Identity and Access Engineer (a), 100% — Bachem AG
CHF 62'000 - 94'000
Bachem AG · Bubendorf (BL)
- Location
- Bubendorf
- Contract
- full-time
- Posted
- 56 days ago
SalaryCHF 62'000 - 94'000
Role overview
To drive our continuous organic growth, we are constantly looking for highly qualified professionals.
To strengthen our team in the Global IT, Security and Compliance (S&C) department, we are seeking an experienced IAM & Access Control Engineer (a), 100%.
- To drive our continuous organic growth, we are constantly looking for highly qualified professionals.
- To strengthen our team in the Global IT, Security and Compliance (S&C) department, we are seeking an experienced IAM & Access Control Engineer (a), 100%.
Application process
- Operate, extend and optimize the One Identity platform by onboarding new applications and entitlements into the governance model.
- Design, implement and optimize identity governance workflows, role models and target system integrations within One Identity Manager.
- Collaborate with external developers and internal stakeholders to evolve and maintain the One Identity platform.
- Improve identity data quality, reconciliation processes and entitlement structures.
- Support the design and implementation of Conditional Access policies in Microsoft Entra ID and contribute to authentication hardening initiatives.
- Integrate applications into SSO (SAML/OIDC) and standardize strong authentication mechanisms (MFA, step-up authentication).
- Support the implementation of Privileged Access and PIM capabilities as part of the broader identity security roadmap.
Company and context
- Reporting to the Head of Security Operation and Architecture and working within the CISO organization, you will reinforce the existing IAM platform ownership and management capabilities.
- This role complements and reinforces the existing IAM platform capabilities by bringing additional depth in access control enforcement, privileged access hardening and Zero Trust implementation.
- Our Identity team operates the One Identity platform and Microsoft Entra ID as the central control layer governing authentication, authorization, and privileged access across IT, OT, laboratory, and cloud environments.
- You will strengthen our identity governance capabilities with a strong focus on One Identity Manager, while contributing to access control enforcement and the evolution of our identity security model.
- Your tasks: This role focuses on identity governance and platform engineering rather than operational access request handling:
- Contribute to the organization’s Zero Trust journey by enforcing least-privilege principles and improving governance of human and non-human identities.
- Reduce permanent administrative privileges and implement time-bound, approval-based privileged access workflows.
- Secure service accounts and non-human identities and eliminate legacy authentication patterns.
- Align technical entitlements with business role models and support segregation-of-duties enforcement.
- Identify and remediate excessive permissions, privilege persistence and legacy authentication risks.
Additional details
- Support audits and compliance initiatives by ensuring enforceable and demonstrable access governance controls (ISO 27001, GxP, NIS2).
Notes and original content
- Contribute to
