Identity & Privileged Access Management Engineer

Boston | Norwalk | Rochester

Datto is looking for an Identity & Privileged Access Management Engineer (IdAM + PAM) to add to our Internal Systems Engineering team. You will work closely with engineering and business leadership to set strategy, drive development, maintain compliance,  build automation,  ultimately bringing to maturity to our Identity & Access management programs as they relate to our internal systems. 

Responsibilities include

  • Manage and maintain Identity Management, Federation, and Synchronization of Identities across Datto’s internal ecosystem.
  • Partner closely with InfoSec, compliance, and other service owners responsible for establishing governance, policies, and requirements.
  • Develop IAM/PAM/PIM foundational standards and controls for platforms and environments, both on prem and in cloud hosted environments.
  • Work to ensure audit tasks related to Identity Management are completed, with the participation of appropriate partners and in line with Information Security standards.
  • Support technical integration needs (design, development, implement) that facilitate connectivity between SSO, directory, and provisioning tools .
  • Ensure the maintenance, patching, operation, and monitoring of IAM systems are in place and aligned with our Lifecycle management policy.
  • Engineer solutions to ensure that PAM solutions and services perform according to defined processes, meet defined policies and comply with information security requirements
  • Ability to produce high-quality documentation appropriate for its intended audience; work with internal teams on user interface documents and tutorials; generate and maintain flowcharts, diagrams, process diagrams
  • Lead emerging trend research, orchestrate product evaluations, and select the latest industry standards and tools  


Required Skills

  • Experience with automating access control processes such as User Provisioning, Onboarding, Role-Based Access Control (RBAC), authorization models, Single Sign-On(SSO), Active Directory
  • Experience with design and implementation of Identity LifeCycle Management
  • Experience with design and implementation with technologies such as Active Directory, OKTA, 2FA/MFA/FIDO Technologies, etc.
  • Experience with integrating Identity with Cloud/SaaS providers (eg AWS, Azure, GCP.)
  • Experience with certificate management and PKI services.
  • Experience with design and implementation of least privilege or zero trust technologies.
  • Experience with endpoint management such as Jamf Pro, SCCM, Munki.
  • Experience with G-Suite and Microsoft 365 .
  • Experience with enterprise password management, such as 1Password.
  • Desired Skills
  • Bachelor's degree or equivalent IT work experience
  • Experience supporting enterprise-level systems in large, diverse IT service environments.

Familiarity with Beyond Corp concepts and/or implementations.

At Datto, we believe our employees are our greatest asset and offer all full-time employees a wide-ranging benefits package, including: 

  • Comprehensive health-care benefits
  • Free lunch every Friday
  • Flexible paid time off policy
  • Free food, drinks, and fresh organic fruit
  • Fitness reimbursement
  • Charity match program
  • Transit subsidy in select cities
  • Education reimbursement
  • And more!

By submitting an application, you acknowledge we will process your data in order to consider you for the position you apply for and for other open positions within our company for which you may be suited. We collect and store your data in accordance with our Recruiting Privacy Practices

Datto is an equal opportunity employer.

Identity & Privileged Access Management Engineer

Demographic Questions

Individuals seeking employment at Datto are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. In order to track the effectiveness of our recruiting efforts and ensure we consider the needs of all our employees, please consider answering the following questions.

Completion is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter and any information that you do provide will be recorded and maintained in a confidential file.

Your responses to any of the following questions will be anonymized and only used to improve Datto’s diversity and inclusion initiatives. These responses will not be used / reviewed in connection with your application for employment.

I identify my gender as:

I identify as transgender:

I consider myself a member of the LGBTQ+ community

I identify my sexual orientation as:

I identify my ethnicity as:

Veteran status:

I have a physical disability:


Sorry, your application was not successfully submitted

Hurray! Your application was successfully submitted

Back to Careers