IAM Engineer

The IAM Engineer will support the design, implementation and ongoing operations of core enterprise identity and access management and PKI certificate systems. This role will be 3 days onsite in NYC and the remaining remote, with the exception of the first two weeks of training which will be 4 days onsite. Essential Job Duties & Responsibilities Administer and support Active Directory and Microsoft Entra ID environments, including users, groups, organizational units, and access policies. Support identity lifecycle processes including provisioning, modification, and account termination. Manage and support authentication protocols and systems including Kerberos, LDAP, SAML, and MFA platforms Onboard applications to SSO platforms Administer enterprise PKI (public key infrastructure), including certificate issuance, renewal, revocation, and support Assist in the design, maintenance, and testing of role-based access and entitlements across infrastructure and applications. Assist with periodic access reviews and certification campaigns. Implement access requests according to established procedures and security policies, ensuring least privileged access. Provide Tier 1 & 2 support for IAM related issues, troubleshooting access problems and escalating complex issues to leadership. Create and maintain clear and concise documentation related to IAM processes, configurations, and troubleshooting steps. Assist with monitoring IAM systems for anomalies and generate reports on access activity. Participate in testing of IAM system updates, patches, and new features. Assist in the development and implementation of automation scripts to streamline IAM processes (e.g., PowerShell, Python). Work closely with other IT teams (Help Desk, Applications, Infrastructure, Information Security) to ensure seamless integration of IAM solutions. Education BA in Information Security, IT Systems Management, Computer Science, or related discipline, or equivalent experience Skills and Experience 7+ years of experience in IT or Information Security Expert understanding of IAM concepts including authentication, authorization, RBAC, and least privilege Strong hands-on experience working in Active Directory and Microsoft Entra ID environments Experience working with PKI and certificate lifecycle management systems Experience implementing federated identities and SSO integrations using SAML Understanding of authentication protocols including Kerberos, SAML, OAuth, OIDC, etc. Familiarity with operating systems (Windows, Linux) and networking fundamentals Understanding of zero-trust and modern security architectures Strong analytical and problem-solving skills Detail oriented with a focus on security and reliability Excellent communication and teamwork skills. Ability to learn quickly and adapt to new technologies. Preferred Security Certifications: Security+, CEH, CRISC, CISM, CISA, CISSP, CCNP Security, GIAC GSEC, and Microsoft Systems Developer training. Automation of security tasks (Python, C++, Java, Ruby, Bash etc) Salary Information NY Only: The estimated base salary range for this position is $160,000 to $180,000 at the time of posting. The actual salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. This role is exempt meaning it is not overtime pay eligible. Simpson Thacher will not sponsor applicants for work visas for this position. Privacy Notice For information about how Simpson Thacher & Bartlett LLP collects and processes your personal information, please refer to our Privacy Notice available at https://www.stblaw.com/other/privacy-notice . Simpson Thacher & Bartlett is committed to a collegial work environment in which all individuals are treated with respect and dignity. The Firm prohibits discrimination or harassment based upon race, color, religion, gender, gender identity or expression, age, national origin, citizenship status, disability, marital or partnership status, sexual orientation, veteran’s status or any other legally protected status. This Policy pertains to every aspect of an individual’s relationship with the Firm, including but not limited to recruitment, hiring, compensation, benefits, training and development, promotion, transfer, discipline, termination, and all other privileges, terms and conditions of employment. #LI-Hybrid