiene

• Designing role-based access models ensuring least privilege and segregation of duties.

• Integrate IAM processes with HRMS (Workday) and additional key systems and services (SAP, Salesforce, O365, MES, EAM).

• Configure and maintain Single Sign-On (SSO), Multi-Factor Authentication (MFA), Conditional Access Policies, Privileged Access Management (PAM), Just-in-time (JIT) Access, federation (SAML, OpenID Connect, OAuth,), RADIUS, Public and Private Certificate Authority, Public Key Infrastructure (PKI), Certificate Lifecycle Management (CLM), Certificate-based Authentication (CBA), Passwordless authentication.

• Develop self-service IAM capabilities: Self-Service Password Reset (SSPR), Self-Service Access Requests, Delegated Administration.

• Automate IAM workflows and identity lifecycle events via scripting and APIs.

• Monitor IAM operations, generate compliance reports, and support audits.

• Remediate vulnerabilities, misconfigurations, and gaps identified through various sources such as press releases, vendor announcements, ad hoc risk assessments, pen testing, and proactive system reviews.

• Implement service architectures that are robust, highly available, and fault-tolerant.

• Prove Business Continuity and Disaster Recovery (DR) readiness through regular testing

• Troubleshoot and resolve IAM-related issues and support security incident response as part of the 3rd level support team.

• Work closely with the Cybersecurity IAM and IT Infrastructure teams to review and implement security requirements, policies, and tools.

• Partner with Cybersecurity, Compliance and Risk Management, Information Technology, Human Resources, Legal, Facilities, and other business unit or department stakeholders.

The ideal candidate should possess the following:

Required:

• Bachelor's degree in IT, Computer Science, or related field (or equivalent experience).

• 3–5+ years specific IAM engineering experience or equivalent in a large enterprise.

• Proficiency with Directory Services (Entra ID / Azure AD, Active Directory) and IAM Platforms (Okta, SailPoint, or similar).

• Experience integrating IAM with systems like Workday (HRMS) , SAP (ERP), Salesforce (CRM), O365, MES, and EAM systems.

• Experience with Privileged Access Management systems and platforms (CyberArk PAM, or other).

• Demonstrated ability to manage hybrid identity between on-prem and cloud.

• Scripting/automation experience (PowerShell, Python, API integrations).

• Deep knowledge of RBAC, SSO, MFA, PAM, and federation protocols and core concepts such as least privilege and need to know

Preferred:

• Experience in manufacturing/CPG industries.

• Security certifications: CISSP, CISM, Azure Security, Okta Certified, or SailPoint Certified.

Soft Skills:

• Strong communication and cross-functional collaboration skills.

• Flexibility and adaptability to dynamic situations

• Analytical and problem-solving mindset with attention to detail.

• Ability to thrive in a fast-paced, regulated environment.

• Self-starter

What We Offer You

We believe that by continuously improving the quality of our benefits, we can help to raise the quality of life for our team members and their families. At First Quality you will receive:

• Competitive base salary and bonus opportunities

• Paid time off (three-week minimum)

• Medical, dental and vision starting day one

• 401(k) with employer match

• Paid parental leave

• Child and family care assistance (dependent care FSA with employer match up to $2500)

• Bundle of joy benefit (year's worth of free diapers to all team members with a new baby)

• Tuition assistance

• Wellness program with savings of up to $4,000 per year on insurance premiums

• more

First Quality is committed to protecting information under the care of First Quality Enterprises commensurate with leading industry standards and applicable regulations.  As such, First Quality provides at least annual training regarding data privacy and security to employees who, as a result of their role specifications, may come in to contact with sensitive data.

First Quality is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, sexual orientation, gender identification, or protected Veteran status.