IAM Engineer

Our client is seeking an IAM Engineer, experienced in AWS IAM, Microsoft Active Directory and Microsoft Entra ID. This role will be reporting to the Sr. IAM Architect, assisting the Identity Management team with design, configuration, deployments, and operations in areas of IAM and IDP resiliency. Candidate must have strong experience with AWS IAM, Active Directory Domain Services, Microsoft Entra ID, and related components.

Responsibilities:

• The Identity & Access Management Engineer is a hands-on role to design, support, troubleshoot and extend the Identity and Authentication services.
• Serve as team subject matter expert for ADDS and Microsoft Entra ID.
• Architect authentication policies and best practices and deploy them across IDPs.
• Automate IAM processes.
• Create and manage AWS/Azure/ADDS IAM policies, roles, identity federation, etc.
• Implement strategic enhancements to both on-premises and cloud directory environments.
• Provide advanced design and engineering functions in coordination with the product owners for the following skillset areas: Directory Services, IGA, PAM, Windows, Linux, and automation/scripting.
• Perform Proofs of Concepts (PoCs) to assess and identify the technologies per the needs of the organization.
• Interpret policies and standards with InfoSec, Risk and Compliance teams, ensuring IAM control solutions properly follow all policies and standards.
• Develop and document IAM policies, procedures, standards, and guidelines.
• Analyzes, logs, tracks, and resolves complex software/hardware matters of significance pertaining to Enterprise Identity and Access Management products, especially Active Directory and Microsoft Entra ID (Azure Active Directory).
• Assist in managing Identity Governance, including PAM and Access Reviews.

Requirements:

• Bachelor’s degree in Computer Science or an equivalent combination of education and experience.
• 5+ years technical experience implementing Enterprise Identity and Access Management (EIAM), Privileged Access Management (PAM) or other related security solutions (AWS IAM, Microsoft Entra ID, Active Directory and Saviynt). This must include 2+ years’ experience with AWS and Microsoft Entra ID (Azure Active Directory)..
• 5 years technical architecture experience integrating multi-tiered applications, LDAP, and directory services, application servers, network infrastructure, and understanding security and dataflow within these components.
• Strong experience with Active Directory and Entra ID design, implementation, and support.
• Forest / domain recovery processes.
• Experience configuring Kerberos and authentication techniques for Linux and other non-Windows platforms.
• Experience with configuring and deploying authentication technologies including SAML, OAUTH, OIDC, and LDAP.
• Experience with SCIM REST API web services architectures.
• Experience with other cloud providers such as AWS or GCP a plus
• Solid communication skills, both written and verbal. Able to create, discuss, and explain technical documentation, clearly and concisely to a variety of audiences, including those of limited technical experience.
• A collaborative team player who is also comfortable being an individual contributor
• Thrives in a fast-paced continuously growing environment