Location City
Guadalajara
Description
ATG is looking for a Senior Staff IT Engineer who will own the identity and access ecosystem that every person in the business depends on, while also rolling up their sleeves across the full spectrum of IT operations. This is a senior, hands-on role at a lean organization, so you’ll have the opportunity to wear many hats.
The core of this role is identity and lifecycle automation. You’ll design and operate JML workflows that provision and deprovision access reliably across a multi-system environment, and you’ll bring a track record of integrating SaaS, PaaS, and IaaS platforms with an enterprise IdP using SAML, OAuth, and SCIM. Beyond identity, you’ll contribute to user management, patch management, endpoint operations, security hygiene, and a broader infrastructure modernization program that is well underway.
If you want a role where the work is consequential and no two weeks look the same, this is it.
Key Responsibilities
Identity, Automation & Lifecycle
Own and mature the Joiner-Mover-Leaver (JML) process end to end: design, build, and operate automation that ensures access is provisioned accurately and deprovisioned promptly
Architect SCIM-based provisioning between the enterprise IdP and downstream platforms, and maintain SSO federation using SAML and OAuth across the application estate
Establish a single system of record for identity lifecycle events, integrating HR, ITSM, and identity platforms into a coherent, auditable workflow
Ensure access governance hygiene: stale account identification, MFA enforcement, RBAC management, and access anomaly visibility for the Security team
Productivity & SaaS Platform Engineering
Administer and engineer integrations across the ATG productivity stack, including collaboration, ITSM, finance, and document management platforms
Own SaaS license management, including allocation, reclamation, and reporting
Lead vendor engagement for supported platforms: escalate support cases, manage integrations, and advocate for features that reduce operational overhead
IT Operations & Engineering
Provide escalation-level support for endpoint issues across Windows and macOS; oversee MDM policy for compliance, patching, and software deployment
Write and maintain scripts (PowerShell, Python, or equivalent) to automate repetitive IT operations tasks
Contribute to infrastructure modernization, including decommissioning legacy systems, cloud IAM hygiene, network security initiatives, and Zero Trust adoption within the identity layer
Partner with Information Security, HR, and Finance to meet access control, compliance, and audit requirements, including support for PCI DSS obligations
Document architecture decisions, runbooks, and SOPs to a standard the next engineer can operate
Key Requirements
Technical Skills & Experience
Essential
5+ years of IT engineering or identity engineering experience in a corporate environment
Deep, hands-on experience with an enterprise cloud IdP (e.g. Entra ID, Okta, or equivalent): user lifecycle management, conditional access, SCIM provisioning, and SSO federation
A track record of integrating SaaS, PaaS, and IaaS platforms with an enterprise IdP using SAML, OAuth, and SCIM, including production integrations you have built and maintained
Demonstrated success designing and implementing automated JML workflows in a multi-system environment, including integration with ITSM and HR platforms
Administration experience across a modern cloud productivity suite (M365 or equivalent) and ITSM platforms
Scripting proficiency in PowerShell and/or Python; solid networking fundamentals
Strong documentation discipline: architecture diagrams, runbooks, SOPs
Highly Desirable
Experience across multiple IdP platforms, with the ability to articulate architectural trade-offs between them
Hands-on experience with Zero Trust controls: conditional access, device compliance, phishing-resistant MFA, and continuous access evaluation
Experience decommissioning or migrating legacy on-premises infrastructure, including directory services and virtualisation platforms
Experience governing cloud IAM at scale, covering policy hygiene, least privilege enforcement, and access review processes
Experience integrating ERP or HR systems into an identity provisioning pipeline
Experience in a PCI DSS or similarly regulated environment; familiarity with NIST or ISO 27001 frameworks
Relevant certifications in identity, cloud, network security, or endpoint management
What “Good” Looks Like
You’ve taken ownership of a JML process before and made it meaningfully better. You can articulate the difference between SAML and OIDC without hesitation, and when to use which. You’ve connected real platforms to an IdP and can walk through the design decisions you made and why.
You’re just as comfortable triaging an endpoint issue or picking up a security task as you are architecting an identity workflow. You
Employment Type
Permanent
