Identity & Access Management Engineer

About The Position

Requirements

• 3+ years of experience in an IAM, identity engineering, or Microsoft 365 administration role
• Hands-on expertise with Microsoft Entra ID (Azure AD); user/group management, Conditional Access, PIM, and SSO
• Solid understanding of modern authentication protocols: OAuth 2.0, OpenID Connect, SAML 2.0
• Experience with Microsoft Entra Connect / hybrid identity synchronization
• Proficiency in PowerShell and Microsoft Graph API for identity automation and reporting
• Familiarity with Zero Trust security principles and frameworks (NIST SP 800-207 or equivalent)
• Strong written and verbal communication skills; able to document and explain technical concepts to non-technical stakeholders

Nice To Haves

• Bachelor’s degree in computer science, business administration, or related discipline; equivalent experience may be considered.
• Experience with M365 cross-tenant migrations and identity considerations during tenant consolidation
• Microsoft certifications: SC-300 (Identity & Access Administrator Associate), SC-900, AZ-104, or MS-102
• Familiarity with Microsoft Entra ID Governance (access reviews, entitlement management, lifecycle workflows)
• Experience with Intune / Autopilot device management and device-based Conditional Access policies
• Exposure to Microsoft Defender for Identity and Defender for Cloud Apps (CASB)
• Understanding of ITAM and ITSM processes as they relate to user and device lifecycle management

Responsibilities

• Administer and mature Microsoft Entra ID as the authoritative identity provider for all Loenbro users, devices, and applications
• Lead the hybrid-to-cloud identity migration; transitioning from Active Directory sync (Entra Connect) to cloud-native identity with no on-prem dependency
• Manage user lifecycle processes including provisioning, deprovisioning, role assignments, and access reviews
• Design and enforce attribute-based and role-based access control (ABAC / RBAC) models aligned to Loenbro's business units
• Implement and manage Privileged Identity Management (PIM) for just-in-time elevation of administrative roles
• Design and enforce Conditional Access policies enforcing MFA, device compliance, location, and risk-based signals
• Manage Microsoft Entra ID Protection; tuning risk policies and responding to detected compromised identities
• Maintain a Zero Trust access model: verify explicitly, use least privilege, assume breach
• Lead the transition from point solutions to a consolidated Microsoft Security Stack
• Administer identity-related components of the M365 security suite including Entra ID P2, Defender for Identity, and Defender for Cloud Apps (CASB)
• Integrate SaaS and enterprise applications with Entra ID using SAML, OIDC, and OAuth 2.0 protocols
• Configure and maintain Microsoft Entra External ID and B2B collaboration settings for partner and contractor access
• Support cross-tenant migration activities; managing identity dependencies during M365 tenant consolidation efforts
• Conduct periodic access reviews and certifications using Entra ID Governance / Identity Governance
• Develop and maintain IAM policies, standards, and procedures in alignment with CISO directives and regulatory requirements
• Produce audit-ready reporting on access, policy compliance, privileged account usage, and identity risk
• Partner with the CISO on identity-related risk assessments and remediation plans
• Automate IAM workflows using PowerShell, Microsoft Graph API, and Logic Apps
• Integrate Intune / Autopilot device enrollment with Entra ID device compliance policies
• Collaborate with Tier 2 and Tier 3 support teams as the IAM subject matter expert for escalation and resolution
• Document configurations, runbooks, and architecture decisions in the IT knowledge base

Benefits

• Medical, dental, and vision insurance
• 401(k) retirement plan with company match
• Paid time off (PTO) and holiday pay
• Life and disability insurance
• Professional development and training opportunities
• Employee assistance program (EAP)