Design and maintain IAM architecture across Microsoft Entra ID (Azure AD), Active Directory (on-prem), Microsoft 365, VPN and network authentication systems, Enterprise SaaS platforms (Salesforce, BC, etc.)
Implement and manage Single Sign-On (SSO) and federation (SAML, OAuth, OIDC)
Architect Conditional Access policies and Zero Trust controls
Implement and enforce MFA across all systems
Automate Joiner / Mover / Leaver (JML) processes integrated with HRIS
Build and maintain Role-Based Access Control (RBAC) framework
Implement access certification and periodic access reviews
Ensure timely deprovisioning and segregation of duties enforcement
Support M&A integrations (rapid identity consolidation within 30 days)
Deploy and manage privileged access controls (PIM, just-in-time access)
Enforce tiered admin model and privileged session monitoring
Reduce standing privileged access across all systems
Maintain break-glass account governance and monitoring
Support CMMC, NIST 800-171, and internal audit requirements
Maintain documentation for identity controls and audit evidence
Participate in risk assessments and control testing
Integrate identity logs with SIEM/SOC platform (e.g., Arctic Wolf)
Investigate anomalous login behavior and identity-based threats
Implement identity threat detection and response controls

Requirements

5+ years of experience in IAM, Identity Engineering, or Security Engineering
Strong hands-on experience with: Microsoft Entra ID (Azure AD), Active Directory (GPOs, OU design, hybrid identity), MFA and Conditional Access, SSO and federation protocols (SAML, OAuth, OIDC)
Experience with Privileged Identity Management (PIM/PAM)
Understanding of Zero Trust architecture principles
Experience supporting compliance frameworks (NIST, CMMC, SOC 2, ISO 27001)
PowerShell scripting and automation experience
Experience in hybrid cloud environment

Benefits

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

IAMIdentity EngineeringSecurity EngineeringMicrosoft Entra IDActive DirectoryMFAConditional AccessSSOSAMLOAuth

Soft Skills

risk assessmentcontrol testingdocumentation

Certifications

CMMCNIST 800-171SOC 2ISO 27001