Sr IAM Directory Services Engineer

Responsibilities for this role include:

• Coordinate and/or implement new or enhanced security products and toolsets
• Participate in governance audit and compliance support activities as they pertain to identity and access management security
• Identify define and implement continuous process improvements utilizing modern tools technologies and methodologies
• Architect engineer and deploy large-scale security initiatives in Active Directory / Entra ID including domain and application migrations between platforms
• Participate in implementation of large-scale security initiatives for new technologies being deployed globally
• Conduct regular configuration and security assessments of Active Directory and Azure and provide recommendations for changes based on industry standards and security guidelines utilizing tools such as Microsoft On-demand Assessment Bloodhound Purple Knight etc.
• Monitor AD logs to identify any potential security incidents respond to security findings and develop and maintain incident response procedures
• Support large-scale Active Directory domain consolidations and domain migration activities with a security-based approach
• Perform health checks discoveries and cleanup of Active Directory and Entra ID Infrastructure
• Analyze review and manage Active Directory services such as DNS Group Policy etc.
• Document platform technical issues analysis communications and resolutions as reference for future issue resolution in SharePoint Confluence ServiceNow or similar medium.
• Develop documentation such as knowledge articles How-to documents and presentations for large audiences.
• Provide technical assistance support and troubleshooting for IAM-related issues.
• Support team during incident management problem management and disaster recovery activities

What were looking for:

• 5 years of hands-on technical experience with Active Directory and Entra ID (Azure AD) in enterprise environments
• 4 years supporting and implementing AD security auditing monitoring and recovery solutions (e.g. identity threat detection change auditing privileged access monitoring backup/recovery tools such as CrowdStrike IDP Semperis or similar)
• 4 years of hands-on technical experience in Identity and Access Management (IAM) on Active Directory
• 3 years of experience with IAM tools and platforms (Okta Ping Centrify etc.)
• 3 years writing code and automation scripts (PowerShell JavaScript etc.)
• 2 years performing AD domain cleanups domain/forest recovery DNS management Group Policy gMSA and security group administration
• Experience with Azure AD / Entra ID Governance Conditional Access cloud identity federation (SAML OIDC OAuth) and hybrid identity solutions
• Experience with AWS IAM and GCP IAM/Google Workspace identity management
• Familiarity with cloud-native directory services (AWS Directory Service Google Managed Microsoft AD)

Soft Skills:

• Problem-solving mindset with a focus on delivering secure solutions
• Self-starter: proactive motivated resourceful takes ownership embraces challenges and strives for excellence
• Strategic thinker with the ability to drive business outcomes
• Excellent written and verbal communication skills; cross-functional team engagement documentation and electronic communication
• Commitment to continuous learning and professional development in cloud automation and AI technologies

Additional experience that would be good to have:

• Scripting and automation in cloud environments (AWS CLI Azure CLI GCP SDK)
• Familiarity with databases (SQL Oracle) and directory protocols (LDAP Kerberos NTLM)
• Experience with AD migrations upgrades and domain restructuring
• AD security best practices auditing privileged access management and incident response
• Certificate Services (AD CS) PKI fundamentals and certificate lifecycle management
• AI/ML experience for identity analytics anomaly detection or automation (e.g. using AI for access reviews threat detection or workflow automation)
• Familiarity with identity-related AI tools and platforms
• Relevant certifications (CISSP CISM cloud security certifications) are a plus