"Alerted.org

**At Greenbrier, we do the hard work that matters.** The Greenbrier Companies (NYSE:GBX) is powering the movement of products around the world as a leading designer, manufacturer and supplier of freight rail transportation equipment and services.

**Greenbrier’s heritage of hard work and industrial innovation is celebrated at every level of our organization.** We structure our business to support teams that deliver innovative solutions for our customers while positively impacting the world around us.

**Greenbrier’s success begins with people.** We believe in supporting our global workforce through our unwavering attention to Safety, Quality, Respect for People and Customer Satisfaction. Our IDEAL commitment is rooted in these values, which promotes Inclusion, Diversity, Equity, Access, and Leadership, creating a culture where employees are fulfilled and feel good about coming to work every day. A diverse, qualified, and engaged talent base is the key to our success.

Summary

The Senior IAM/IAG Engineer leads the design, implementation, and ongoing management of Identity and Access Management solutions, with a focus on Microsoft Entra ID P2 as the organization transitions from its existing IAM platform. This position automates IAM processes using Entra ID Premium P2 and applies deep expertise in Microsoft identity technologies. It collaborates closely with the Governance, Risk, and Compliance (GRC) team to ensure compliance with SOX ITGC controls and with IT Operations to support ticketing, escalations, and day-to-day operations.

The role architects and builds a comprehensive persona database independent of global HRIS systems to streamline role development, assignment, and management. It addresses challenges related to inconsistent job titles and the lack of centralized job descriptions. The Senior IAM/IAG Engineer also mentors and trains a junior-level IAM engineer, supporting their professional growth within the IAM domain.

Duties and Responsibilities

_To perform this job successfully an individual must be able to perform the following essential duties satisfactorily. Other duties may be assigned to address business needs and changing business practices._

+ Leads the design, implementation, and maintenance of IAM infrastructure centered around Microsoft Entra ID P2.

+ Develops and implements automation strategies for identity lifecycle management, access provisioning and deprovisioning at the Network AD and application layers, and governance using Entra ID P2 features (e.g., PIM, Conditional Access, Identity Governance, Access Reviews).

+ Architects, builds, and manages a centralized persona database for role definition, assignment, and management, independent of existing HRIS systems.

+ Collaborates closely with the GRC team to transition and maintain SOX ITCG controls from SailPoint to Entra ID P2, ensuring continuous compliance.

+ Partners with IT Operations to integrate IAM processes with ticketing systems (e.g., ServiceNow, Jira) and define escalation procedures.

+ Serves as a subject matter expert for Microsoft Entra ID P2, providing technical guidance and support to other teams.

+ Develops and maintain comprehensive documentation for IAM processes, configurations, and architectural designs.

+ Identifies and recommend improvements to IAM/IAG posture, security, and operational efficiency.

+ Applies strong understanding of IAM principles, including least privilege, role-based access control (RBAC), identity lifecycle management, and authentication/authorization protocols.

+ Troubleshoots and resolve complex IAM-related issues.

+ Mentors, trains, and guides a junior IAM engineer, fostering their technical skills and understanding of IAM principles.

+ Stays current with emerging IAM technologies, threats, and industry best practices.

Qualifications

_The following generally describes requirements to successfully perform the assigned duties._

Minimum Qualifications

+ Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.

+ 5+ years of experience in Identity and Access Management (IAM/IAG).

+ Proven, hands-on experience designing, implementing, and managing solutions with Microsoft Entra ID P2, including features such as:

+ Privileged Identity Management (PIM)

+ Conditional Access policies

+ Entra ID Identity Governance (Access Reviews, Entitlement Management, etc.)

+ Identity Protection

+ Application integration (SAML, OAuth, OpenID Connect)

+ Demonstrable experience in automating IAM processes using scripting languages (e.g., PowerShell, Python) and Entra ID P2 capabilities.

+ Strong understanding of IAM principles, including least privilege, role-based access control (RBAC), and identity lifecycle management.

+ Experience with migrating from an existing IAM solution (preferably SailPoint) to a new platform.

+ Familiarity with SOX ITCG controls and experience working with GRC teams to ensure compliance.

+ Experience in developing and managing role-based access models and persona databases, particularly in environments with disparate HR systems and non-standardized job titles.

+ Proven ability to collaborate effectively with cross-functional teams, including IT Operations, GRC, and application owners.

+ Excellent problem-solving, analytical, and critical-thinking skills.

+ Strong communication (written and verbal) and interpersonal skills.

+ Demonstrated experience in mentoring or leading junior team members.

+ Ability to analyze, make decisions, and solve problems using sound inclusive reasoning and judgement, proactively anticipating needs and prioritizing action steps

+ Advanced communication (written and verbal) and interpersonal skills, with the ability to explain complex technical concepts to both technical and non-technical audiences.

+ Proven ability to work effectively in a team-oriented, collaborative environment.

+ Experience in mentoring and developing junior team members.

+ Ability to manage multiple priorities and projects in a fast-paced environment.

+ Proactive and results-oriented with a strong sense of ownership.

Preferred Qualifications

+ Relevant Microsoft certifications (e.g., Microsoft Certified: Identity and Access Administrator Associate, Microsoft Certified: Cybersecurity Architect Expert).

+ Experience with other IAM products and technologies.

+ Familiarity with IAG assessment methodologies and roadmap development.

+ Knowledge of SRE and ITIL frameworks.

+ Understanding of cloud security principles across IaaS, PaaS, and SaaS.

+ Experience with ISO 27001 controls for IAM compliance and/or experience with ISO audits of IAM controls is a plus.

Work Environment and Physical Requirements

Work Environment

_The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions._

+ This is a remote position with some travel.

Physical Activities and Requirements

_Frequency Key_

Not Applicable: Activity is not applicable to this occupation

Occasionally: Occupation requires this activity up to 33% of the time (0- 2.5+ hours/day)

Frequently: Occupation requires this activity from 33% - 66% of the time (2.5- 5.5+ hours/day)

Constantly: Occupation requires this activity more than 66% of the time (5.5+ hours/day)

Working Postures

+ Sit: Constantly

+ Stand: Occasionally

+ Walk: Occasionally

+ Bend: Not Applicable

+ Kneel/Squat: Not Applicable

+ Crawl: Not Applicable

+ Climb: Not Applicable

+ Reach Forward: Not Applicable

+ Reach Upward: Not Applicable

+ Handling/Fingering: Constantly

Lift / Carry Requirements

+ 5-10 lbs: Occasionally

+ 10-25 lbs: Occasionally

+ 25-50 lbs: Not Applicable

+ 50-75 lbs: Not Applicable

+ 75+ lbs: Not Applicable

Push / Pull Requirements

+ Up to 10 lbs: Occasionally

+ 10-25 lbs: Occasionally

+ 25-50 lbs: Not Applicable

+ 50-75 lbs: Not Applicable

+ 75+ lbs: Not Applicable

EOE including Vet/Disability

Click here for more information:Know Your Rights

Greenbrier makes reasonable accommodations in the application and hiring process for individuals with known disabilities, unless providing accommodation would result in an undue hardship. Any applicant believing that he or she may need reasonable accommodation for any part of the application and hiring process should contact Greenbrier Human Resources at [email protected] or call us at 503-684-7000.

-----------------------------------------------------------------

Email communication from The Greenbrier Companies (Greenbrier) will always come from a corporate email address that ends in @gbrx.com or from our applicant tracking system, iCIMS, after you have created a secure account and submitted your application. During the application process, you will create a secure account in our secure applicant tracking site that ends with “-gbrx.icims.com”. In this portal, we will ask you to provide your contact information, past employment history, education history and other job-related information.

**Job Locations** _US-TX-Home Office | US-OR | US-MO_

**ID** _2025-3847_

**Company** _Greenbrier Leasing Company LLC_

**Position Type** _Regular Full-Time_

**Category** _Engineering_

**Workplace Type** _Remote_