Senior Identity System Engineer

Sanford Health is one of the largest and fastest-growing not-for-profit health systems in the United States. We’re proud to offer many development and advancement opportunities to our nearly 50,000 members of the Sanford Family who are dedicated to the work of health and healing across our broad footprint.

Work Shift:

8 Hours - Day Shifts (United States of America)

Scheduled Weekly

Hours:

40

Salary Range: $40.00 - $66.00 Pay starts at $40 and increases according to years of applicable experience.

No Union Position

The Senior Identity Systems Engineer is responsible for designing, implementing, and securing enterprise identity and access management infrastructure that enables reliable authentication, authorization, and access management across hybrid environments. Engineers in this family ensure that users, systems, and applications are authenticated, authorized, and protected in alignment with security standards, regulatory requirements, and business needs.

The Senior Identity Systems Engineer is an advanced technical role responsible for designing, implementing, and optimizing enterprise identity infrastructure across on-premises and cloud environments. This position leads the architecture of domain topologies, forest structures, and global replication, while ensuring hybrid identity solutions provide seamless sign-in experiences across platforms. The engineer drives the adoption of modern authentication protocols such as Kerberos, OAuth, OpenID Connect, and SAML, and leads initiatives around just-in-time access, privileged session monitoring, and automated access governance.

Responsibilities include integrating systems through API calls (REST, SOAP, JSON), managing enterprise PKI and certificate life cycles, enforcing security baselines via Group Policy, and ensuring compliance with regulatory frameworks such as SOX, HIPAA, and GDPR. In addition to technical execution, the Senior Identity Systems Engineer plays a mentoring role, guiding junior engineers in best practices and fostering team knowledge growth. With a focus on innovation and automation, this role ensures that the organization's identity services remain secure, resilient, and aligned with modern zero trust principles and evolving business needs.

This role requires deep technical expertise in Active Directory, Entra , authentication protocols, Identity Governance Administration (IGA), Privileged Access Management (PAM) and PKI with a strong focus on information security, compliance, strong problem-solving skills, a security-first mindset, and least-privilege enforcement. The Senior Identity Systems Engineer ensures the organization's identity platforms are resilient, scalable, and secure to support business operations and protect sensitive data.

The Senior Identity Systems Engineer will work closely with cross-functional IT, application, and security teams to ensure alignment with business objectives, regulatory requirements, and industry best practices.

Bachelor’s degree required, in lieu of education, leadership may consider an Associate’s Degree plus 3 years of applicable experience in computer science or related field.

Minimum of 3-4 years applicable work experience required. Including but not limited to:

• Supporting Active Directory, Domain Services, Hybrid Identities, & Entra
• Implementing SSO/MFA workflows using SAML 2.0 and/or OIDC
• Maintaining Public Key Infrastructure (PKI)
• Supporting Identity Lifecycle & Access Governance workflows and technical integrations
• Implementation of information security standards and procedures including HIPAA and PCI

Security Certifications (CISSP, CISA, CISM, Security+, CEH, etc.) are highly desired.

Sanford is an EEO/AA Employer M/F/Disability/Vet.

If you are an individual with a disability and would like to request an accommodation for help with your online application, please call or send an email to talent.