Identity and Access Engineer (f/m/d), 100%

To drive our continuous organic growth, we are constantly looking for highly qualified professionals. To strengthen our team in the Global IT, Security and Compliance (S&C) department, we are seeking an experienced IAM & Access Control Engineer (f/m/d), 100%. Reporting to the Head of Security Operation and Architecture and working within the CISO organization, you will reinforce the existing IAM platform ownership and management capabilities. This role complements and reinforces the existing IAM platform capabilities by bringing additional depth in access control enforcement, privileged access hardening and Zero Trust implementation.

Our Identity team operates the One Identity platform and Microsoft Entra ID as the central control layer governing authentication, authorization, and privileged access across IT, OT, laboratory, and cloud environments.

You will strengthen our identity governance capabilities with a strong focus on One Identity Manager, while contributing to access control enforcement and the evolution of our identity security model.

Your tasks:

This role focuses on identity governance and platform engineering rather than operational access request handling:

• Operate, extend and optimize the One Identity platform by onboarding new applications and entitlements into the governance model.
• Design, implement and optimize identity governance workflows, role models and target system integrations within One Identity Manager.
• Collaborate with external developers and internal stakeholders to evolve and maintain the One Identity platform.
• Improve identity data quality, reconciliation processes and entitlement structures.
• Support the design and implementation of Conditional Access policies in Microsoft Entra ID and contribute to authentication hardening initiatives.
• Integrate applications into SSO (SAML/OIDC) and standardize strong authentication mechanisms (MFA, step-up authentication).
• Support the implementation of Privileged Access and PIM capabilities as part of the broader identity security roadmap.
• Contribute to the organization's Zero Trust journey by enforcing least-privilege principles and improving governance of human and non-human identities.
• Reduce permanent administrative privileges and implement time-bound, approval-based privileged access workflows.
• Secure service accounts and non-human identities and eliminate legacy authentication patterns.
• Align technical entitlements with business role models and support segregation-of-duties enforcement.
• Identify and remediate excessive permissions, privilege persistence and legacy authentication risks.
• Automate access enforcement, remediation workflows and identity-related security controls.
• Collaborate with IT, OT and business stakeholders to harden authentication patterns across infrastructure, cloud and production systems.
• Support audits and compliance initiatives by ensuring enforceable and demonstrable access governance controls (ISO 27001, GxP, NIS2).
• Contribute to identity security architecture decisions and challenge legacy access patterns.
• Act as a security advocate to promote modern, user-friendly access controls balancing usability, compliance and risk reduction.

Your profile :

• Education:

• • Bachelor's or Master's degree in Information Security, Computer Science, or Engineering

• Experience:
  • Hands-on experience with Identity Governance platforms (preferably One Identity Manager).
  • Strong experience designing workflows, role models and integrations in IGA environments.
  • Experience with Microsoft Entra ID and Conditional Access is a strong advantage.
  • Experience implementing or supporting Privileged Access / PIM programs.
  • Strong understanding of identity security risks (privilege escalation, legacy authentication, service account exposure).
  • Knowledge of security frameworks and standards (ISO 27001, NIST, CIS, MITRE ATT&CK).
  • Experience reducing identity-based lateral movement risks and understanding of hybrid AD / Entra attack surface
  • Ability to work in complex identity environments and progressively expand into adjacent domains such as access control enforcement and privileged access.
  • Excellent communication skills to collaborate with IT, OT, and business stakeholders.
  • Analytical mindset with problem-solving ability.
  • Relevant certifications are a plus (e.g., GCIA, GCIH, GCED, Azure Security Engineer, CISSP, Security+)

• Skills & Competencies:
  • Identity Governance (IGA) process and data model understanding (One Identity or similar IGA platforms)
  • Microsoft Entra ID and Conditional Access policy management
  • Privileged Identity Management / Privileged Access concepts
  • SSO Federation (SAML, OIDC, OAuth2)
  • Active Directory / Hybrid identity environments
  • PowerShell / API automation
  • Cloud identity (Azure, AWS, SaaS environments)
  • Understanding of regulated environments (GxP, pharmaceutical, manufacturing) desirable

Our offer:

• A dynamic and rapidly growing work environment with internal development opportunities
• Flexible working hours with home office days and an option for obtaining additional vacation days through workload reduction
• Employee development through numerous internal and external training opportunities
• 60% coverage of pension fund contributions by Bachem AG as well as option for extra-mandatory pension provision with our Pension Plan Plus
• Access to the Swibeco benefits platform with discounts from external partners
• Fresh, healthy and varied food in our staff restaurant
• A wide range of free sports activities on the Bachem Campus

Would you like to drive innovation and growth together with us?

We look forward to receiving your complete application documents via our application portal.

Learn more about the Bachem Group and get inspired by our exciting work environment at our location in Bubendorf!