Identity & Access Management (IAM) Engineer – Enterprise Technology Infrastructure

Hines•Houston, TX

About The Position

When you join Hines, you will embark on a career journey fueled by vision and guided by leaders who set the standards of our industry. Our legacy is rooted in innovation and excellence, earning us a spot on Fast Company’s esteemed annual list of the World’s Most Innovative Companies, as well as recognition as one of U.S. News & World Report’s Best Companies to Work For in 2024. Discover endless opportunities to grow and make your mark at Hines. As a Identity & Access Management (IAM) Engineer – Enterprise Technology Infrastructure with Hines, you will support, modernize, and continuously improve our enterprise identity and access infrastructure of the firm. This role will focus on Entra ID (Azure AD) and Active Directory, with additional responsibility supporting enterprise messaging platforms including Microsoft 365 (Exchange Online and Hybrid) and secure email gateways.The ideal candidate brings a strong AI-first mindset, proactively leveraging AI tools and automation to enhance operational efficiency, strengthen security posture, and elevate the end-user experience. This role is not just about maintaining identity systems—it’s about rethinking how identity and access are managed through intelligent tooling, automation, and continuous optimization.

Requirements

Bachelor's degree from an accredited institution
Five or more years of experience in Identity & Access Management and enterprise IT environments
Strong expertise in: Entra ID (Azure AD)
Active Directory (on-premises)
Hands-on experience with Conditional Access, MFA, SSO, and RBAC
Experience supporting Microsoft 365 / Exchange environments
Familiarity with email security solutions (e.g., Cisco IronPort or similar)
Strong PowerShell scripting skills for automation
Solid understanding of identity security principles (Zero Trust, least privilege)
Proven ability to troubleshoot complex identity and access issues
Experience with identity governance and access review processes
Hands-on experience with Privileged Identity Management (PIM) and privileged access strategies
Familiarity with Microsoft security and compliance tools
Experience implementing or supporting AI tools in IT operations
Hands-on experience with Microsoft Copilot or similar AI platforms
Knowledge of email authentication and security best practices
Relevant certifications (Microsoft 365, Azure, Security, etc.)

Responsibilities

Administer and optimize Entra ID (Azure AD) and on-premises Active Directory
Design and implement identity solutions including: Configure and manage Single Sign-On (SSO) integrations in Entra ID for SaaS and enterprise applications (SAML, OIDC, OAuth)
Administer and maintain Enterprise Applications in Entra ID, including application onboarding, access assignment, and lifecycle management
Troubleshoot SSO, federation, and application authentication issues across internal and third-party platforms
Partner with application owners to design and implement secure, scalable authentication and authorization models
Manage and enforce Privileged Identity Management (PIM), including role activation, just-in-time access, and privileged access governance
Manage identity lifecycle processes (joiner, mover, leaver)
Implement and enforce least privilege access and role-based access control (RBAC)
Troubleshoot complex authentication, federation, and directory-related issues
Support directory synchronization and hybrid identity configurations
Apply Zero Trust principles across identity and access controls
Monitor, investigate, and respond to identity-related threats and anomalies
Support access reviews, certifications, and identity governance initiatives
Partner with security and compliance teams on audit readiness, risk mitigation, and policy enforcement
Support Microsoft 365 (Exchange Online) environments and core messaging functionality
Assist with troubleshooting mail flow issues and email-related incidents
Maintain awareness of email security controls and authentication standards (SPF, DKIM, DMARC)
Apply an AI-first approach to problem solving, leveraging tools such as Microsoft Copilot and AI-assisted scripting to accelerate analysis and resolution
Design and implement automation solutions to reduce manual effort and improve reliability (PowerShell, workflows, orchestration tools)
Use AI to enhance troubleshooting, anomaly detection, and root cause analysis
Identify and lead opportunities to embed AI across identity, messaging, and security operations
Stay current on emerging AI capabilities within Microsoft 365, Azure, and enterprise IT ecosystems and translate them into practical use cases
Create and maintain clear, structured technical documentation for systems, processes, and configurations
Develop architecture and process diagrams using tools such as Microsoft Visio (or similar) to illustrate identity flows, access models, and integrations
Ensure documentation reflects current-state and future-state designs to support scalability and knowledge transfer
Contribute to internal knowledge bases and operational runbooks
Work cross-functionally with security, infrastructure, and application teams
Proactively identify opportunities for system optimization, automation, and risk reduction
Continuously improve identity security posture and user access experience
Participate in on-call support rotation as needed