Senior Identity and Access Engineer

About The Position

Requirements

• A bachelor's degree from a four-year college or university.
• 5 years of hands-on experience in Identity and Access Management / Identity Governance engineering roles.
• 5 years of experience with Cloud technologies (Azure, AWS, GCE) in a hybrid/multi-cloud identity environment.
• Solid understanding of identity federation protocols (SAML, OAuth, OpenID Connect) and access governance concepts.
• Problem-solving and analytical skills; ability to handle complex, time-sensitive incidents.
• Excellent communication skills and ability to collaborate across technical and non-technical stakeholders.
• Expertise in MS Active Directory (design, administration, Group Policy, replication, trusts, privileged access).
• Proficiency with MS Entra ID (conditional access, PIM, hybrid identity, SSO/MFA, entitlement management, access reviews).
• Advanced PowerShell scripting skills for automation, reporting, integrating, and administration of AD/Entra ID/SailPoint environments.
• Experience implementing and supporting SailPoint (Identity Now, IdentityIQ, or Identity Security Cloud), including custom workflows, rules, transforms, connectors, certifications, and integrations.
• Familiarity with security frameworks (NIST, Zero Trust, ISO 27001); compliance requirements (SOX, GDPR, HIPAA, etc.).
• Core back-end technologies (Microsoft Windows 2019 Server and above, Varonis, LDAP, Cloud Identity solutions, and related IAM software solutions), ISO 27001 principles.

Nice To Haves

• SailPoint Certified IdentityIQ Engineer / IdentityNow Administrator is preferred.
• PAM tools (e.g., CyberArk, Delinea) are a plus.

Responsibilities

• Respond to strategies provided by the Architecture and Engineering team and its management for implementation and oversight and will be called upon to resolve the highest-level technical issues.
• Partner with applicable teams to ensure secure, scalable, and compliant identity services.
• Develop innovative IAM strategies and take ownership of these through all phases.
• Deliver enterprise-wide IAM, identity governance, and authentication solutions in a hybrid cloud capacity.
• Design and implement lifecycle management automation for joiner, mover and leaver scenarios.
• Implement role-based access control (RBAC) and apply the concept of least-privilege.
• Provide programmatic solutions to include PowerShell, JSON, SQL, LDAP, and object-oriented languages for IAM systems.
• Collaborate with other IAM team members on system design, architecture, and strategies to provide high levels of customer satisfaction.
• Integrate enterprise applications for SSO and set up provisioning/offboarding.
• Lead key meetings including technical, cross-functional, and stakeholder meetings.
• Ensure Enterprise services and servers remain operational and monitor Active Directory, EntraID, and IAM services.
• Provide after-hours support as needed to address incidents, system maintenance.
• Create and maintain architecture and documentation for IAM systems.
• Represents the team during the audit and ISO 27001 certification process.
• Participate in on-call support rotation.

Benefits

• The firm will consider for employment qualified applicants with arrest and conviction records.
• Morgan Lewis reasonably accommodates applicants and employees who need them to perform the essential functions of the job because of disability, religious belief, or other reason protected by applicable law.