IAM & Enterprise Application Engineer

About Coastal

Coastal is at the forefront of modern banking, combining strong financial infrastructure with cutting-edge Banking-as-a-Service (BaaS) and fintech enablement strategies. We support not only individuals with their personal banking needs; we also empower businesses by integrating modern banking technology that drives growth, flexibility, and innovation. At Coastal, we think and move like entrepreneurs; focused on impact, speed, and continuous improvement. We believe in working smart, collaborating deeply, and building solutions that unlock real potential. If you're someone who thrives in a fast-moving environment, loves solving complex problems, and wants to help shape the future of banking, we’d love to meet you.

Check out our video here!

Overview

As an IAM & Enterprise Application Engineer, you will own the end-to-end lifecycle for our COTS and SaaS application portfolio, as well as engineering security-first principles into Coastal’s core identity services. You will design and enforce access models that enable the business while maintaining least privilege and separation of duties (SoD), automate joiner-mover-leaver processes, and define standard access profiles aligned to roles across Coastal. This role blends business operations insight with technical depth. You’ll partner with HR, Finance, Risk/Compliance, Security, and business leaders to translate operating needs into scalable identity governance, robust authentication/federation, and friction-light access workflows that provide proper controls for a high security environment without interfering with user productivity.

Responsibilities To Include

Identity Governance & Lifecycle Automation

• Design and operate identity lifecycle automation across directories, SaaS apps, and groups using HRIS/source-of-truth and SCIM/API integrations.
• Define and maintain standard access profiles by role, job family, and team.
• Build and run access review campaigns both for ad-hoc access and the composition of standard access profiles.
• Ensure evidence of access review campaign preparation and completion is audit-ready.

Administer Directory and IdP Services

• Configure new applications and federated trusts (SAML/OIDC) in IdPs.
• Administer authentication, session, conditional access, and device trust policies, ensuring systems are hardened against unauthorized access and common threats, such as credential stuffing and session theft.
• Develop integrations and scripts (Python, TypeScript, and PowerShell preferred, with knowledge of APIs and webhooks a necessity)
• Adopt Infrastructure-as-Code where supported (e.g., Terraform for Okta and Entra).

Enterprise Application Ownership, especially SaaS

• Lead the COTS/SaaS application lifecycle: intake & vendor assessment, PoC, secure configuration, go-live, ongoing administration, license/usage optimization, and deprecation.
• Partner with the business unit driving the usage of each application define, document, implement, and administer the application’s access model.
• Integrate enterprise applications with central identity services (directory/IdP), enabling JIT/SCIM provisioning and deprovisioning.
• Integrate applications into standard security-relevant operational processes, such as asset management, configuration hardening, data loss prevention, change management, and security monitoring.

Compliance, Monitoring & Evidence

• Map identity and application controls to FFIEC, GLBA, SOX, PCI-DSS, and NIST CSF v2.0 requirements.
• Centralize application logs and admin activity, partner with business units and the Security Operations team to develop monitoring, and coordinate with Security Operations for incident response and forensics when required.
• Prepare audit evidence packages (config exports, campaign artifacts, approvals) and lead remediation of exceptions.

Qualifications

Must-have a blend of business operations understanding and technical expertise. Demonstrated experience in several of the following:

• Identity Governance & Administration (e.g., Okta IGA/Workflows, SailPoint), directory/IdP (e.g., Entra ID, Okta).
• SSO & federation standards (SAML, OIDC, OAuth 2.0), MFA/conditional access, device trust.
• HRIS/ITSM integration (e.g., Workday/UKG/BambooHR; ServiceNow/Jira) and SCIM/JIT provisioning.
• RBAC/ABAC design, role mining, separation of duties modeling for financial/operational functions, periodic access reviews.
• Scripting & automation (PowerShell, Python), REST APIs, webhooks.
• Experience with IaC or policy-as-code.
• SaaS platform administration at scale (license management, secure configuration, delegated administration, audit logging).
• Regulatory familiarity: FFIEC, GLBA, SOX, NIST CSF/SP 800-53 and evidence automation for audits.
• Strong stakeholder management, process mapping, and communication skills.
• Able to influence across teams.
• Comfortable operating effectively in a dynamic and changing environment (often with unstructured and/or virtual teams).
• Ability to manage multiple priorities, meet deadlines, and deliver business results.

Education/Experience

• 8+ years in identity engineering, enterprise applications administration, or related fields, preferably in regulated financial-services or cloud-first environments.
• Security certifications, such as CISSP, AZ-500, or GIAC, are a plus.

How You’ll Thrive At Coastal

• Be the Best – Communicate effectively, pay close attention to detail, and prioritize your personal development.
• Be Relentless – Thrive in a goal-oriented environment exercising both patience and persistence. Advocate for our customers and team members and strive to promote the Coastal Difference.
• Be Un-Bankey – Be a forward thinker with a creative mindset. Build long-lasting relationships promoting the Coastal Difference, built on a foundation of integrity, honesty, and trust.
• Embrace Gray Thinking – Use sound judgment while decision-making and problem-solving. Think outside the box.
• Stay Flexible – Organize and strategize effectively while always being prepared to adapt on the fly. Seek efficiencies for Coastal to work smarter, not harder.
• Take Care of Each Other – Understand what it means to be a true team player and have your teammate's back. Practice self-awareness and build your emotional intelligence.

Benefits We Offer

• Medical Coverage: Choose from three competitive medical plans to find the coverage that best fits your needs and lifestyle.
• Health Savings Account (HSA): Available with eligible medical plans, offering tax advantages and employer contributions.
• Flexible Spending Accounts (FSA): Options for healthcare and dependent care expenses to help you save on out-of-pocket costs.
• Dental and Vision Insurance: Plans?to keep you and your family smiling and seeing clearly.
• Life Insurance: Company-paid basic life insurance with options to purchase additional coverage for yourself and your dependents.
• Long-Term /Short-Term Disability (LTD): Income protection in the event of a long-term illness or injury.
• Supplemental Benefits: Including Hospital Indemnity, Accident Insurance, and Critical Illness coverage to provide extra financial support when you need it most.
• 401(k) Retirement Plan: A competitive retirement savings plan with company matching to help you plan for the future.
• Paid Time Off: Generous vacation and sick leave policies to support your time away from work.
• Holidays: Enjoy 11 paid holidays throughout the year.

Check out our benefits on our careers site!

Physical Demands

The physical demands described below are required to perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee must be able to:

• Sit for extended periods of time.
• Stand for extended periods of time.
• Perform repetitive finger, hand, and arm movement.
• Use electronic office equipment such as a computer keyboard, mouse, ten key, telephone, etc.
• View and read computer screens for extended periods.
• Occasionally stoop, kneel, crouch, or crawl.
• Occasionally lift or move up to 10 pounds.

Key skills/competency

• Identity Governance & Administration (IGA)
• SaaS Application Management
• SSO & Federation (SAML, OIDC)
• Access Lifecycle Automation (SCIM)
• PowerShell & Python Scripting
• Infrastructure-as-Code (Terraform)
• Regulatory Compliance (FFIEC, NIST)
• Role-Based Access Control (RBAC)
• Stakeholder Management
• Security Operations