About Crossover Health

Crossover Health is creating the future of health as it should be. A national, team-based medical group with a focus on wellbeing and prevention that extends beyond traditional sick care, the company delivers an entirely new model of healthcare—Primary Health—built on the foundation of trusted relationships, an interdisciplinary care team approach, and outcomes-based payment. Crossover’s Primary Health model integrates primary care, physical medicine, mental health, health coaching, care navigation and more, and delivers care in surround-sound—in-person, virtually and via asynchronous messaging. Together we are building a community of members that embraces healthcare as a proactive part of their lifestyle.

Job Summary

This role will be responsible for building and operating Crossover’s enterprise Identity and Access Management (IAM) program. The Security Engineer (IAM) will focus on building and managing identity services that enable secure, seamless, and scalable user access across the organization. The ideal candidate will bring technical depth in identity systems such as Okta, a passion for automation, and a commitment to continuous improvement of access governance and lifecycle management.

Job Responsibilities

• Identity Platform Administration: Serve as the primary administrator for Okta and other IAM platforms, managing user identities, access policies, and integrations with internal and third-party applications.

• SSO / SAML Integrations: Design, configure, and maintain SSO and SAML/OIDC integrations to enable secure and efficient authentication for both internal and external users across SaaS and custom applications.

• Access Automation: Develop and deploy Okta Workflows and APIs to automate identity lifecycle events, access requests, access grants, and deprovisioning processes to ensure timely and compliant access control.

• Access Governance: Collaborate with Security, HR, and IT to implement access review programs and ensure role-based access control (RBAC), least privilege, and segregation of duties across the environment.

• Policy Enforcement: Translate security policies and compliance requirements into technical IAM controls and configurations, ensuring alignment with company policies and industry best practices.

• Incident Support: Support incident response and audit activities by providing identity-related data, analysis, and remediation recommendations for access-related events or anomalies.

• Documentation and Training: Maintain detailed documentation of identity systems, integrations, and workflows, and provide training and guidance to IT and business stakeholders on access management best practices.

Requirements

• 6+ years of experience in Information Security or IT with a focus on IAM

• 2+ years of hands-on experience administering Okta or equivalent enterprise IAM platforms

• Proven experience building and maintaining SSO/SAML/OIDC integrations

• Proficiency with Okta Workflows, Okta APIs, and automation using scripting (e.g., Python, PowerShell)

• Familiarity with modern authentication standards (SAML, OAuth2, OIDC, SCIM, MFA)

• Experience implementing RBAC, JIT provisioning, and lifecycle management across multiple environments

• Strong understanding of IAM principles, Zero Trust architecture, and security best practices

• Demonstrated ability to partner effectively across Security, IT, and HR functions

• Experience supporting audits, compliance reviews, or SOX/SOC2-related access controls

• Excellent communication, documentation, and problem-solving skills

• Ability to manage competing priorities in a dynamic, fast-paced environment

• Available to work after hours and weekends as needed

Preferred Qualifications

• Security related certifications, such as CISSP and/or other professional certifications

• Okta Certified Professional or Okta Certified Expert certification

• Experience with other IAM platforms (e.g., Azure AD, Ping Identity, ForgeRock, CyberArk, Saviynt, SailPoint)

• Experience with identity governance and access review tools or IGA implementations

• Familiarity with cloud platform IAM (AWS IAM, Azure AD, GCP IAM)

• Experience integrating identity data from HRIS and ITSM systems (e.g., Workday, ServiceNow)

• Experience with identity analytics and reporting for compliance and audit support

• Knowledge of infrastructure-as-code and automation frameworks (e.g., Terraform, GitHub Actions)

• Strong understanding of data privacy regulations (HIPAA, GDPR, CCPA) and their impact on identity management

The base pay range for this position is $110,817.00 to $149,603 per year. Pay range may vary depending on work location, applicable knowledge, skills, and experience. This position may be eligible for an annual bonus opportunity and comprehensive benefits package that includes Medical Insurance, Dental Insurance, Vision Insurance, Short- and Long-Term Disability, Life Insurance, Paid Time Off and 401K.

Crossover Health is committed to Equal Employment Opportunity regardless of race, color, national origin, gender, sexual orientation, age, religion, veteran status, disability, history of disability or perceived disability. If you need assistance or an accommodation due to a disability, you may email us at careers@crossoverhealth.com.

To all recruitment agencies: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.

#LI-Remote