Lead Identity Engineer

The group you’ll be a part of

The Global Information Systems Group is dedicated to the success of Lam through providing best-in-class and innovative information system solutions and services. Together, we support users globally with data, information, and systems to achieve their business objectives.   

The impact you’ll make

We are seeking a Lead Identity Engineer with deep, hands-on expertise in Saviynt Identity Cloud for SAP provisioning and integration with SAP GRC. This role is responsible for leading the design, development, and operation of identity lifecycle automation, SAP access governance, and risk-based access controls, including Segregation of Duties (SoD) and compliance workflows. This position is highly technical and developer-oriented, requiring the ability to build custom connectors, provisioning logic, and integrations between Saviynt, SAP systems, and SAP GRC. You will serve as the technical authority for SAP-related identity and GRC capabilities, partnering with IAM, SAP Security/Basis, GRC, and Audit teams to deliver secure, scalable, and compliant access management solutions.

What you’ll do

Saviynt Engineering & Platform Leadership

• Serve as the technical lead for Saviynt implementations and enhancements, with a strong emphasis on SAP IAS and GRC integration use cases.
• Establish engineering standards for Saviynt configuration, custom development, testing, deployment, and operational support.
• Design, build, and maintain Saviynt functionality, including:
  • Joiner/Mover/Leaver (JML) lifecycle automation.
  • Access request workflows with dynamic, risk-aware approvals.
  • Provisioning rules and event-driven logic.
  • Birthright and policy-based access.
  • Access certifications and recertification campaigns.

SAP Provisioning & Access Management

• Lead the design and implementation of automated SAP user and role provisioning using Saviynt.
• Build and maintain Enterprise Role and SAP access request catalogs aligned with role design and compliance policies.
• Ensure reliable deprovisioning and role cleanup to support least-privilege and audit requirements.
• Translate SAP security constructs into Saviynt models, including:
  • Enterprise and composite roles.
  • Profiles and authorization objects.
  • User types and license-relevant attributes.

What you'll do (continued)

Developer & Integration Engineering 

• Build and customize Saviynt connectors and integrations for SAP and SAP GRC, including:
  • API and out-of-the-box connector integrations.
  • File-based and event-driven provisioning patterns.
• Develop custom provisioning logic using Saviynt-supported scripting and rule frameworks to handle:
  • Complex role assignment logic.
  • Conditional access decisions.
  • Exception handling and retries.
• Design and implement programmatic integrations between Saviynt and SAP GRC, supporting:
  • Real-time or near-real-time risk evaluation.
  • Automated mitigation controls.
  • Closed-loop access request and fulfillment workflows.
• Troubleshoot complex cross-system issues involving Saviynt, SAP, SAP GRC, HR sources, and directories.

Integration & Data Engineering

• Ensure high-quality identity data through robust correlation rules, attribute mappings, and validation logic.
  Design monitoring, logging, and alerting for provisioning and GRC workflows.
• Lead integrations with:
  • Authoritative sources (HRIS).
  • Directories (AD / Entra ID / LDAP).
  • ITSM platforms (e.g., ServiceNow).

Delivery Leadership & Stakeholder Engagement

• Own technical delivery end to end, including requirements, design, build, testing, deployment, and steady-state operations.
• Act as the primary technical advisor for Saviynt IAM- and GRC-related initiatives.
• Mentor IAM engineers and administrators, and establish patterns and reusable components.
• Communicate effectively with Security Architecture, SAP Security/Basis, GRC, Compliance, and Internal Audit teams.

Who we’re looking for

• Minimum of 15 years of related experience with a Bachelor’s degree; or 12 years and a Master’s degree; or a PhD with 8 years experience; or equivalent experience.
• 7+ years of experience in Identity & Access Management / Identity Governance.
• Strong hands-on Saviynt experience, including advanced configuration and custom development.
• Proven expertise in SAP provisioning and access governance (ECC, S/4HANA, BW, SuccessFactors, or similar platforms).
• Ability to design and debug complex identity and GRC integrations across multiple platforms.
• Demonstrated experience with Saviynt GRC for SAP and/or SAP GRC Access Control, including:
  • SoD rule design and administration.
  • Risk analysis and mitigation.
  • GRC-driven approval workflows.
• Strong understanding of SAP security concepts, including:
  • Roles (single and composite), profiles, and authorization objects.

Preferred qualifications

• Deep hands-on experience with Saviynt GRC and SAP GRC configuration and operations.
• Experience integrating Saviynt with ServiceNow for access requests and fulfillment.
• Strong scripting and development skills (e.g., REST APIs, PowerShell, Python, SQL).
• Experience with cloud identity ecosystems (Entra ID / Azure AD, Okta, Ping).
• Familiarity with SAP licensing considerations tied to roles and user types.
• Saviynt and/or SAP Security / SAP GRC certifications.

Our commitment

We believe it is important for every person to feel valued, included, and empowered to achieve their full potential. By bringing unique individuals and viewpoints together, we achieve extraordinary results.

Lam Research ("Lam" or the "Company") is an equal opportunity employer. Lam is committed to and reaffirms support of equal opportunity in employment and non-discrimination in employment policies, practices and procedures on the basis of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex (including pregnancy, childbirth and related medical conditions), gender, gender identity, gender expression, age, sexual orientation, or military and veteran status or any other category protected by applicable federal, state, or local laws. It is the Company's intention to comply with all applicable laws and regulations. Company policy prohibits unlawful discrimination against applicants or employees.

Lam offers a variety of work location models based on the needs of each role. Our hybrid roles combine the benefits of on-site collaboration with colleagues and the flexibility to work remotely and fall into two categories – On-site Flex and Virtual Flex. ‘On-site Flex’ you’ll work 3+ days per week on-site at a Lam or customer/supplier location, with the opportunity to work remotely for the balance of the week. ‘Virtual Flex’ you’ll work 1-2 days per week on-site at a Lam or customer/supplier location, and remotely the rest of the time.

#LI-DM1