Lead, Identity Engineer

KLA is a global leader in diversified electronics for the semiconductor manufacturing ecosystem. Virtually every electronic device in the world is produced using our technologies. No laptop, smartphone, wearable device, voice-controlled gadget, flexible screen, VR device or smart car would have made it into your hands without us. KLA invents systems and solutions for the manufacturing of wafers and reticles, integrated circuits, packaging, printed circuit boards and flat panel displays. The innovative ideas and devices that are advancing humanity all begin with inspiration, research and development. KLA focuses more than average on innovation and we invest 15% of sales back into R&D. Our expert teams of physicists, engineers, data scientists and problem-solvers work together with the world’s leading technology providers to accelerate the delivery of tomorrow’s electronic devices. Life here is exciting and our teams thrive on tackling really hard problems. There is never a dull moment with us.

The Information Technology (IT) group at KLA is involved in every aspect of the global business. IT’s mission is to enable business growth and productivity by connecting people, process, and technology. It focuses not only on enhancing the technology that enables our business to thrive but also on how employees use and are empowered by technology. This integrated approach to customer service, creativity and technological excellence enables employee productivity, business analytics, and process excellence.

Job Description/Preferred Qualifications

Key Responsibilities

• Implement and administer Privileged Identity Management (PIM) for roles, groups, and resource access.
• Configure just-in-time (JIT) access, approval workflows, access reviews, and privileged role activation policies.
• Engineer secure lifecycle management for privileged identities across AD and Azure environments.
• Integrate PIM with SaaS, on-premise  applications and PaaS platforms like AWS, GCP and Azure.
• Integrate PIM with hybrid identity components (AD Connect, Conditional Access, MFA, etc.).
• Enforce least privilege, segregation of duties, and Zero Trust principles.
• Manage privileged roles, tiered administration models, and Group Policy configurations in Active Directory.
• Develop standards, playbooks, and governance models for privileged access management.
• Conduct access reviews, audits, and compliance reporting (SOX, ISO 27001, PCI, etc.).
• Monitor privileged access activities and collaborate with security teams on incident response.
• Automate identity and PIM workflows using PowerShell, APIs, or automation platforms.
• Streamline onboarding/offboarding of privileged accounts across cloud and on‑prem environments.
• Implement continuous improvement to reduce manual processes and strengthen controls.
• Serve as technical SME for privileged identity control design and best practices.
• Partner with cloud, IAM, security operations, and infrastructure teams to support enterprise initiatives.
• Provide documentation, knowledge transfer, and mentorship for internal teams.

Minimum Qualifications

• 5+ years of experience in Privileged Identity Management and IAM.
• Strong hands-on expertise with:
  • PIM products like CyberArc or similar
  • Active Directory / Group Policy
  • Azure AD / Entra ID
• Solid understanding of identity governance, Zero Trust, RBAC, and privileged access models.
• Experience with PowerShell scripting and automation.
• Familiarity with Conditional Access, MFA, and hybrid identity architectures.
• Microsoft Certified: Identity and Access Administrator (SC-300)
• Azure Administrator (AZ‑104) or Security Engineer (AZ‑500) certifications
• Experience with additional privileged access tools (CyberArk, BeyondTrust, etc.)
• Understanding of cloud security frameworks and IAM for Azure, AWS, or GCP
• Strong analytical and problem-solving abilities
• Excellent communication and documentation skills
• Ability to work independently and lead identity-focused initiatives
• Collaborative mindset with cross-functional teams

We offer a competitive, family friendly total rewards package. We design our programs to reflect our commitment to an inclusive environment, while ensuring we provide benefits that meet the diverse needs of our employees.

KLA is proud to be an equal opportunity employer

Be aware of potentially fraudulent job postings or suspicious recruiting activity by persons that are currently posing as KLA employees.  KLA never asks for any financial compensation to be considered for an interview, to become an employee, or for equipment. Further, KLA does not work with any recruiters or third parties who charge such fees either directly or on behalf of KLA. Please ensure that you have searched KLA’s Careers website for legitimate job postings.  KLA follows a recruiting process that involves multiple interviews in person or on video conferencing with our hiring managers.  If you are concerned that a communication, an interview, an offer of employment, or that an employee is not legitimate, please send an email to [email protected] to confirm the person you are communicating with is an employee. We take your privacy very seriously and confidentially handle your information.