Senior IAM Systems Engineer, Passwordless Integration

What is the opportunity?

The Senior IAM Systems Engineer, Passwordless Integration is responsible for rolling out and integrating the enterprise Passwordless authentication solution across the systems and platforms employees use every day. This role works across the organization — partnering with endpoint, workplace, infrastructure, and access teams — to bring passwordless authentication to Windows and macOS devices, virtual desktop and application delivery platforms, directory services, and other enterprise systems. Sitting within Platform Enablement Engineering and partnering closely with the Authentication team, this engineer bridges identity and the broader enterprise, turning a passwordless capability into a real, organization-wide experience.

Passwordless is a strategic pillar of the IAM roadmap — directly improving security posture, reducing credential-related risk, and elevating the user experience. This engineer will shape how the enterprise integrates and scales passwordless across a heterogeneous estate, working at the intersection of authentication, endpoint, and access engineering.

What will you do?

• Lead integration of the enterprise passwordless solution with workforce systems, including Windows endpoints, macOS endpoints, Citrix and other VDI / application delivery platforms, Active Directory, and other authentication-consuming systems
• Partner with endpoint engineering (Windows, macOS), workplace technology, Citrix / virtualization, and directory services teams to deliver consistent passwordless experiences across the estate
• Design and execute integration patterns for federated and non-federated systems, including login flows, fallback behaviors, lifecycle and recovery scenarios
• Configure, test, and operationalize passwordless authenticator deployments on managed and unmanaged endpoints
• Drive integration with workforce authentication platforms and downstream consumers
• Build automation for configuration deployment, policy management, and operational health checks of the passwordless integration footprint
• Partner with the Authentication team — who holds product accountability — to deliver against the passwordless roadmap and prioritize integration backlog
• Establish observability, alerting, and operational practices for passwordless integrations across systems
• Work with Architecture, Security, Risk, and Audit to ensure integration meet regulatory and internal control requirements
• Provide deep technical input into rollout planning, change management, and user experience design
• Support production operations, incident response, and root cause analysis for passwordless integrations across systems
• Document integration patterns, runbooks, and standards for use by partner teams across the enterprise
• Build operational automation for the Passwordless toolset—patching, certificate rotation, configuration drift detection, and routine support operations
• Integrate with CI/CD pipelines and infrastructure platforms

What do you need to succeed?

Must-have:

• 7+ years in identity, authentication, endpoint, or platform integration engineering
• Software Development: 3+ years of experience with Python or Java with strong OOP design principles, solid understanding of REST API’s, microservices architecture
• DevOps Infrastructure: Experience with Infrastructure-as-code, CI/CD pipelines, containerization (Docker/Kubernetes), cloud platforms
• Strong hands-on experience integrating authentication solutions with Windows and macOS endpoints, including credential providers, login flows, and device-bound authentication
• Software
• Hands-on experience integrating authentication with Citrix or equivalent VDI / virtual application delivery platforms
• Strong working knowledge of Active Directory, Kerberos, and modern federation protocols (OIDC, OAuth 2.0, SAML, FIDO2 / WebAuthn)
• Experience deploying and operating phishing-resistant or passwordless authentication solutions in an enterprise environment
• Strong scripting / automation skills (PowerShell, Python, or equivalent) for configuration management and operational tooling
• Strong understanding of cryptographic primitives relevant to authentication (public-key cryptography, attestation, key management) and how they apply to endpoint-bound credentials
• Deep hands-on expertise with CI/CD platforms (Jenkins, GitHub Actions, GitLab CI)

Nice-to-have:

• Experience integrating with Entra ID and/or Auth0 authentication flows
• Familiarity with enterprise endpoint management platforms (Intune, Jamf, SCCM) and how authentication integrates with managed-device posture
• Experience with mobile authentication (iOS / Android platform authenticators, secure enclave) and consumer-style passwordless flows
• Familiarity with Zero Trust Architecture and phishing-resistant authentication strategy
• Experience leading enterprise-wide authentication rollouts or migrations
• Experience automating IAM platforms (Entra ID, Auth0, SailPoint, CyberArk, or equivalent)
• Working knowledge of the banking/financial services regulatory landscape (FRB, Part 30, OSFI) and how it shapes authentication controls

What’s in it for you?

We thrive on the challenge to be our best, progressive thinking to keep growing and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference in our communities, and achieving mutual success

• A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable
• Leaders who support your development through coaching and managing opportunities
• Ability to make a difference and lasting impact
• Work in a dynamic, collaborative, progressive, and high-performing team
• Opportunities to do challenging work and take on progressively greater accountabilities