STEM OPT Identity Access Management Jobs
Identity Access Management roles in cybersecurity and IT governance qualify for the 24-month STEM OPT extension if your degree falls under an eligible CIP code. Employers must be enrolled in E-Verify to hire you on STEM OPT, and you'll need a signed I-983 training plan before your extension begins.
Find STEM OPT Identity Access Management JobsOverview
Showing 5 of 5+ Identity Access Management jobs
See all Identity Access Management Jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new Identity Access Management roles.
Get Access To All JobsINTRODUCTION
CLA is a top 10 national professional services firm whose purpose is to create opportunities every day, for our clients, our people, and our communities through industry-focused wealth advisory, digital, audit, tax, consulting, and outsourcing services. Even with more than 8,500 people, 130 U.S. locations, and a global reach, we promise to know you and help you.
CLA is dedicated to building a culture that invites different beliefs and perspectives to the table, so we can truly know and help our clients, communities, and each other.
CLA is growing and seeking to hire an experienced Identity & Access Management (IAM) Senior Engineer with PingOne experience to join our talented Information Technology team. The position offers growth, flexibility and a collaborative work environment.
ROLE AND RESPONSIBILITIES
The Identity & Access Management (IAM) Senior Engineer will be responsible for planning and executing programs both in the cloud and on premises.
How you’ll create opportunities in this Identity & Access Management (IAM) Senior Engineer position:
- Executes the implementation and maintenance of complex Identity & Access Management (IAM) infrastructure.
- Responsible for the planning and execution of projects and programs from an IAM perspective, ensuring they meet business requirements, security standards and deadlines.
- Automate and optimize IAM processes.
- Integrate Entra ID with enterprise systems and third-party applications.
- Collaborate with cross-functional teams to support and drive IAM program goals.
- Monitor and troubleshoot IAM infrastructure, ensuring optimal performance, reliability and security.
- Document and maintain comprehensive IAM infrastructure designs and processes.
- Implement and enforce best practices for IAM security, compliance and governance.
- Mentor junior team members.
- Participate in an on-call rotation.
BASIC QUALIFICATIONS
What you will need:
- 4 years of relevant experience required.
- Bachelor's degree is required. Combination of relevant experience, education, and training may be accepted in lieu of degree.
- Degrees in Computer Science, Information Technology, or a related field are preferred.
- Hands-on experience with IAM technologies and frameworks.
Technical competencies
- PingOne platform level administration including Davinci orchestration, experience to register the application in Ping.
- Entra ID, scripting (Python or Bash), Azure Active Directory, and PowerShell. Knowledge of SAML, OAuth, and OpenID Connect. Experience with Role-Based Access Control (RBAC).
- Experience with Entra B2B, Entra External Identity, JWT, API.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
WELLNESS AT CLA
To support our CLA family members, we focus on their physical, financial, social, and emotional well-being and offer comprehensive benefit options that include health, dental, vision, 401k and much more.
INTRODUCTION
CLA is a top 10 national professional services firm whose purpose is to create opportunities every day, for our clients, our people, and our communities through industry-focused wealth advisory, digital, audit, tax, consulting, and outsourcing services. Even with more than 8,500 people, 130 U.S. locations, and a global reach, we promise to know you and help you.
CLA is dedicated to building a culture that invites different beliefs and perspectives to the table, so we can truly know and help our clients, communities, and each other.
CLA is growing and seeking to hire an experienced Identity & Access Management (IAM) Senior Engineer with PingOne experience to join our talented Information Technology team. The position offers growth, flexibility and a collaborative work environment.
ROLE AND RESPONSIBILITIES
The Identity & Access Management (IAM) Senior Engineer will be responsible for planning and executing programs both in the cloud and on premises.
How you’ll create opportunities in this Identity & Access Management (IAM) Senior Engineer position:
- Executes the implementation and maintenance of complex Identity & Access Management (IAM) infrastructure.
- Responsible for the planning and execution of projects and programs from an IAM perspective, ensuring they meet business requirements, security standards and deadlines.
- Automate and optimize IAM processes.
- Integrate Entra ID with enterprise systems and third-party applications.
- Collaborate with cross-functional teams to support and drive IAM program goals.
- Monitor and troubleshoot IAM infrastructure, ensuring optimal performance, reliability and security.
- Document and maintain comprehensive IAM infrastructure designs and processes.
- Implement and enforce best practices for IAM security, compliance and governance.
- Mentor junior team members.
- Participate in an on-call rotation.
BASIC QUALIFICATIONS
What you will need:
- 4 years of relevant experience required.
- Bachelor's degree is required. Combination of relevant experience, education, and training may be accepted in lieu of degree.
- Degrees in Computer Science, Information Technology, or a related field are preferred.
- Hands-on experience with IAM technologies and frameworks.
Technical competencies
- PingOne platform level administration including Davinci orchestration, experience to register the application in Ping.
- Entra ID, scripting (Python or Bash), Azure Active Directory, and PowerShell. Knowledge of SAML, OAuth, and OpenID Connect. Experience with Role-Based Access Control (RBAC).
- Experience with Entra B2B, Entra External Identity, JWT, API.
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
WELLNESS AT CLA
To support our CLA family members, we focus on their physical, financial, social, and emotional well-being and offer comprehensive benefit options that include health, dental, vision, 401k and much more.
See all STEM OPT Identity Access Management Jobs
Sign up for free to unlock all listings, filter by visa type, and get alerts for new STEM OPT Identity Access Management Jobs.
Get Access To All JobsTips for Finding STEM OPT Authorization in Identity Access Management
Verify your CIP code covers IAM
Check that your degree's CIP code appears on the STEM OPT eligible fields list maintained by USCIS. Computer science, information assurance, and cybersecurity codes typically qualify, but information systems degrees vary by program classification.
Confirm E-Verify enrollment before applying
Search the E-Verify employer search tool to confirm a company is enrolled before you invest time interviewing. IAM teams at staffing firms and consulting shops frequently subcontract, so verify the actual legal employer, not the client site.
Build your I-983 training plan around IAM competencies
Draft your I-983 learning objectives using specific IAM competencies: identity lifecycle management, privileged access controls, and zero-trust architecture. Vague training plans get flagged by DSOs, so map each goal to your role's actual responsibilities.
Target employers with active PERM and LCA filings
Use Migrate Mate to filter IAM roles by employers who have filed Labor Condition Applications, signaling they understand sponsored work authorization and have HR processes built for international hires on OPT.
Negotiate your start date around cap-gap protection
If your OPT expires before October 1 and your employer files an H-1B visa petition on your behalf, cap-gap automatically extends your work authorization. Coordinate your offer letter start date so there's no gap between your EAD expiration and cap-gap coverage.
Use IAM certification credentials to offset degree mismatches
If your degree is adjacent to IAM, such as electrical engineering or applied mathematics, industry certifications like CISSP or CyberArk credentials document your technical training and strengthen the employer's I-983 justification for placing you in an IAM role.
Frequently Asked Questions
Does an Identity Access Management role qualify for the STEM OPT extension?
IAM roles typically qualify if your underlying degree has an eligible CIP code, such as computer science, information assurance, or cybersecurity. The role itself must require STEM knowledge and be directly related to your degree field. Your DSO confirms eligibility based on your program's CIP code, not your job title alone.
What E-Verify requirement applies to my STEM OPT employer in an IAM role?
Your employer must be enrolled in E-Verify before your STEM OPT extension is approved. This applies to the legal entity signing your I-983, not necessarily a client site where you work. If you're placed through a staffing agency or consulting firm, confirm which entity holds your employment record and verify their E-Verify status directly through the E-Verify employer search.
How do I complete the I-983 training plan for an IAM position?
Your I-983 must outline specific learning goals tied to your IAM role, such as implementing identity governance frameworks, managing privileged access systems, or deploying multi-factor authentication solutions. Both you and your employer's authorized representative must sign it. Your DSO reviews and approves it before USCIS processes your extension, so vague or generic objectives will delay approval.
Where can I find IAM jobs that sponsor STEM OPT students?
Migrate Mate filters IAM roles by employers with active Labor Condition Application filing history, so you can identify companies that have already navigated sponsored work authorization. This saves time compared to applying broadly and discovering after interviews that an employer has never hired on OPT or isn't enrolled in E-Verify.
What happens to my STEM OPT authorization if my IAM employer loses E-Verify enrollment?
If your employer's E-Verify enrollment lapses or is terminated after your STEM OPT extension is approved, your authorization is at risk. USCIS requires continuous E-Verify enrollment throughout your extension period. You should notify your DSO immediately, and you may need to transfer to a new qualifying employer and file an updated I-983 to maintain valid status.