Team Intro The Access Assurance vertical within USDS Data Defense and Access Assurance (DDAA) Team is responsible for designing and maintaining an access management program with a mission to enforce the principle of least privilege. We strive to establish secure and compliant processes around provisioning, deprovisioning and governance of access to USDS data and infrastructure proactively identifying and reducing risks. Job Overview: As an Identity Management Engineer reporting directly to the Principal Lead of US Data, Identity and Access Management (DIAM), you will contribute to engineering, deploying, and maintaining identity security within TikTok USDS’s global infrastructure. Your role ensures secure identity lifecycle management, enforcing the principles of least privilege and compliance with international regulatory requirements. In order to enhance collaboration and cross-functional partnerships, among other things, at this time, our organization follows a hybrid work schedule that requires employees to work in the office 3 days a week, or as directed by their manager/department. We regularly review our hybrid work model, and the specific requirements may change at any time. Responsibilities: - Develop and execute technical strategies for Identity Management programs. - Engineer and support onboarding of applications onto IAM platforms (Azure AD, Google Workspace). - Implement identity and access governance to mitigate risks associated with inappropriate access. - Design and enforce regular identity review processes and privilege assessments. - Develop and maintain IAM policies, procedures, and proactive monitoring mechanisms. - Integrate IAM solutions with cybersecurity technologies (SIEM, vulnerability management). - Engineer, deploy, and operationalize CyberArk PAM solutions (on-prem and Privilege Cloud). - Implement privileged session management, credential vaulting, and least privilege controls. - Design and manage integrations between CyberArk and enterprise infrastructure (AD, cloud services). - Conduct assessments and audits of privileged access configurations. - Develop automated processes for privileged account lifecycle management.

Minimum Qualifications: - Minimum 5+ years of IT industry experience. - Minimum 3+ years focus on Identity and Access Management responsibilities. - Strong technical background in Windows/Linux systems access management. - Experience with role-based access control frameworks. - Proven ability to adapt quickly to emerging IAM technologies and practices. Preferred Qualifications: - Expertise in Active Directory/Azure AD/Entra ID. - Systems engineering or IT admin experience preferred. - Hands-on scripting experience (PowerShell, REST APIs) to automate privileged access tasks. - Extensive expertise with CyberArk Privilege Cloud or similar PAM platforms (BeyondTrust, Thycotic). - Knowledge of privileged account security strategies in hybrid cloud environments.