Senior Identity and Access Management Engineer

Senior Identity and Access Management Engineer

The Senior IAM Engineer will play a key role in designing, implementing, and operating enterprise identity and access management capabilities across Microsoft Entra  the organization’s credential management systems to include PKI. This role requires deep technical expertise, hands-on engineering experience, and the ability to translate business and security requirements into secure, automated identity controls.

1. Microsoft Entra Identity Services

• Design, implement, and maintain secure SSO integrations for SaaS and on-prem applications using SAML, OIDC, and OAuth
  2.
• Lead the automation of user provisioning and deprovisioning workflows via Entra  SCIM-based integrations.
• Develop and manage access reviews, entitlement management, and least-privilege policies using Microsoft Entra and Azure AD Identity Governance.
• Implement and maintain conditional access policies, MFA configurations, and group-based access controls.
• Collaborate with application owners and security teams to ensure consistent identity lifecycle management across hybrid cloud environments.

2. PKI and Credential Management

• Design, implement, and operationalize enterprise PKI infrastructure, including certificate authorities, registration authorities, and certificate templates.
• Enhance and automate certificate enrollment, renewal, and revocation workflows across servers, applications, and end-user devices.
• Integrate certificate-based authentication (CBA) with identity platforms and endpoint management systems.
• Develop policies and processes for credential issuance, rotation, and lifecycle management.
• Support audit and compliance requirements related to certificate and credential management.

Qualifications

• Bachelor’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
• 5–8 years of experience in IAM engineering or related security infrastructure roles.
• Deep knowledge of Microsoft Entra  (Azure AD), identity protocols (SAML, OIDC, OAuth2), and lifecycle management best practices.
• Experience implementing Entra  Governance features (access reviews, entitlement management, PIM).
• Strong expertise with PKI technologies (Microsoft ADCS, cloud-based CAs, HSM integration, CRLs, and certificate automation).
• Familiarity with modern credential management tools (e.g., Venafi, Keyfactor, Hashi Corp Vault, or Azure Key Vault).
• Hands-on scripting experience (Power Shell, Python, or similar) for automation and API integrations.
• Working knowledge of security and compliance standards such as NIST, ISO 27001, and Zero Trust Architecture.

Preferred Skills

• Experience with identity federation and hybrid cloud IAM architectures.
• Prior experience integrating Entra
  
  ID (or other IDP) with SAP GRC Access Management and/or SAP IAS.
• Knowledge of device identity, machine certificates, and code-signing processes.
• Strong troubleshooting and documentation skills.
• Strong Microsoft based skills as it relates to IAM.
• Relevant certifications such as Microsoft Certified:
  Identity and Access Administrator (SC-300), CISSP, or similar.

Success in this Role

• Streamlined identity life cycles with measurable improvements in provisioning efficiency and access compliance.
• Automated certificate management processes reducing human intervention and outages.
• Strengthened identity security posture aligned with Zero Trust principles.

We offer a comprehensive benefits package, including medical, dental, vision coverage, 401K match, short- and long-term disability coverage, health savings accounts, flexible spending accounts, and tuition reimbursement. We are also proud to offer specialized benefits like health care navigation, mental health services, fertility assistance, and paid parental leave as well as 120 hours of PTO and 11 Holidays each year.