Senior IAM Engineer

The Role
We're looking for a Senior IAM Engineer to own and evolve our enterprise identity platform across Okta and Microsoft Entra ID. This highly visible role partners closely with teams across the organization, requiring a proactive, innovative mindset and a willingness to think beyond conventional approaches. Operating within an Agile environment, the team moves at pace to adapt to evolving business needs. Our technologists bring a diverse range of expertise and share a commitment to treating technology as a craft, with a strong focus on delivering high-quality, customer-centric outcomes. The team underpins critical business services, enabling key functions across the organization to deliver seamless and exceptional user experiences.
Responsibilities

• Design, build, and maintain enterprise Identity and Access Management solutions using Okta and Microsoft Entra ID.

• Engineer and automate Joiner, Mover, Leaver (JML) lifecycle processes using Okta Workflows.

• Design and implement Single Sign-On (SSO), Multi-Factor Authentication (MFA), and identity governance solutions across enterprise applications.

• Integrate cloud and on-premises applications using SAML, OAuth, OIDC, SCIM, and other modern authentication protocols.

• Develop PowerShell automation to streamline identity provisioning, administration, and operational processes.

• Engineer and maintain hybrid identity services across Active Directory and Microsoft Entra ID.

• Administer and optimize Active Directory, including Group Policy management and enterprise domain services.

• Support Azure Application Proxy and secure remote application access.

• Participate in the design, planning, and delivery of identity-related projects and platform enhancements.

• Produce and maintain technical documentation for identity architecture, integrations, and automation.

• Provide third-line technical support for complex IAM issues and contribute to incident response and root cause analysis.

• Stay current with emerging identity technologies and recommend improvements to the platform.

Required:

• Bachelor's degree in Computer Science or a related discipline (or equivalent practical experience).

• Strong hands-on experience engineering enterprise IAM solutions.

• 2+ years' experience with Okta Single Sign-On (SSO) and Lifecycle Management.

• 2+ years' experience with Okta Identity Governance (OIG).

• 2+ years' experience developing solutions using Okta Workflows.

• 5+ years' experience working with Active Directory in complex enterprise environments.

• Strong knowledge of Active Directory Group Policies (GPO).

• Experience with Microsoft Entra ID (Azure Active Directory).

• Experience with Azure Application Proxy or similar application proxy technologies.

• Strong PowerShell scripting skills with a focus on automation.

• Experience with Microsoft Certificate Services.

• Excellent troubleshooting and problem-solving skills.

• Ability to work independently and thrive in a fast-paced, evolving environment.

Desirable:

• ServiceNow

• Splunk

• Experience with System for Cross-domain Identity Management (SCIM)

• Experience integrating SaaS applications with enterprise identity platforms

• Familiarity with Infrastructure as Code or automation tooling

Ready to Shape the Future? At Morningstar, every hire we make strengthens our mission to empower investor success. Apply now and help shape the future of investing with us.
Base Salary Compensation Range
GBP 59.400,00-82.866,66
Bonus Target:
12,5% Annual
We expect the compensation and target bonus for this role to fall within the stated range. The specific compensation offered will depend on the candidate's qualifications, experience, and other job-related factors.
Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
100_MstarResCanad Morningstar Research, Inc. (Canada) Legal Entity