Join our team as an IAM Engineer (Identity & Access Management)!

Yes, you can! That's our attitude towards our work, ambitions, ideas and relationships. We, at Luminor, believe that anyone has the potential to achieve big things and encourage everyone to achieve them – professionally and personally. 

Whoever you are, and whatever your role is, with Luminor you will get a once-in-a-lifetime opportunity to build a local banking champion.

Identity is the new perimeter — and in a bank, IAM is one of the most critical control areas. In this role, you will help engineer and run Luminor’s Identity & Access Management capabilities across hybrid environments (on‑prem + cloud), enabling secure access, improving resilience, and ensuring strong auditability and compliance.

You’ll join a team whose scope covers end‑to‑end IAM operations and engineering: IGA (incl. application onboarding/offboarding and entitlements), Entra ID (Conditional Access, MFA hardening, SSO onboarding), and Active Directory hygiene and remediation — with a strong focus on standardization, automation, and measurable outcomes.

What You Will Do:

• Implement and operate IAM solutions across the IAM stack, including identity lifecycle management (Joiner/Mover/Leaver), access request workflows, and governance controls.

• Engineer secure access controls using least privilege, need‑to‑know, and segregation of duties principles; support recertification and access assurance activities with solid evidence trails.

• Manage cloud identity controls in Microsoft Entra ID / Azure AD, including Conditional Access, identity protection, role management, and troubleshooting access issues.

• Support application onboarding for SSO, ensuring integrations follow secure authentication/authorization standards (e.g., SAML/OAuth/OIDC) and meet security requirements.

• Work with IGA capabilities (including platforms such as IBM Security Verify Governance) to onboard/offboard applications, model entitlements/access profiles, and maintain reporting for audits and stakeholders.

• Operate and improve Active Directory fundamentals (GPO/LDAP/domain controllers), hygiene and remediation initiatives, and monitoring practices.

• Automate repetitive tasks and improve reliability using scripting (PowerShell/Python) and API‑driven integrations, contributing to a more efficient IAM “as‑a‑service” model.

• Contribute to incident/change handling and cross‑team collaboration (Security Engineering, Platform, Network, application owners), including clear documentation and reporting.

What We Expect: 

• Experience: 3+ years (or strong equivalent) implementing and/or operating IAM in an enterprise environment (regulated industry experience is a strong plus).

• Core IAM knowledge: SSO, MFA, access governance concepts (JML, approvals, recertification, SoD), and practical understanding of how to make IAM controls auditable and repeatable.

• Strong understanding for the RBAC and ABAC models.

• Protocols & standards: hands‑on familiarity with authentication/authorization standards such as SAML and OAuth (OIDC knowledge is a plus).

• Cloud identity: experience with Azure AD / Entra ID (Conditional Access, identity protection, roles, app integrations).

• Directory services: solid fundamentals in Active Directory (GPO, LDAP, domain controllers, operational hygiene).

• Automation mindset: scripting (PowerShell and/or Python) and comfort working with APIs and structured data to streamline IAM operations.

• Collaboration & communication: strong English and the ability to work effectively with multiple stakeholders (Security, IT, platform teams, system owners).

Nice to have:

• Experience with IGA platforms (e.g., IBM Security Verify Governance, SailPoint, Okta, etc. ) and entitlement/access model design.

• AWS IAM experience (roles/policies/federation patterns) in hybrid identity architectures.

• DevOps/IaC familiarity (GitLab, CI/CD, Terraform) and knowledge of how to embed IAM controls into delivery and operations workflows.

• Relevant certifications (Microsoft identity/security, AWS security, IAM/IGA/PAM vendor certs)

What We Offer:

• Flexibility. Flexible working hours, Hybrid work, and the possibility to work from anywhere in the EU, Iceland, Switzerland, and the UK (in total 90 days per year).

• International teams. Teams that go outside Pan-Baltic borders, where people value challenging work together with good humor and having fun.

• More vacation. Additional weeks of vacation are available to all employees who have been in the company for 1 year or more.

• Volunteer time off. We care about giving back to society, therefore, you will get additional days off for volunteering purposes.

• Paid leave. We are proud of our employees who are participating in military training. Therefore, Luminor offers 30 fully paid calendar days for military training every year.

• Health benefits. A competitive benefits package in addition to your salary that includes health insurance after the first 3 months pass in all three Baltic states, as well as Health days in case of your absence due to sickness without a doctor's note needed.

• Wellbeing. Access to tools and resources that help you feel good and be productive at work and in life.

• Professional growth. Internal and external training programs, workshops, conferences, online training, etc.

• Special Offer for Luminor products & services. Enjoy special offers & pricing for products and services provided by Luminor.

• Gross salary. 4,010 - 6,010, which is to be determined depending on your level of experience and competencies.

The application deadline is the 11th of February. We are looking for a candidate primarily already located within the Baltics. Please apply with your CV in English and PDF format. 
If you're interested to apply please don't wait until the last day: we can still proceed with suitable candidates before the application deadline.