Sean Brandom
IAM Engineer
14 years in IT, with 5+ focused on identity governance and security engineering in regulated financial services. I build the identity infrastructure that survives the audit.
Experience
IAM Engineer Confidential
Jan 2025 - Present
Loyal Source Solutions (Government Contractor)
- IAM engineering for a federal government contract. Details limited due to security requirements
- Designing and implementing identity provisioning, access controls, and lifecycle automation in a regulated government environment
Security Engineer (IAM)
Oct 2020 - Dec 2024
Varo Bank, N.A., Draper, UT (Remote)
- Partnered with Okta to beta-test and deploy their Identity Governance (IGA) product for access certifications and access requests, configuring it for OCC regulatory requirements
- Led a 2-year, 30-project initiative to rebuild the bank's entire identity infrastructure, converting OCC regulatory direction into an executed technical roadmap
- Architected and implemented RBAC system in Okta Workflows that automatically provisions and revokes application access based on HR-sourced role attributes
- Decoupled Active Directory and replaced it with Okta as the primary directory service, migrating 30+ downstream dependencies
- Built 150+ Okta Workflows to automate joiner/mover/leaver processes, meeting PwC audit requirements for access controls, certifications, and timed access expiration
- Automated provisioning for 50+ applications via SCIM, OIDC, and JIT, plus 15 additional applications through custom REST API integrations
- Integrated BambooHR with Okta for automated user lifecycle management (onboarding, offboarding, role changes)
- Created 100+ SAML integrations for secure authentication and single sign-on across the application portfolio
- Managed application portfolio audit covering 200+ applications, establishing ownership and governance for each
System Administrator
Mar 2020 - Oct 2020
DISQO, El Monte, CA
- Only IT resource for a multinational company. Built the entire IT infrastructure from scratch
- Built software service catalog, asset management systems, and automation workflows
- Deployed and managed Jamf, CrowdStrike, and Jira across the organization
- Wrote all internal documentation for tooling, systems, and IT procedures
System Administrator
Feb 2018 - Feb 2020
Opus Interactive, Hillsboro, OR
- Managed hundreds of virtual machines across VMware vSphere environments on Windows, CentOS, and Ubuntu
- Maintained colocation infrastructure including HPE servers, fiber optics, and physical network equipment for clients including Cloudflare and Palo Alto
- Troubleshot network issues across VMs, pfSense firewalls, load balancers, and local routing
- Deployed and maintained customer-facing web applications via IIS and DirectAdmin
IT Service and Support
Jul 2012 - Feb 2018
Nike, Apple/Xerox, TVG (via vendor), Portland, OR
- Deskside, tech bar, and phone-based support across macOS, Windows, iOS, Android, and Ubuntu
- Ran a dedicated tech bar at Nike supporting corporate employees and executives
- Promoted 3 times at AppleCare (Xerox). Device provisioning via AirWatch, ticketing via ServiceNow and FreshService
Entrepreneurial Ventures
Access Narrative
iga.accessnarrative.com
IGA SaaS Platform / Founder & Developer
- Built a multi-tenant identity governance platform with schema-driven entity management, ABAC rule engine, and onboarding wizard
- Full-stack Next.js 15, Supabase, and TypeScript with row-level security, Zod validation, and Zustand state management
- Integrated Claude AI for access control recommendations and natural-language policy authoring
- Built a browser automation system (Puppeteer + Claude agent loop) for provisioning and deprovisioning users in apps that don't have APIs
Narrative Consulting
accessnarrative.com
Productized IGA Consulting / Founder (Oct 2022 - Present)
- Consulting practice focused on building audit-proof identity governance for fintechs and healthcare companies (300-500 employees, SOC 2 pressure)
- Built the entire business platform myself: marketing site, CRM, expense tracker, engagement lifecycle, and legal doc generation (SOW, MSA, NDA)
- Published 44 open-source Terraform modules across Okta, Okta IGA, Entra ID, and Google Workspace for infrastructure-as-code identity management
- Service offerings: Infrastructure Assessment ($3.5K), Governance Buildout ($8.5K), Hardening Sprint ($5K), Monthly Advisory ($1.5K/mo)
Technical Skills
IAM & Governance
Okta (Identity Engine, IGA, Workflows), RBAC/ABAC, SCIM, SAML, OIDC, JIT, Access Certifications
Compliance
SOC 2, FedRAMP, OCC, PwC Audits, Segregation of Duties
Development
TypeScript, Next.js, React, Node.js, Python, REST APIs, Zod, Zustand
Infrastructure
Terraform, Supabase, GCP, AWS, Docker, VMware vSphere, Vercel
Security & MDM
CrowdStrike, Jamf, Kandji, AirWatch, Tanium, pfSense
AI & Automation
Anthropic Claude SDK, Puppeteer, Okta Workflows, Browser Automation