Identity Access Management & AI Governance Engineer Sr.

About The Position

Requirements

• Bachelor’s degree in Computer Science, Information Technology or related field; or equivalent combination of education and experience
• IAM Experience: 4+ years of engineering experience with Microsoft Entra ID, Active Directory Domain Services (AD DS), and Group Policy.
• Data Governance: Hands-on experience with Microsoft Purview (Information Protection, Data Lifecycle Management) and DLP.
• AI Security Knowledge: Understanding of how to secure non-human identities (workload identities) and govern access to Large Language Models (LLMs) within an enterprise.
• Technical Skills: Proficiency in PowerShell scripting for automation and Microsoft Graph API.
• Networking: Solid understanding of DNS, DHCP, and VPN as they relate to authentication flows.

Nice To Haves

• Certifications: SC-300 (Identity and Access Administrator), SC-400 (Information Protection Administrator).
• Experience configuring "Entra Verified ID" or decentralized identity standards.
• Previous experience implementing guardrails for Microsoft 365 Copilot.

Responsibilities

• Core IAM Operations: Manage and maintain Microsoft Entra ID (Azure AD) and on-premise Active Directory, including connect health, schema extensions, and trust relationships.  Development of auditing and reporting to business partners and stakeholders.
• Conditional Access: Design and enforce Conditional Access policies that specifically target high-risk sign-ins and restrict access to AI platforms based on device compliance and user location.
• SSO & Federation: Configure Enterprise Applications and SAML/OIDC integrations, ensuring strict authentication standards for third-party AI tools and SaaS platforms.
• AI Access Governance: Implement entitlement management and access reviews to strictly control which users and groups have access to generative AI tools (e.g., Microsoft Copilot, ChatGPT Enterprise).
• Non-Human Identity Management: Secure and govern Service Principals, Managed Identities, and API tokens used by AI agents and automated workflows to prevent unauthorized privilege escalation.
• Data Labeling (Purview): Configure Microsoft Purview sensitivity labels and Data Loss Prevention (DLP) policies to prevent AI tools from ingesting or surfacing Restricted/Confidential internal data.
• Privileged Identity Management (PIM): Enforce Just-In-Time (JIT) access for administrative roles and monitor for unauthorized elevation of privileges related to AI infrastructure.
• Audit & Compliance: Monitor sign-in logs and audit trails for anomalous behavior involving AI applications, ensuring compliance with internal security frameworks.
• Lifecycle Management: Automate provisioning and de-provisioning workflows to ensure immediate revocation of access to AI tools upon employee departure.
• Coach team members on best practices in identity and access management, fostering a culture of security awareness and compliance

Benefits

• 401(k) Plan: Dollar-for-dollar match up to 5% after 90 days, with 100% vesting.
• Employer-Paid Coverages: Group term life, short- and long-term disability insurance.
• Comprehensive Health Coverage: Medical, vision, dental, with additional dependent coverage options.
• Free Health Tracking: With rewards for meeting health goals.
• Generous PTO: 120 hours accrued within the first year.
• Employee Referral Bonus: For referring talented candidates.
• Career Development: Tuition reimbursement and professional growth opportunities.
• Exclusive Discounts: Access to partner and marketplace discounts.
• Community & Engagement: Company and employee clubs at various locations.