Lead Identity System Engineer

Sanford Health is one of the largest and fastest-growing not-for-profit health systems in the United States. We’re proud to offer many development and advancement opportunities to our nearly 50,000 members of the Sanford Family who are dedicated to the work of health and healing across our broad footprint. 

Work Shift:

8 Hours - Day Shifts (United States of America)

Scheduled Weekly Hours:

40

Salary Range: $46.00 - $76.00

Union Position:

No

Department Details

Experience with Saviynt is highly preferred.

Summary

The Lead Identity Systems Engineer is responsible for designing, implementing, and securing enterprise identity and access management infrastructure that enables reliable authentication, authorization, and access management across hybrid environments. Engineers in this family ensure that users, systems, and applications are authenticated, authorized, and protected in alignment with security standards, regulatory requirements, and business needs.

Job Description

The Lead Identity Systems Engineer is a leadership role that combines deep technical expertise with operational oversight, ensuring that enterprise identity platforms are secure, scalable, and reliable across on-premises and cloud environments. This position leads the deployment, configuration, and lifecycle management of Active Directory, Entra ID, PKI, and hybrid identity services, while overseeing governance processes such as access reviews, audits, and compliance reporting. The Lead Identity Systems Engineer defines operational standards, playbooks, and escalation paths, serving as the technical lead for identity projects, integrations, and cross-platform authentication initiatives. Responsibilities include enforcing least privilege, securing sensitive systems, managing certificate lifecycles, and automating provisioning and access governance workflows. In addition, this role partners with Information Security leadership to align identity services with organizational policy, mentors and develops engineering team members, and monitors operational KPIs to drive efficiency, resilience, and continuous improvement. Balancing technical delivery with administrative leadership and strategic input, the Lead Identity Systems Engineer plays a pivotal role in maturing the enterprise's identity ecosystem while enabling secure business operations. Works under limited guidance due to previous experience/breadth of knowledge of processes and organizational knowledge. Acts independently to determine methods and procedures on new assignments. Regularly presented with new assignments and projects that require the application of independent judgement and interpretation of policies and practices. Consistently checks the work of other team members and provides performance feedback. Assist the team Manager with the following: Adherence with Sanford Health policies and procedures is maintained by the team (e.g., timecards are submitted on time, etc.), prioritize work to all team members, assign team members to projects based on experience, workload, and growth opportunities, and ensures deadlines for projects are met. This role requires deep technical expertise in Active Directory, Entra ID, authentication protocols, Identity Governance Administration (IGA), Privileged Access Management (PAM) and PKI with a strong focus on information security, compliance, strong problem-solving skills, a security-first mindset, and least-privilege enforcement. The Lead Identity Systems Engineer ensures the organization's identity platforms are resilient, scalable, and secure to support business operations and protect sensitive data. The Lead Identity Systems Engineer will work closely with cross-functional IT, application, and security teams to ensure alignment with business objectives, regulatory requirements, and industry best practices.

Qualifications

Bachelor’s degree required, in lieu of education, leadership may consider an Associate’s Degree plus 3 years of applicable experience in computer science or related field.

Minimum of 5 years applicable work experience required. Including but not limited to: • Supporting Active Directory, Domain Services, Hybrid Identities, & Entra ID • Implementing SSO/MFA workflows using SAML 2.0 and/or OIDC • Maintaining Public Key Infrastructure (PKI) • Supporting Identity Lifecycle & Access Governance workflows and technical integrations • Implementation of information security standards and procedures including HIPAA and PCI

Security Certifications (CISSP, CISA, CISM, Security+, CEH, etc.) are highly desired.

Sanford is an EEO/AA Employer M/F/Disability/Vet. 

If you are an individual with a disability and would like to request an accommodation for help with your online application, please call 1-877-673-0854 or send an email to talent@sanfordhealth.org.