Sr. Identity and Access Management Engineer

About The Position

Requirements

• Proven technical experience implementing and managing enterprise Single Sign-On (SSO) solutions in Microsoft Entra ID (Azure AD).
• Strong hands-on experience with authentication and federation protocols including SAML 2.0, OAuth 2.0, OpenID Connect (OIDC), and SCIM.
• Experience configuring and managing Multi-Factor Authentication (MFA) solutions (Duo and/or Microsoft Authenticator preferred).
• Working knowledge of Conditional Access Policy design and implementation within Azure.
• Experience with Azure App Registrations, service principals, and API permission management.
• Proficiency in PowerShell scripting and experience leveraging Microsoft Graph API for automation and identity management tasks.
• Strong troubleshooting skills related to authentication flows, token issuance, federation errors, and provisioning integrations.
• Excellent communication and collaboration skills with the ability to work cross-functionally across security, infrastructure, development, and governance teams.

Nice To Haves

• Microsoft certifications (e.g., SC-300: Identity and Access Administrator Associate).
• Experience with identity governance platforms (e.g., SailPoint) and privileged access management tools (e.g., CyberArk).
• Experience supporting enterprise MFA migrations or modernization initiatives.
• Familiarity with compliance frameworks such as SOX, HIPAA, or other regulated industry requirements.

Responsibilities

• Lead the design, implementation, and ongoing management of enterprise Single Sign-On (SSO) integrations within Microsoft Entra ID (Azure AD), including SAML, OAuth, and OpenID Connect (OIDC) configurations.
• Configure and manage application provisioning integrations using SCIM and Just-In-Time (JIT) methodologies, including attribute mappings, profile transformations, and lifecycle alignment with upstream identity sources.
• Manage and evolve the organization’s Multi-Factor Authentication (MFA) strategy. Ensure secure configuration, policy enforcement, and user experience optimization.
• Assist in the configuration and ongoing management of Conditional Access Policies, including risk-based access controls, device compliance requirements, location-based controls, and Zero Trust alignment.
• Support and manage Azure App Registrations in alignment with enterprise standards, including delegated and application permissions, client secrets/certificates, API exposure, and service principal configurations.
• Partner closely with the Identity Governance (IGA) and Privileged Access Management (PAM) teams to ensure SSO integrations, application onboarding, access provisioning, and privileged access controls are properly aligned.
• Troubleshoot authentication, federation, and token-related issues across SAML/OIDC flows, performing root cause analysis and implementing durable engineering solutions.
• Drive automation and process improvement initiatives using PowerShell, Microsoft Graph API, and related tools to enhance operational efficiency and scalability.
• Develop and maintain comprehensive knowledge articles, architecture diagrams, and SOPs related to SSO, MFA, Conditional Access, and Azure identity configurations.
• Stay current on emerging identity security threats, authentication standards, and Microsoft roadmap updates to proactively strengthen enterprise authentication posture.

Benefits

• Zelis’ full-time associates are eligible for a highly competitive benefits package as well, which demonstrates our commitment to our employees’ health, well-being, and financial protection.
• The US-based benefits include a 401k plan with employer match, flexible paid time off, holidays, parental leaves, life and disability insurance, and health benefits including medical, dental, vision, and prescription drug coverage.