Sr. Identity Access Management Engineer

Title: Sr. Identity Access Management Engineer

Location: Boston MA (5 Day Onsite)

Client: Roku

Job Responsibilities

Lead enterprise wide IAM standardization including identity lifecycle management access governance and policy enforcement across global regions.
Drive automation across IAM to streamline administration and improve user experience.
Support onboarding of enterprise applications into Azure Entra ID including Single Sign On (SSO) Conditional Access and role based access control (RBAC).
Enhance privileged access management and implement scalable monitoring alerting and auditability to support a secure geographically distributed workforce.
Collaborate with IT Networking and Security teams to troubleshoot identity related issues and support global infrastructure initiatives.
Advance Zero Trust Identity Fabric principles such as continuous verification least privilege access and identity aware policy enforcement acrossusers devices workloads and non human identities.
Build identity automation with a DevOps mindset including scripting pipeline development and engineering custom tooling from scratch rather than only configuration.

Job Description

8 years of hands on experience in Identity and Access Management and cloud automation particularly within the Microsoft ecosystem.
Strong analytical and troubleshooting skills for complex infrastructure and identity related issues.
Excellent communication skills with the ability to explain technical concepts to both technical and non technical stakeholders.
Deep experience with Microsoft Entra ID including Conditional Access Identity Governance and Privileged Identity Management (PIM).
Familiarity with Microsoft 365 services such as Exchange Online Defender Purview Sentinel Intune and related platforms.
Strong automation and scripting skills using PowerShell Azure CLI and Microsoft Graph API.
Working knowledge of Azure services including Function Apps and Logic Apps.
Experience onboarding and managing enterprise applications in Azure Entra ID.
Advanced knowledge of SSO protocols including OAuth2 OpenID Connect and SAML.
Experience with privileged access tools (Azure PIM CyberArk) secrets management (HashiCorp Vault or Azure Key Vault) and workload identitypatterns (SPIFFE & SPIRE).
Familiarity with Non Human Identity (NHI) governance including service accounts and AI agents; exposure to policy as code frameworks such as OPA/Rego.
Good to have familiarity with Microsoft Purview for DLP and data classification.
Strong understanding of multi factor authentication and FIDO2.
Familiarity with IT security frameworks and compliance standards.
Knowledge of logging monitoring and alerting practices for identity and access events.
Basic understanding of email security and DNS.
Experience with backup and recovery strategies for identity related services.
Understanding of Zero Trust Architecture principles.
Familiarity with Jira and Confluence.

Education:

Bachelors or Master s degree in Computer Science Computer or Electrical Engineering Mathematics or a related field.