Solution Architect IAM 

What you will do

As an IAM Engineer, you are responsible for the daily management, maintenance, and continuous improvement of our Identity and Access Management systems. You support both operational activities and implementation of IAM-related projects, ensuring users, systems, and applications are securely and efficiently managed.
You will work closely with solution architects, security specialists, IT operations, and business stakeholders to maintain a robust IAM landscape aligned with security policies and compliance requirements.

Key Responsibilities: 

• Operational Management & Support:
  
  • Administer and maintain IAM platforms such as Active Directory, Entra ID, and CyberArk PAM.
  • Manage user provisioning, de-provisioning, role-based access (RBAC), and group policies.
  • Monitor and support remote access solutions using tools like CyberArk Remote Access & Azure Reverse Proxy
  • Maintain secure access across the organization, including contractors, partners, and third parties.
  • Troubleshoot IAM-related issues and act as second-line support for escalated incidents.
  • Execute periodic access reviews and ensure timely resolution of access-related requests.
• Project Implementation:
  
  • Support implementation and optimization of IAM tools and features (e.g., SSO, MFA, Conditional Access).
  • Participate in the rollout of IAM improvements and integrations across on-prem and cloud platforms.
  • Collaborate with architects and project managers on IAM project delivery and system upgrades.
  • Ensure documentation is kept up to date for all implemented IAM processes and controls.
• Access & Privileged Management:
  
  • Manage Privileged Access Management via Microsoft PIM and CyberArk PAM.
  • Support the lifecycle of certificates and secrets used in authentication and system integrations.
  • Enforce access control policies and maintain security configurations in line with compliance standards.
  • Ensure availability and reliability of identity infrastructure services (e.g., AD, Entra ID, authentication proxies).

What we do for you

We offer you the opportunity to join one of the world’s premier research centers in nanotechnology at its headquarters in Leuven, Belgium. With your talent, passion and expertise, you’ll become part of a team that makes the impossible possible. Together, we shape the technology that will determine the society of tomorrow.

We are committed to being an inclusive employer and proud of our open, multicultural, and informal working environment with ample possibilities to take initiative and show responsibility. We commit to supporting and guiding you in this process; not only with words but also with tangible actions. Through imec.academy, 'our corporate university', we actively invest in your development to further your technical and personal growth. 

We are aware that your valuable contribution makes imec a top player in its field. Your energy and commitment are therefore appreciated by means of a market appropriate salary with many fringe benefits such as bike allowances, partner coaching, parental leave. 

Who you are

• Solid experience with IAM technologies including:
  
  • Active Directory and Microsoft Entra ID
  • CyberArk PAM and CyberArk Remote Access
  • Microsoft PIM
  • SSO, MFA, Conditional Access
• Familiarity with identity lifecycle management, certificate handling, and secrets management
• Knowledge of IGA (Identity Governance and Administration) tools—experience with Omada is a strong plus
• Understanding of RBAC and access control principles
• Basic scripting skills (e.g., PowerShell) are a plus
• Strong troubleshooting and communication skills

IMEC and its affiliates will not accept unsolicited resumes from any source other than directly from a candidate. IMEC will consider unsolicited referrals and/or resumes submitted by vendors such as search firms, staffing agencies, professional recruiters, fee-based referral services and recruiting agencies (hereafter “Agency”) to have been referred by the Agency free of charge. IMEC will not pay a fee to any Agency that does not have a prior written agreement with IMEC, validated by its HR department, in place regarding a specific job opening and allowing to submit resumes.