
Identity & Access Management (IAM) Engineer
WorkdaySummary
Workday is seeking a Mid-Level IAM Engineer to join their Enterprise Identity team. This role focuses on configuring, integrating, and maintaining identity management systems, automating user lifecycle workflows, and providing operational support. The engineer will administer directory services, automate routine tasks, and create technical documentation. The position requires 2+ years of direct IAM experience with tools like Okta or Microsoft Entra ID, proficiency in scripting languages like Python or GoLang, and a strong understanding of authentication protocols. The role offers a "Flex" work mode, allowing a blend of remote and in-office presence.
Required Skills
Details
- Salary
- €70,200 – €105,400/yr
- Experience Required
- 2+ years
- Posted
- ~Jul 3, 2026
- Bonus
- Yes
- Equity
- Yes
Description
Your work days are brighter here.
We’re obsessed with making hard work pay off, for our people, our customers, and the world around us. As a Fortune 500 company and a leading AI platform for managing people, money, and agents, we’re shaping the future of work so teams can reach their potential and focus on what matters most. The minute you join, you’ll feel it. Not just in the products we build, but in how we show up for each other. Our culture is rooted in integrity, empathy, and shared enthusiasm. We’re in this together, tackling big challenges with bold ideas and genuine care. We look for curious minds and courageous collaborators who bring sun-drenched optimism and drive. Whether you're building smarter solutions, supporting customers, or creating a space where everyone belongs, you’ll do meaningful work with Workmates who’ve got your back. In return, we’ll give you the trust to take risks, the tools to grow, the skills to develop and the support of a company invested in you for the long haul. So, if you want to inspire a brighter work day for everyone, including yourself, you’ve found a match in Workday, and we hope to be a match for you too.
About the Team
The Enterprise Identity team serves as Workday's first and most critical line of defense. We own, build, and evolve the Identity and Access Management (IAM) systems that govern exactly who gets access to internal resources, what they can do with that access, and why.
Operating across one of the most complex enterprise cloud environments in the software industry, our technical scope spans human, non-human, and multi-cloud identity systems. From implementing practical Zero Trust controls and conditional access policies, to engineering automated workflows for seamless onboarding, role transitions, and offboarding across the company, this team is at the forefront of how Workday secures its digital ecosystem.
We are also tackling challenges on the AI and agentic frontier, securing autonomous AI agents, non-human identities (NHIs), and service-to-service trust models in production. Our work in privileged access governance focuses on hardening system access, reducing long-lived elevated privileges, and driving the transition toward right-sized entitlements and least-privilege models.
At Workday, identity is not a back-office IT support function—it is a core security boundary and engineering enabler. The Enterprise Identity team directly influences how safely Workday builds and ships products, acting as a crucial pillar in protecting the vital data and infrastructure of over 60 million users. If you are energized by meaningful security challenges with real organizational impact, this is the team for you!
About the Role
We are looking for a skilled Mid-Level IAM Engineer to join our Enterprise Identity team. You will be responsible for the day-to-day configuration, maintenance, and optimization of our identity tools. This role is perfect for a core builder who loves solving technical integration challenges, automating repetitive tasks, and ensuring our employees and systems have the right access at the right time.
Responsibilities:
- System Integration: Configure, integrate, and maintain connections between our core identity provider (IdP) and various SaaS applications, internal systems, and APIs.
- Lifecycle Management: Implement and troubleshoot automated user lifecycle workflows (joiner, mover, leaver) to ensure seamless and secure access transitions.
- Operational Support: Act as the initial contact point for identity and access issues in EU Sovereign Cloud, resolving tier-one directory synchronization or authentication failures. Perform regular vulnerability management updates across cloud environments.
- Directory Management: Administer and maintain LDAP, Ory Hydra, and HR-driven identity data feeds.
- Process Automation: Write and maintain scripts to automate routine identity tasks, such as generating access reports or cleaning up orphaned accounts.
- Documentation: Create and maintain clear technical documentation, architectural diagrams, and standard operating procedures (SOPs) for the IAM ecosystem.
About You
Basic Qualifications
- Experience: 3–5 years of experience in IT or Security, with 2+ years of direct experience administering and configuring IAM solutions.
- Identity Platforms: Solid experience working with tools like Okta or Microsoft Entra ID, LDAP, Active Directory, Ory Hydra.
- Protocols: Practical understanding of authentication and authorization standards (SAML, OAuth, OIDC, and REST APIs).
- Scripting: Competency in at least one scripting language (GoLang or Python preferred) for API integration and data manipulation.
- Soft Skills: Strong analytical problem-solving skills and the ability to explain complex technical access issues to non-technical stakeholders.
- Certifications: Security+, Okta Certified Administrator, or Microsoft Certified: Identity and Access Administrator Associate are a plus, along with AWS Cloud Practitioner.
- Education: Bachelor’s degree in a relevant discipline such as Computer Science, Cybersecurity, Information Security, or a related discipline, or equivalent practical experience.
Other Qualifications
- Good understanding of Information Security principles and best practices, including zero standing privileges.
- Proficiency in one or more Programming Languages such as Python used for security automation, analysis, or tool development.
- Working knowledge of Public Clouds like AWS/GCP and implementing security measures within those environments.
- Understanding of Security by Design principles and the ability to contribute to secure design and conduct security reviews.
Workday Pay Transparency Statement (For EU Locations Only)
Listed below is the base salary range applicable to this position. Workday pay ranges (and the precise pay offered to the successful candidate) are based on a number of objective criteria such as relevant experience and skills, and educational qualifications, level of responsibility, demands of the role, work location and business need. As a part of the total compensation package, this role may be eligible for the Workday Bonus Plan or a role-specific commission/bonus, as well as annual refresh stock grants awarded by Workday Inc. For more information regarding Workday’s comprehensive benefits, please click here.
Primary Location Base Pay Range: €70,200 EUR - €105,400 EUR IrelandOur Approach to Flexible Work
With Flex Work, we’re combining the best of both worlds: in-person time and remote. Our approach enables our teams to deepen connections, maintain a strong community, and do their best work. We know that flexibility can take shape in many ways, so rather than a number of required days in-office each week, we simply spend at least half (50%) of our time each quarter in the office or in the field with our customers, prospects, and partners (depending on role). This means you'll have the freedom to create a flexible schedule that caters to your business, team, and personal needs, while being intentional to make the most of time spent together. Those in our remote "home office" roles also have the opportunity to come together in our offices for important moments that matter.
Pursuant to applicable Fair Chance law, Workday will consider for employment qualified applicants with arrest and conviction records.
Workday is an Equal Opportunity Employer including individuals with disabilities and protected veterans.
At Workday, we are committed to providing an accessible and inclusive hiring experience where all candidates can fully demonstrate their skills. If you require assistance or an accommodation at any point, please email accommodations@workday.com.
Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process!
At Workday, we value our candidates’ privacy and data security. Workday will never ask candidates to apply to jobs through websites that are not Workday Careers.
Please be aware of sites that may ask for you to input your data in connection with a job posting that appears to be from Workday but is not.
In addition, Workday will never ask candidates to pay a recruiting fee, or pay for consulting or coaching services, in order to apply for a job at Workday.
