IAM Developer

Role Overview:

Thoughtworks is seeking an experienced(Minimum 5+ years) IAM Specialist with strong expertise in Google Workspace and Okta to support our User Identity services.

This role is responsible for the day-to-day management of identity and access across the Thoughtworks ecosystem, including user lifecycle management (Joiner–Mover–Leaver), access provisioning, SSO integrations, MFA policies, and Identity compliance.

The ideal candidate has hands-on experience operating Google Workspace and Okta in a global enterprise environment and can ensure stability, security, and smooth execution of IAM business-as-usual (BAU) activities.

This is a hands-on operational role focused on reliability, access governance, and maintaining a secure identity environment.

Key Responsibilities

1. Google Workspace Administration (Must Have)

• Administer and optimize Google Workspace in a multi-OU enterprise environment
   

• Manage user lifecycle (Joiner–Mover–Leaver) automation and provisioning workflows
   

• Configure and maintain:
   

  • Admin roles & delegated access
     

  • Groups, Shared Drives, and Drive governance
     

  • Context-aware access and security settings
     

  • Gmail routing and domain configurations
     

• Support investigations using audit logs and reporting tools
   

• Work with GAM (Google Apps Manager) for bulk operations and automation

2. Okta Identity Management (Must Have)

• Administer and optimize Okta for enterprise SSO and identity lifecycle
   

• Manage SAML, OIDC, and SCIM integrations
   

• Configure and maintain:
   

  • App provisioning and deprovisioning
     

  • MFA policies and sign-on policies
     

  • Lifecycle workflows
     

  • Group-based access controls
     

• Support secure rollout initiatives (e.g., phishing-resistant MFA, device-bound authentication)
   

• Troubleshoot federation and authentication issues across integrated systems

3. Identity Lifecycle & Access Governance

• Drive JML process automation between HR systems, Okta, and Google Workspace
   

• Ensure timely provisioning/deprovisioning and least-privilege enforcement
   

• Handle IAM tickets and complex access issues
   

• Partner with Infosec for compliance audits and access reviews
   

• Maintain clean entitlement models and reduce over-provisioning

Tech Stack Requirements

Must Have

• 5+ years of hands-on IAM experience
   

• Deep administration experience in:
   

  • Google Workspace
     

  • Okta
     

• Strong knowledge of:
   

  • SAML 2.0
     

  • OAuth / OIDC
     

  • SCIM provisioning
     

  • MFA & access policies
     

• Experience managing identity in a global enterprise environment (5k+ users preferred)
   

Nice to Have

• Experience with FastPass / passwordless authentication
   

• Exposure to device trust / device context policies
   

• Experience in IAM automation at scale
   

• Knowledge of access governance best practices

Skills & Competencies

• Strong troubleshooting mindset across identity flows
   

• Ability to collaborate across Security, Data, and Infrastructure teams
   

• Strong documentation and process design skills
   

• Comfortable operating in a high-scale, multi-region enterprise
   

• Ability to challenge insecure practices and drive improvement