Identity & Access Management (IAM) Engineer

About The Position

Requirements

• 5+ years of experience in IAM, Identity Engineering, or Security Engineering
• Strong hands-on experience with:
• Microsoft Entra ID (Azure AD)
• Active Directory (GPOs, OU design, hybrid identity)
• MFA and Conditional Access
• SSO and federation protocols (SAML, OAuth, OIDC)
• Experience with Privileged Identity Management (PIM/PAM)
• Understanding of Zero Trust architecture principles
• Experience supporting compliance frameworks (NIST, CMMC, SOC 2, ISO 27001)
• PowerShell scripting and automation experience
• Experience in hybrid cloud environment

Responsibilities

• Design and maintain IAM architecture across: Microsoft Entra ID (Azure AD)
• Active Directory (on-prem)
• Microsoft 365
• VPN and network authentication systems
• Enterprise SaaS platforms (Salesforce, BC, etc.)
• Implement and manage Single Sign-On (SSO) and federation (SAML, OAuth, OIDC)
• Architect Conditional Access policies and Zero Trust controls
• Implement and enforce MFA across all systems
• Automate Joiner / Mover / Leaver (JML) processes integrated with HRIS
• Build and maintain Role-Based Access Control (RBAC) framework
• Implement access certification and periodic access reviews
• Ensure timely deprovisioning and segregation of duties enforcement
• Support M&A integrations (rapid identity consolidation within 30 days)
• Deploy and manage privileged access controls (PIM, just-in-time access)
• Enforce tiered admin model and privileged session monitoring
• Reduce standing privileged access across all systems
• Maintain break-glass account governance and monitoring
• Support CMMC, NIST 800-171, and internal audit requirements
• Maintain documentation for identity controls and audit evidence
• Participate in risk assessments and control testing
• Integrate identity logs with SIEM/SOC platform (e.g., Arctic Wolf)
• Investigate anomalous login behavior and identity-based threats
• Implement identity threat detection and response controls