Senior Identity and Access Management Engineer

The Senior IAM Engineer will play a key role in designing, implementing, and operating enterprise identity and access management capabilities across Microsoft Entra ID and the organization's credential management systems to include PKI. This role requires deep technical expertise, hands-on engineering experience, and the ability to translate business and security requirements into secure, automated identity controls.

1. Microsoft Entra Identity Services

• Design, implement, and maintain secure SSO integrations for SaaS and on-prem applications using SAML, OIDC, and OAuth2.
• Lead the automation of user provisioning and deprovisioning workflows via Entra ID and SCIM-based integrations.
• Develop and manage access reviews, entitlement management, and least-privilege policies using Microsoft Entra and Azure AD Identity Governance.
• Implement and maintain conditional access policies, MFA configurations, and group-based access controls.
• Collaborate with application owners and security teams to ensure consistent identity lifecycle management across hybrid cloud environments.

2. PKI and Credential Management

• Design, implement, and operationalize enterprise PKI infrastructure, including certificate authorities, registration authorities, and certificate templates.
• Enhance and automate certificate enrollment, renewal, and revocation workflows across servers, applications, and end-user devices.
• Integrate certificate-based authentication (CBA) with identity platforms and endpoint management systems.
• Develop policies and processes for credential issuance, rotation, and lifecycle management.
• Support audit and compliance requirements related to certificate and credential management.

Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
• 5-8 years of experience in IAM engineering or related security infrastructure roles.
• Deep knowledge of Microsoft Entra ID (Azure AD), identity protocols (SAML, OIDC, OAuth2), and lifecycle management best practices.
• Experience implementing Entra ID Identity Governance features (access reviews, entitlement management, PIM).
• Strong expertise with PKI technologies (Microsoft ADCS, cloud-based CAs, HSM integration, CRLs, and certificate automation).
• Familiarity with modern credential management tools (e.g., Venafi, Keyfactor, HashiCorp Vault, or Azure Key Vault).
• Hands-on scripting experience (PowerShell, Python, or similar) for automation and API integrations.
• Working knowledge of security and compliance standards such as NIST, ISO 27001, and Zero Trust Architecture.

Preferred Skills

• Experience with identity federation and hybrid cloud IAM architectures.
• Prior experience integrating EntraID (or other IDP) with SAP GRC Access Management and/or SAP IAS.
• Knowledge of device identity, machine certificates, and code-signing processes.
• Strong troubleshooting and documentation skills.
• Strong Microsoft based skills as it relates to IAM.
• Relevant certifications such as Microsoft Certified: Identity and Access Administrator (SC-300), CISSP, or similar.

Success in this Role

• Streamlined identity lifecycles with measurable improvements in provisioning efficiency and access compliance.
• Automated certificate management processes reducing human intervention and outages.
• Strengthened identity security posture aligned with Zero Trust principles.