Identity & Access Management (IAM) Engineer – Enterprise Technology Infrastructure

When you join Hines you will embark on a career journey fueled by vision and guided by leaders who set the standards of our industry. Our legacy is rooted in innovation and excellence earning us a spot on Fast Companys esteemed annual list of the Worlds Most Innovative Companies as well as recognition as one of U.S. News & World Reports Best Companies to Work For in 2024. Discover endless opportunities to grow and make your mark at Hines.

As a Identity & Access Management (IAM) Engineer Enterprise Technology Infrastructure with Hines you will support modernize and continuously improve our enterprise identity and access infrastructure of the firm. This role will focus on Entra ID (Azure AD) and Active Directory with additional responsibility supporting enterprise messaging platforms including Microsoft 365 (Exchange Online and Hybrid) and secure email ideal candidate brings a strong AI-first mindset proactively leveraging AI tools and automation to enhance operational efficiency strengthen security posture and elevate the end-user experience. This role is not just about maintaining identity systemsits about rethinking how identity and access are managed through intelligent tooling automation and continuous optimization. Responsibilities include but are not limited to:

Identity & Access Management

• Administer and optimize Entra ID (Azure AD) and on-premises Active Directory
• Design and implement identity solutions including:
• Configure and manage Single Sign-On (SSO) integrations in Entra ID for SaaS and enterprise applications (SAML OIDC OAuth)
• Administer and maintain Enterprise Applications in Entra ID including application onboarding access assignment and lifecycle management
• Troubleshoot SSO federation and application authentication issues across internal and third-party platforms
• Partner with application owners to design and implement secure scalable authentication and authorization models
• Multi-Factor Authentication (MFA)
• Conditional Access policies
• Identity Protection and risk-based access controls
• Manage and enforce Privileged Identity Management (PIM) including role activation just-in-time access and privileged access governance
• Manage identity lifecycle processes (joiner mover leaver)
• Implement and enforce least privilege access and role-based access control (RBAC)
• Troubleshoot complex authentication federation and directory-related issues
• Support directory synchronization and hybrid identity configurations

Security & Compliance

• Apply Zero Trust principles across identity and access controls
• Monitor investigate and respond to identity-related threats and anomalies
• Support access reviews certifications and identity governance initiatives
• Partner with security and compliance teams on audit readiness risk mitigation and policy enforcement

Messaging & Email Infrastructure (Supporting Responsibility)

• Support Microsoft 365 (Exchange Online) environments and core messaging functionality
• Assist with troubleshooting mail flow issues and email-related incidents
• Maintain awareness of email security controls and authentication standards (SPF DKIM DMARC)

AI-First Operations & Automation

• Apply an AI-first approach to problem solving leveraging tools such as Microsoft Copilot and AI-assisted scripting to accelerate analysis and resolution
• Design and implement automation solutions to reduce manual effort and improve reliability (PowerShell workflows orchestration tools)
• Use AI to enhance troubleshooting anomaly detection and root cause analysis
• Identify and lead opportunities to embed AI across identity messaging and security operations
• Stay current on emerging AI capabilities within Microsoft 365 Azure and enterprise IT ecosystems and translate them into practical use cases

Documentation Diagramming & Knowledge Management

• Create and maintain clear structured technical documentation for systems processes and configurations
• Develop architecture and process diagrams using tools such as Microsoft Visio (or similar) to illustrate identity flows access models and integrations
• Ensure documentation reflects current-state and future-state designs to support scalability and knowledge transfer
• Contribute to internal knowledge bases and operational runbooks

Collaboration & Continuous Improvement

• Work cross-functionally with security infrastructure and application teams
• Proactively identify opportunities for system optimization automation and risk reduction
• Continuously improve identity security posture and user access experience
• Participate in on-call support rotation as needed

Minimum Requirements include:

• Bachelors degree from an accredited institution

• Five or more years of experience in Identity & Access Management and enterprise IT environments

• Strong expertise in:

  • Entra ID (Azure AD)

  • Active Directory (on-premises)

  • Hands-on experience with Conditional Access MFA SSO and RBAC

  • Experience supporting Microsoft 365 / Exchange environments

  • Familiarity with email security solutions (e.g. Cisco IronPort or similar)

  • Strong PowerShell scripting skills for automation

  • Solid understanding of identity security principles (Zero Trust least privilege)

  • Proven ability to troubleshoot complex identity and access issues

• Experience with identity governance and access review processes

• Hands-on experience with Privileged Identity Management (PIM) and privileged access strategies

• Familiarity with Microsoft security and compliance tools

• Experience implementing or supporting AI tools in IT operations

• Hands-on experience with Microsoft Copilot or similar AI platforms

• Knowledge of email authentication and security best practices

• Relevant certifications (Microsoft 365 Azure Security etc.)

At Hines we strive for excellence as a leading global real estate investment manager driven by our by our belief that real estate is fundamentally about people. Our diverse portfolio spans $93.2 billion¹ of assets across such property types as living office retail mixed-use logistics and life science projects all designed to enhance value connection and inspiration. Our strategic approach integrates local expertise with global knowledge taking calculated risks aligned with our convictions to exceed expectations and tailor solutions to our clients needs.

While our projects are renowned for enhancing cities and pioneering sustainable practices we recognize that the true driving force behind Hines success is our 5000 dedicated employees in 30 countries who draw on our 65-year history to build the world forward. This is why we prioritize investing in our people offering comprehensive training competitive compensation robust benefits and generous vacation packages. By centering our focus on the growth and wellbeing of our team we cultivate an inclusive environment where everyone including our clients can thrive.

Hines is proud to be named to Fast Companys prestigious annual list of the Worlds Most Innovative Companies for 2024. ¹Includes both the global Hines organization and RIA AUM as of December 31 2023.

We are an equal opportunity employer and support workforce diversity.

No calls or emails from third parties at this time please.