Identity & Access Management (IAM) Engineer – Enterprise Technology Infrastructure

As an Identity & Access Management (IAM) Engineer, you will support, modernize, and continuously improve the enterprise identity and access infrastructure. This role focuses on Entra ID (Azure AD) and Active Directory, with additional responsibility supporting enterprise messaging platforms including Microsoft 365 (Exchange Online and Hybrid) and secure email gateways. The ideal candidate brings a strong AI-first mindset, proactively leveraging AI tools and automation to enhance operational efficiency, strengthen security posture, and elevate the end-user experience.

Responsibilities

Identity & Access Management

• Administer and optimize Entra ID (Azure AD) and on-premises Active Directory.
• Design and implement identity solutions, including Single Sign-On (SSO) integrations (SAML, OIDC, OAuth).
• Administer Enterprise Applications in Entra ID, including application onboarding, access assignment, and lifecycle management.
• Troubleshoot SSO, federation, and application authentication issues across internal and third-party platforms.
• Manage Multi-Factor Authentication (MFA), Conditional Access policies, and Identity Protection risk-based access controls.
• Enforce Privileged Identity Management (PIM), including role activation, just-in-time access, and privileged access governance.
• Manage identity lifecycle processes (joiner, mover, leaver) and implement least privilege access models.

Security & Compliance

• Apply Zero Trust principles across identity and access controls.
• Monitor, investigate, and respond to identity-related threats and anomalies.
• Support access reviews, certifications, and identity governance initiatives.
• Partner with security and compliance teams on audit readiness, risk mitigation, and policy enforcement.

Messaging & Email Infrastructure

• Support Microsoft 365 (Exchange Online) environments and core messaging functionality.
• Assist with troubleshooting mail flow issues and email-related incidents.
• Maintain awareness of email security controls and authentication standards (SPF, DKIM, DMARC).

AI-First Operations & Automation

• Apply an AI-first approach to problem solving, leveraging tools such as Microsoft Copilot and AI-assisted scripting.
• Design and implement automation solutions to reduce manual effort using PowerShell and orchestration tools.
• Use AI to enhance troubleshooting, anomaly detection, and root cause analysis.
• Identify and lead opportunities to embed AI across identity, messaging, and security operations.

Documentation & Collaboration

• Create and maintain clear, structured technical documentation and architecture diagrams using tools like Microsoft Visio.
• Work cross-functionally with security, infrastructure, and application teams.
• Participate in an on-call support rotation as needed.

Requirements

• Bachelor's degree from an accredited institution.
• Five or more years of experience in Identity & Access Management and enterprise IT environments.
• Strong expertise in Entra ID (Azure AD) and on-premises Active Directory.
• Hands-on experience with Conditional Access, MFA, SSO, and RBAC.
• Experience supporting Microsoft 365 and Exchange environments.
• Strong PowerShell scripting skills for automation.
• Solid understanding of identity security principles (Zero Trust, least privilege).
• Experience with Privileged Identity Management (PIM) and privileged access strategies.
• Familiarity with identity governance and access review processes.
• Experience implementing or supporting AI tools in IT operations, such as Microsoft Copilot or similar platforms.

Preferred Qualifications

• Familiarity with email security solutions (e.g., Cisco IronPort).
• Knowledge of email authentication and security best practices.
• Relevant certifications (Microsoft 365, Azure, Security, etc.).

Benefits

• Comprehensive training and professional development.
• Competitive compensation.
• Robust benefits package.
• Generous vacation packages.