Identity Lead Engineer

Title: Identity Lead Engineer

Position Type: Contract

Location: NYC, NY (onsite)

In this role, the experienced Hybrid Identity Lead Engineer with deep expertise in designing and managing secure, scalable identity and access solutions across hybrid environments. Skilled in integrating and administering Active Directory, Microsoft Entra  (Azure AD), AWS IAM, and GCP IAM to support modern Zero Trust architectures. Proven track record of leading enterprise IAM strategies, implementing identity lifecycle automation, enforcing the least privilege, and aligning access controls with security and compliance requirements in cloud and on-premises infrastructures.

• Manage and maintain a unified IAM architecture by integrating Active Directory (AD), Entra  (Azure AD), and AWS IAM to ensure consistent, secure identity and access controls across on‑premises and cloud platforms.
• Build and maintain a centralized identity framework connecting AD, Entra , and AWS IAM and GCP to protect sensitive healthcare data and streamline secure access across cloud and on‑prem systems.
• Define and enforce enterprise identity standards, including naming conventions, group structures, RBAC policies, and lifecycle automation.
• Lead the adoption of Zero Trust principles and modern identity‑centric security models by implementing secure IAM frameworks in AWS and GCP including roles, policies, SCPs, and federation while supporting vulnerability management efforts through alignment of access controls with cloud security findings.
• Collaborate with Dev Ops and cloud teams to ensure least privilege, access auditing, and just‑in‑time access models across Multi‑Cloud resources.

• Administer and optimize on‑prem Active Directory, including domain trusts, Sites and Services, GPOs, OU structure, and replication.
• Design and enforce Entra l Access policies, MFA (DUO, MS), risk‑based authentication, and device trust.
• Lead integration of Entra  key business and clinical systems.
• Implement and manage access certification processes, audit trails, and automated entitlement reviews aligned with HIPAA frameworks.
• Lead response efforts for IAM‑related audit findings, penetration tests, and security assessments.
• Develop scripts and tools (Power Shell, Python, or Terraform) to automate user provisioning, de‑provisioning, and group management across systems.
• Act as the subject‑matter expert (SME) for IAM technologies and processes.
• Mentor other engineers and contribute to cross‑functional initiatives across IT security, clinical systems, cloud infrastructure, and compliance teams.

Typically requires 7 or more years of experience and BA/BS degree.

• Experience with Privileged Access Management (PAM) tools (e.g., Cyber Ark, Beyond Trust).
• Familiarity with Terraform, Cloud Formation, or similar infrastructure‑as‑code tools for identity resource management.
• Preferred experience with Identity Governance and Administration (IGA) solutions such as SailPoint.

• Microsoft Certified:
  Identity and Access Administrator Associate
• AWS Certified Security Specialty
• GCP Cloud Security Engineer