Identity and Access Management (IAM) Engineer (DOA)

About The Position

Requirements

• Thorough knowledge of the principles, practices, and standards of Identity and Access Management (IAM), including authentication, authorization, and account lifecycle management.
• Knowledge of Active Directory and Azure Entra ID (formerly Azure AD) administration, including Group Policy, OU design, replication, synchronization, and federation.
• Knowledge of Multi-Factor Authentication (MFA), Conditional Access, and Privileged Identity Management (PIM) concepts within modern Zero Trust architectures.
• Knowledge of SAML, OAuth 2.0, and OpenID Connect protocols and their use in federated identity and Single Sign-On (SSO) solutions.
• Knowledge of security principles aligned with NIST CSF 2.0, NIST SP 800-53 (Moderate), and Zero Trust Architecture (NIST SP 800-207) frameworks.
• Knowledge of data privacy and regulatory compliance requirements applicable to identity systems, including State, Federal, and agency-specific mandates.
• Knowledge of common cybersecurity threats, vulnerabilities, and attack methods targeting identity infrastructure, such as Pass-the-Hash, Golden Ticket, and credential replay.
• Knowledge of Directory synchronization tools such as Azure AD Connect, and identity governance tools used for provisioning and audit.
• Knowledge of change management and configuration control processes for enterprise identity systems.
• Knowledge of the fundamentals of incident response, access certification, and audit remediation.
• Skill in administering hybrid identity environments that integrate on-premises AD, cloud-based Entra ID, and SaaS applications like Workday.
• Skill in design and maintenance of role-based access control (RBAC) models that reflect business functions and separation of duties.
• Skill in automating identity management tasks using PowerShell, Python, or equivalent scripting language.
• Skill in reviewing and interpreting logs from directory services, authentication systems, and cloud security tools for anomalies.
• Skill in documenting system configurations, workflows, and policy enforcement mechanisms in clear and auditable form.
• Skill in communicating technical information effectively to non-technical staff, agency partners, and executive leadership.
• Ability to analyze, plan, and implement identity security improvements across a complex, multi-agency enterprise environment.
• Ability to apply sound judgment and independent decision-decision-making to resolve operational and security challenges within delegated authority.
• Ability to work collaboratively with cybersecurity, IT operations, HR, and procurement teams to maintain consistent identity governance processes.
• Ability to prioritize tasks and manage multiple projects with attention to deadlines, accuracy, and compliance.
• Ability to maintain confidentiality of sensitive security and personnel data while ensuring accountability and transparency.
• Ability to stay current with emerging IAM technologies, threat intelligence, and best practices to continuously improve statewide identity posture.
• Graduation from a college or university with a bachelor’s degree in computer science, information technology, cybersecurity, or a closely related field and maintain continuing education in identity security, access governance, and cybersecurity trends.
• Considerable employment in systems administration, directory services management, or cybersecurity engineering, with demonstrated experience managing Active Directory, Azure Entra ID (P2), and associated identity and access management technologies.
• Participate in professional inter-agency working groups, and statewide cybersecurity exercises to ensure continued competency and operational readiness.
• Possession of one or more of the following certifications, or the ability to obtain within a reasonable period after appointment: Microsoft Certified: Identity and Access Administrator Associate (SC-300), Certified Information Systems Security Professional (CISSP), GIAC Certified Windows Security Administrator (GCWN) or GIAC Enterprise Defender (GCED), or equivalent cloud identity certification.

Responsibilities

• Perform, organize, direct, and coordinate the planning, administration, and maintenance of the State’s identity and access management systems.
• Oversee the secure integration of user authentication, authorization, and provisioning processes across on-premises and cloud platforms, including Active Directory, Azure Entra ID P2, and Workday ERP.
• Serve as the technical lead and subject matter expert (SME) for all IAM technologies and processes across the executive branch.
• Administer and optimize systems like Active Directory (on-prem) and Microsoft Entra ID P2, including Conditional Access, SSO (SAML/OIDC), MFA, and Identity Governance features.
• Lead identity governance integration with Workday, supporting role-based provisioning and access control for ERP users.
• Develop and enforce IAM standards, policies, and procedures in alignment with state and federal cybersecurity frameworks (e.g., NIST 800-53, CJIS, IRS 1075).
• Coordinate identity lifecycle processes (joiner/mover/leaver) and drive automation for provisioning, deprovisioning, and access recertification.
• Collaborate with the Security vertical, technology colleagues, and application owners to support Zero Trust Architecture implementation.
• Lead IAM support during internal and external audits and participate in risk assessments related to access controls.
• Track and report on IAM metrics, anomalies, and compliance trends to inform dashboards and executive briefings.
• Mentor and support IAM technicians and coordinate with external vendors or integrators as needed.
• Maintain accurate documentation, architectural diagrams, and system runbooks.
• Complete other related work tasks as required to align with evolution of supported processes, technologies, or organizational strategy.

Benefits

• State of Rhode Island employee benefits
• Direct deposit for all employees