Who We Are

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.

To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.

What You'll Do

The Principal IAM Engineer is the senior technical authority for identity services, responsible for designing, implementing, and governing enterprise-wide IAM capabilities across workforce, partner, and customer identities. This role combines deep hands-on engineering with architecture and leadership, driving the modernization of authentication, authorization, identity lifecycle, and privileged access controls across our cloud and on-prem environments.

Responsibilities:

1. Own the end‑to‑end technical delivery of IAM services, including identity lifecycle management, authentication, authorization, SSO, and privileged access controls, ensuring they are secure, scalable, and highly available.
2. Lead design sessions, collaborating with Entrprise Architecture, and implementation of IAM integrations for SaaS, on‑prem, and AWS cloud platforms, including federation (SAML, OIDC, OAuth), MFA, and Passwordless capabilities.
3. Serve as the primary escalation point for complex IAM engineering issues; perform root‑cause analysis and drive long‑term remediation and hardening of IAM platforms and related services.
4. Partner with security architecture, infrastructure, application, and HR/IT teams to align IAM solutions with enterprise security strategy, compliance obligations, and business objectives.
5. Define IAM engineering standards, patterns, and reference architectures; guide other engineers in implementing secure onboarding patterns for applications into IGA, PAM, and SSO platforms.
6. Lead modernization initiatives.
7. Contribute to audits, risk assessments, and regulatory reviews by providing technical evidence, designing compensating controls, and closing identified IAM control gaps.
8. Mentor and coach IAM engineers and analysts, promoting engineering excellence, documentation discipline, and a culture of continuous learning and improvement.

What You'll Bring

• 10+ years of experience in information security or infrastructure engineering, with at least 5 years of hands-on-keyboard experience with core IAM platforms.
• Deep expertise with the majority of our IAM stack
• Strong hands-on experience with Microsoft Entra ID and Active Directory as foundational directory services, and extensive experience implementing federation protocols (SAML, OIDC, OAuth2).
• Proven track record designing and implementing IAM solutions in hybrid multi-cloud environments, including the automation of provisioning, access reviews, and RBAC/ABAC models.
• Experience with secrets management solutions.
• Proficiency in at least one scripting or programming language (such as PowerShell, Python, or Java) to automate tasks and build custom connectors for our IAM tools.
• Excellent communication skills with the ability to translate complex technical concepts related to our IAM ecosystem for both technical and non-technical stakeholders.
• Exceptional sense of ownership and the ability to work with a limited set of requirements.
• Highly advanced ability to breakdown work to deliver value incrementally.
• Experience leading large-scale IAM programs.
• Prior responsibility as a technical lead or architect for IAM, including mentoring teams and influencing roadmaps beyond direct reporting lines.
• Demonstrated ability to balance security, usability, and operational efficiency, with a strong bias toward automation and measurable risk reduction.
• Define and lead the implementation of the organization’s security strategy, with a focus on Cloud Security, Identity Access Management, and all other aspects of Cybersecurity
• Oversee the deployment of IAM solutions across both on-premise and cloud environments, ensuring they meet the highest standards of security.
• Lead the most complex security assessments, including threat modeling, red teaming, and cloud security reviews.
• Collaborate with executive leadership to ensure that security initiatives align with the organization’s strategic goals and risk appetite.
• Act as the technical lead for large-scale security projects, coordinating cross-functional teams to ensure successful delivery.
• Architect and implement solutions across workforce IAM, PAM, and customer IAM ecosystems.
• Provide thought leadership in adopting passwordless authentication, passkeys, adaptive MFA, and AI-driven access orchestration strategies
• Engineer integrations with Agentic AI tools for intelligent decisioning, policy enforcement, and autonomous identity lifecycle operations.
• Develop and implement automated provisioning/deprovisioning workflows
• Ensure integration of IAM with cloud platforms (Azure, AWS, GCP) and SaaS applications.
• Mentor and develop the skills of senior security engineers, fostering a culture of continuous improvement and innovation.

Technical Experience Must-Have:

• Privileged Access management (CyberArk)
• Authentication/AuthN (Okta)
• Federated Identity (EntraID)
• Cloud Identity (AWS, GCP, Azure)
• Automation (terraform, codex, claude)
• Application SSO (OIDC, SAML)
• Identity Governance (Sailpoint, Okta, Veza)

Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws.
BCG is an E - Verify Employer. Click here for more information on E-Verify.