Identity and Access Management II Engineer III

We are seeking a highly skilled and driven Identity and Access Management (IAM) Engineer III to join our Engineering team. In this role, you will be responsible for designing, implementing, and securing our enterprise identity infrastructure, which is heavily driven by our core Identity Providers: Okta and Microsoft Entra ID. As a senior member of the team, you will drive complex engineering projects, enforce security best practices, and build automated solutions.

A successful candidate will possess a self-starter attitude and a Customer First Mindset, treating our internal operations and other IT groups as key customers. Clear, effective communication is critical in this role, as you will be translating complex technical concepts to stakeholders, resolving high-level escalations, proactively identifying areas for improvement, and mentoring team members.

· Active Directory & Domain Controller Management: Architect, deploy, and maintain Active Directory Domain Services (ADDS) environments. This role requires a strong emphasis on the deployment, health monitoring, security hardening, and lifecycle management of enterprise Domain Controllers.

· Identity Providers (IdP) & Synchronization: Act as a primary technical lead for our enterprise IdPs, specifically Okta and Microsoft Entra ID. Configure and manage Single Sign-On (SSO) integrations, Enterprise Applications, and App Registrations using modern authentication protocols (SAML, OIDC, OAuth2), and oversee directory synchronization utilizing Entra ID Connect.

· Privileged Access Management (PAM): Design, deploy, and manage PAM solutions utilizing CyberArk Privilege Cloud.

· Public Key Infrastructure (PKI): Manage and secure internal Certificate Authorities (CA), including Active Directory Certificate Services (AD CS), ensuring proper certificate lifecycle management and continuous security hardening.

· Access Control & Security: Implement and enforce Conditional Access policies, Multi-Factor Authentication (MFA), and the principle of Least Privilege across the enterprise to support Zero Trust architecture.

· Core Network Services: Manage and troubleshoot network identity components, specifically DNS and DHCP.

· Automation & Engineering: Develop and maintain advanced scripts (e.g., PowerShell) to automate user lifecycle management, attribute synchronization, and system reporting.

· Documentation & Process Mapping: Create, maintain, and update comprehensive technical documentation, workflows, and architecture diagrams to ensure all managed systems, applications, and engineering projects are accurately recorded and easily understood.

· Technical Leadership: Act as an escalation point for complex identity-related incidents, perform root-cause analysis, and provide technical guidance to operations teams.

· Experience: 6 to 10 years of hands-on experience in IAM, directory services, or related security engineering roles.

· Work Ethic & Drive: A proven self-starter attitude with the ability to take initiative, work autonomously, and push projects across the finish line with minimal supervision.

· IdP & Core IAM Expertise: Advanced knowledge of Okta, Entra ID, Entra ID Connect, and CyberArk Privilege Cloud.

· ADDS Expertise: Deep technical expertise in ADDS, with a specific focus on the advanced management and maintenance of Domain Controllers.

· Authentication & Protocols: Deep understanding of SAML, OIDC/OAuth 2.0, Enterprise Apps, and App Registrations.

· Security Models: Proven experience implementing Conditional Access, MFA, and Least Privilege principles.

· Automation Skills: Strong proficiency in scripting languages (PowerShell preferred) to automate administrative tasks and API integrations.

· Problem Solving: Exceptional analytical and troubleshooting skills for resolving complex authentication and routing issues.

· Communication: Outstanding written and verbal communication skills to collaborate across IT teams and articulate technical requirements clearly.