Vacancy NoVN360StatusActiveLocationMexicoLocation CountryMexicoLocation RegionLocation CityGuadalajaraDescriptionATG is looking for a Senior Staff IT Engineer who will own the identity and access ecosystem that every person in the business depends on, while also rolling up their sleeves across the full spectrum of IT operations. This is a senior, hands-on role at a lean organization, so you’ll have the opportunity to wear many core of this role is identity and lifecycle automation. You’ll design and operate JML workflows that provision and deprovision access reliably across a multi-system environment, and you’ll bring a track record of integrating SaaS, PaaS, and IaaS platforms with an enterprise IdP using SAML, OAuth, and SCIM. Beyond identity, you’ll contribute to user management, patch management, endpoint operations, security hygiene, and a broader infrastructure modernization program that is well underway.If you want a role where the work is consequential and no two weeks look the same, this is it.Key ResponsibilitiesIdentity, Automation & LifecycleOwn and mature the Joiner-Mover-Leaver (JML) process end to end: design, build, and operate automation that ensures access is provisioned accurately and deprovisioned promptlyArchitect SCIM-based provisioning between the enterprise IdP and downstream platforms, and maintain SSO federation using SAML and OAuth across the application estateEstablish a single system of record for identity lifecycle events, integrating HR, ITSM, and identity platforms into a coherent, auditable workflowEnsure access governance hygiene: stale account identification, MFA enforcement, RBAC management, and access anomaly visibility for the Security teamProductivity & SaaS Platform EngineeringAdminister and engineer integrations across the ATG productivity stack, including collaboration, ITSM, finance, and document management platformsOwn SaaS license management, including allocation, reclamation, and reportingLead vendor engagement for supported platforms: escalate support cases, manage integrations, and advocate for features that reduce operational overheadIT Operations & EngineeringProvide escalation-level support for endpoint issues across Windows and macOS; oversee MDM policy for compliance, patching, and software deploymentWrite and maintain scripts (PowerShell, Python, or equivalent) to automate repetitive IT operations tasksContribute to infrastructure modernization, including decommissioning legacy systems, cloud IAM hygiene, network security initiatives, and Zero Trust adoption within the identity layerPartner with Information Security, HR, and Finance to meet access control, compliance, and audit requirements, including support for PCI DSS obligationsDocument architecture decisions, runbooks, and SOPs to a standard the next engineer can operateKey RequirementsTechnical Skills & ExperienceEssential5+ years of IT engineering or identity engineering experience in a corporate environmentDeep, hands-on experience with an enterprise cloud IdP (e.g. Entra ID, Okta, or equivalent): user lifecycle management, conditional access, SCIM provisioning, and SSO federationA track record of integrating SaaS, PaaS, and IaaS platforms with an enterprise IdP using SAML, OAuth, and SCIM, including production integrations you have built and maintainedDemonstrated success designing and implementing automated JML workflows in a multi-system environment, including integration with ITSM and HR platformsAdministration experience across a modern cloud productivity suite (M365 or equivalent) and ITSM platformsScripting proficiency in PowerShell and/or Python; solid networking fundamentalsStrong documentation discipline: architecture diagrams, runbooks, SOPsHighly DesirableExperience across multiple IdP platforms, with the ability to articulate architectural trade-offs between themHands-on experience with Zero Trust controls: conditional access, device compliance, phishing-resistant MFA, and continuous access evaluationExperience decommissioning or migrating legacy on-premises infrastructure, including directory services and virtualisation platformsExperience governing cloud IAM at scale, covering policy hygiene, least privilege enforcement, and access review processesExperience integrating ERP or HR systems into an identity provisioning pipelineExperience in a PCI DSS or similarly regulated environment; familiarity with NIST or ISO 27001 frameworksRelevant certifications in identity, cloud, network security, or endpoint managementWhat “Good” Looks LikeYou’ve taken ownership of a JML process before and made it meaningfully better. You can articulate the difference between SAML and OIDC without hesitation, and when to use which. You’ve connected real platforms to an IdP and can walk through the design decisions you made and why.You’re just as comfortable triaging an endpoint issue or picking up a security task as you are architecting an identity workflow. YouEmployment TypePermanentDurationPermanentBusiness NameMexicoFunction NameTechnology#J-18808-Ljbffr