Sr. Engineer - Identity Administration, Governance & Automation

    Role Summary

    The Sr. Engineer - Identity Administration, Governance & Automation will design, operate, and continuously improve enterprise Identity and Access Management capabilities across identity lifecycle, governance, federation, single sign-on, privileged access, and automation. This role will partner with HR, application, infrastructure, security, audit, and business teams to deliver secure, scalable, and well-documented IAM services.

    What We Look For

    • 5+ years of experience implementing, operating, and improving enterprise IAM, IGA, SSO, and PAM solutions in large or complex environments.

    • Strong ability to design, build, operate, and automate security solutions and processes that protect the integrity of enterprise networks, systems, applications, and data.

    • Experience developing technical strategies, architectures, roadmaps, standards, and operational runbooks for IAM services.

    • Outstanding communication and presentation skills, with the ability to explain complex technical concepts to non-technical and leadership audiences.

    • Ability to respond to access-related incidents, authentication or authorization failures, audit findings, and control gaps through structured troubleshooting and cross-team coordination.

    Key Responsibilities

    • Own and improve Joiner, Mover, Leaver lifecycle management processes, including user provisioning, transfers, terminations, birthright access, and exception handling.

    • Design and maintain workflow automation between IAM platforms, HR systems, directories, and business applications to reduce manual effort and improve control effectiveness.

    • Support identity governance processes including access certifications, Segregation of Duties (SoD), audit evidence collection, remediation tracking, and control reporting.

    • Design, operate, and enhance SSO and MFA capabilities using standards such as SAML, OAuth, and OpenID Connect (OIDC).

    • Troubleshoot authentication, authorization, directory synchronization, access provisioning, and entitlement issues across enterprise platforms.

    • Maintain high-quality documentation for governance policies, workflows, operational procedures, design decisions, and exception processes.

    • Partner with application owners, HR, audit, compliance, infrastructure, and security teams to onboard applications and align IAM controls with business and regulatory requirements.

    Required Skills

    Identity Administration

    Experience in lifecycle management including Joiner, Mover, and Leaver processes; workflow automation; and integration of IAM platforms with HR systems and business applications.

    Identity Governance

    Strong understanding of Segregation of Duties (SoD), access certifications, audit processes, and remediation activities; ability to align governance practices with industry regulations and internal control expectations.

    Single Sign-On (SSO)

    Hands-on experience designing and managing SSO solutions; familiarity with authentication protocols including SAML, OAuth, and OpenID Connect (OIDC); knowledge of MFA implementation and adoption.

    Technical Expertise

    Hands-on experience with Active Directory, Microsoft Entra, and LDAP; experience with IGA vendors such as SailPoint, SoftwareIDM, and Saviynt; knowledge of IAM tools such as BeyondTrust, Okta, and Azure AD; openness to learning new tools and technologies.

    Automation & Operations

    Proficiency in scripting or programming languages such as PowerShell, Python, SQL, and Java; ability to automate IAM processes, troubleshoot authentication and authorization issues, and maintain documentation for governance policies and workflows.

    Preferred Qualifications

    • Experience with IDaaS and IAM products such as Microsoft Entra, Okta, Ping Identity, Google Cloud Identity, SailPoint, Saviynt, SoftwareIDM, Omada, Microsoft Identity Manager, BeyondTrust, CyberArk, or equivalent solutions.

    • Experience with Microsoft 365, Active Directory, LDAP, SAML, OAuth, OIDC, MFA, APIs, and directory synchronization patterns.

    • Experience with cloud identity and access controls across Azure, AWS, or GCP.

    • Familiarity with Zero Trust architecture and access control models.

    • Familiarity with ServiceNow ticketing, CMDB, and operational request workflows.

    • Understanding of security and compliance frameworks such as NIST, PCI, GDPR, HIPAA-HITECH, or HITRUST.

    • Development or scripting experience with Python, Java, C#, .NET, PowerShell, Shell scripting, SQL, Web Services, SOAP/REST APIs, or RESTful integrations.

    Certifications

    • CISSP, CISM, CISA, SANS, GIAC, CIMP, CEH, or equivalent security certification is a plus.

    • Okta Professional or Consultant certification is a plus.

    • Google, AWS, or Microsoft professional cloud architect certification is a plus.

    Equal Employment Opportunity

    Johnson Controls International plc. is an equal employment opportunity and affirmative action employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, protected veteran status, genetic information, status as a qualified individual with a disability, or any other characteristic protected by law. If you are an individual with a disability and require accommodation during the application process, please visit johnsoncontrols.com/careers.

  • *
    *
    *
    *
    *
    *
    Import LinkedIn profile
    or

    My Information

    My Experience

    Application Questions

    Review

    My Information

    My Experience

    Application Questions

    Review

    *

    Contact Information
    I confirm that I am submitting this electronic application on my own behalf, and not on behalf of any other person, and that the information contained in this application is my own personal information. I hereby affirm that the information provided during the application process and any accompanying documents attached including my resume/CV or provided during any discussion or interviews, are true and complete to the best of my knowledge. To the extent permitted by applicable local law, I authorize Johnson Controls and its affiliates, subsidiaries and operating segments (collectively, the Company) to investigate all statements in this application and accompanying documents and to secure any necessary information from all my employers, references, and educational institutions.

    I understand that should I receive an offer of employment with Johnson Controls, such offer is conditional on successful completion of all aspects of the application process including such background and reference checks as are applicable and permitted under local law. Submission of this electronic application by me does not constitute to me an offer of employment, an employment agreement or any other contractually binding commitment by Johnson Controls.

    I understand and agree that the information submitted by me will be used, disclosed and stored in accordance with Johnson Control's Privacy Notice, which I have fully reviewed and accept. For individuals located in the United States, applicants are not required to provide any age related information and/or graduation date(s). We will transfer your personal information across borders in accordance with the Privacy Notice. To the extent permitted by applicable local law, by clicking the button below, you consent to the cross-border transfer of your personal information. For individuals located in China: please read the Addendum – Rules on Cross Border Transfer of personal information for China (HR Management). By clicking the button below, you consent to Johnson Controls collecting, processing and transferring your personal information (including sensitive personal data) in accordance with our Privacy Notice and the Addendum for China.

    To provide you with the most effective recruiting process, Johnson Controls may use artificial intelligence (“AI”) to help us better understand how your candidate information matches the requirements of the role you have applied to. We may process your answers to the application and qualification questions, information in your resume, and, if applicable, information from your Johnson Controls personnel record, using tools that rely on AI. All hiring decisions will be made by the hiring team after considering your candidate profile in full. These tools help us to match the information provided by you with the job and preferred qualifications. All hiring decisions will be made by our hiring team after considering your candidate profile in full, and the use of AI insights is just one of the tools and one of numerous factors that we use to help us evaluate candidates and reach a decision.

    Johnson Controls would also like to consider you for additional and future job openings, and we may use AI to help with this process. These AI tools help us understand how your candidate information matches the requirements of future job openings (using the same process as described above). Johnson Controls recruiters may use these insights to help them decide whether to reach out to you to regarding a future job opening. If you are located in the United Kingdom or European Union, the use of the AI insights is necessary for Johnson Controls’ legitimate interests to provide a streamlined and efficient recruitment process, and to consider you for future roles. Please note, the use of AI insights is just one of the tools and one of many factors our recruiters use to help evaluate candidates for upcoming roles.

    DO NOT E-SIGN UNTIL YOU HAVE READ THE ABOVE STATEMENT.
    *
    Work Experience
    Work Experience
    Remove
    + Add work experience
    Education
    Education
    Remove
    + Add education
    Skills
    Please provide your relevant Skills
    Websites
    Add any relevant websites (include https:// in URL)
    Website
    Remove
    + Add websites
    Application Questions

    Personal Information
    Johnson Controls values a diverse and inclusive workplace. Providing this information will help us to ensure our recruitment practices promote equality of opportunity.
    Your response to the self-identification questionnaire below is voluntary. It is however mandatory to answer the questions, even if you choose not to provide the information.
    The information will be kept anonymous and your answer will be treated with the strictest confidence and protected from misuse. We assure you that your answers will be used only for the purposes of monitoring our equal opportunities policy and will not be used by us to make any unlawful decisions affecting you, whether in a recruitment exercise or during the course of any employment with us.

    You are not obliged to provide this information and you will not suffer any penalty if you choose not to do so.
    My Information
    Edit Hide
    My Experience
    Edit Show
    Application Questions
    Edit Show
Go to Top