About the role

IAM Engineer (Identity & Access Management) at Luminor Group. Implementing IAM solutions and managing identity lifecycle in hybrid environments.

Responsibilities

Implement and operate IAM solutions across the IAM stack, including identity lifecycle management (Joiner/Mover/Leaver), access request workflows, and governance controls.
Engineer secure access controls using least privilege, need‑to‑know, and segregation of duties principles; support recertification and access assurance activities with solid evidence trails.
Manage cloud identity controls in Microsoft Entra ID / Azure AD, including Conditional Access, identity protection, role management, and troubleshooting access issues.
Support application onboarding for SSO, ensuring integrations follow secure authentication/authorization standards (e.g., SAML/OAuth/OIDC) and meet security requirements.
Work with IGA capabilities (including platforms such as IBM Security Verify Governance) to onboard/offboard applications, model entitlements/access profiles, and maintain reporting for audits and stakeholders.
Operate and improve Active Directory fundamentals (GPO/LDAP/domain controllers), hygiene and remediation initiatives, and monitoring practices.
Automate repetitive tasks and improve reliability using scripting (PowerShell/Python) and API‑driven integrations, contributing to a more efficient IAM “as‑a‑service” model.
Contribute to incident/change handling and cross‑team collaboration (Security Engineering, Platform, Network, application owners), including clear documentation and reporting.

3+ years (or strong equivalent) implementing and/or operating IAM in an enterprise environment (regulated industry experience is a strong plus).
Core IAM knowledge: SSO, MFA, access governance concepts (JML, approvals, recertification, SoD), and practical understanding of how to make IAM controls auditable and repeatable.
Strong understanding for the RBAC and ABAC models.
Protocols & standards: hands-on familiarity with authentication/authorization standards such as SAML and OAuth (OIDC knowledge is a plus).
Cloud identity: experience with Azure AD / Entra ID (Conditional Access, identity protection, roles, app integrations).
Directory services: solid fundamentals in Active Directory (GPO, LDAP, domain controllers, operational hygiene).
Automation mindset: scripting (PowerShell and/or Python) and comfort working with APIs and structured data to streamline IAM operations.
Collaboration & communication: strong English and the ability to work effectively with multiple stakeholders (Security, IT, platform teams, system owners).

Flexibility. Flexible working hours, Hybrid work, and the possibility to work from anywhere in the EU, Iceland, Switzerland, and the UK (in total 90 days per year).
International teams. Teams that go outside Pan-Baltic borders, where people value challenging work together with good humor and having fun.
More vacation. Additional weeks of vacation are available to all employees who have been in the company for 1 year or more.
Volunteer time off. We care about giving back to society, therefore, you will get additional days off for volunteering purposes.
Paid leave. We are proud of our employees who are participating in military training. Therefore, Luminor offers 30 fully paid calendar days for military training every year.
Health benefits. A competitive benefits package in addition to your salary that includes health insurance after the first 3 months pass in all three Baltic states, as well as Health days in case of your absence due to sickness without a doctor's note needed.
Wellbeing. Access to tools and resources that help you feel good and be productive at work and in life.
Professional growth. Internal and external training programs, workshops, conferences, online training, etc.
Special Offer for Luminor products & services. Enjoy special offers & pricing for products and services provided by Luminor.