Select how often (in days) to receive an alert:
Identity and Access Engineer (f/m/d), 100%
Bachem is a leading, innovation-driven company specializing in the development and manufacture of peptides and oligonucleotides. With over 50 years of experience and expertise Bachem provides products for research, clinical development and commercial application to pharmaceutical and biotechnology companies worldwide and offers a comprehensive range of services. Bachem operates internationally with headquarters in Switzerland and locations in Europe, the US and Asia. The company is listed on the SIX Swiss Exchange. For further information, see
To drive our continuous organic growth, we are constantly looking for highly qualified professionals. To strengthen our team in the Global IT, Security and Compliance (S&C) department, we are seeking an experienced IAM & Access Control Engineer (f/m/d), 100%. Reporting to the Head of Security Operation and Architecture and working within the CISO organization, you will reinforce the existing IAM platform ownership and management capabilities. This role complements and reinforces the existing IAM platform capabilities by bringing additional depth in access control enforcement, privileged access hardening and Zero Trust implementation.
Our Identity team operates the One Identity platform and Microsoft Entra ID as the central control layer governing authentication, authorization, and privileged access across IT, OT, laboratory, and cloud environments.
You will strengthen our identity governance capabilities with a strong focus on One Identity Manager, while contributing to access control enforcement and the evolution of our identity security model.
This role focuses on identity governance and platform engineering rather than operational access request handling:
* Operate, extend and optimize the One Identity platform by onboarding new applications and entitlements into the governance model.
* Design, implement and optimize identity governance workflows, role models and target system integrations within One Identity Manager.
* Collaborate with external developers and internal stakeholders to evolve and maintain the One Identity platform.
* Improve identity data quality, reconciliation processes and entitlement structures.
* Support the design and implementation of Conditional Access policies in Microsoft Entra ID and contribute to authentication hardening initiatives.
* Integrate applications into SSO (SAML/OIDC) and standardize strong authentication mechanisms (MFA, step‑up authentication).
* Support the implementation of Privileged Access and PIM capabilities as part of the broader identity security roadmap.
* Contribute to the organization’s Zero Trust journey by enforcing least‑privilege principles and improving governance of human and non‑human identities.
* Reduce permanent administrative privileges and implement time‑bound, approval‑based privileged access workflows.
* Secure service accounts and non‑human identities and eliminate legacy authentication patterns.
* Align technical entitlements with business role models and support segregation‑of‑duties enforcement.
* Identify and remediate excessive permissions, privilege persistence and legacy authentication risks.
* Automate access enforcement, remediation workflows and identity‑related security controls.
* Collaborate with IT, OT and business stakeholders to harden authentication patterns across infrastructure, cloud and production systems.
* Support audits and compliance initiatives by ensuring enforceable and demonstrable access governance controls (ISO 27001, GxP, NIS2).
* Contribute to identity security architecture decisions and challenge legacy access patterns.
* Act as a security advocate to promote modern, user‑friendly access controls balancing usability, compliance and risk reduction.
Your profile :
1. Education:
* Bachelor’s or Master’s degree in Information Security, Computer Science, or Engineering
2. Experience:
3. Hands‑on experience with Identity Governance platforms (preferably One Identity Manager).
4. Strong experience designing workflows, role models and integrations in IGA environments.
5. Experience with Microsoft Entra ID and Conditional Access is a strong advantage.
6. Experience implementing or supporting Privileged Access / PIM programs.
7. Strong understanding of identity security risks (privilege escalation, legacy authentication, service