Apply Now

Principal IAM/AD Engineer

Natick, MA, US • Posted 12 hours ago • Updated 12 hours ago

Full Time

On-site

USD $136,900.00 - 219,000.00 per year

Fitment

Dice Job Match Score™

🧠 Analyzing your skills...

Job Details

Skills

Security Operations
Security Engineering
Directory Services
Authentication
Teamwork
Promotions
Management
System On A Chip
PASS
Reporting
Kerberos
ROOT
Mentorship
Collaboration
Active Directory
Lifecycle Management
Replication
Multi-factor Authentication
PIM
Microsoft Azure
Cloud Computing
Windows PowerShell
Python
Microsoft
Incident Management
SSO
SAML
OIDC
OAuth
Provisioning
SaaS
LDAP
Delegation
Hardening
PKI
Backup
Recovery
DSC
GPO
Git
Workflow
Continuous Integration
Continuous Delivery
Scripting
Regulatory Compliance
ISO/IEC 27001:2005

Summary

Job Summary

MathWorks has a hybrid work model that enables staff members to split their time between office and home. The hybrid model provides the advantage of having both in-person time with colleagues and flexible at-home life optimizations. Learn More: ;br>
Do you design secure, resilient Active Directory at scale and enjoy automating identity operations? Join our Security Operations IAM team responsible for enterprise identity foundations across on-prem Active Directory and Microsoft Entra ID. We partner with Security Engineering, IT, and Compliance to deliver hardened directory services, modern authentication, ITDR capabilities and Zero Trust controls that enable the business.

MathWorks nurtures growth, appreciates inclusivity, encourages initiative, values teamwork, shares success, and rewards excellence.

Responsibilities

Operate and maintain on-premises Active Directory: domain controller health, patching, promotion/demotion, replication, sites/subnets, time services, SYSVOL/GPO health, and capacity monitoring.

Implement and manage Entra ID capabilities: Conditional Access, Identity Protection risk policies, PIM, and app registrations/service principals.

Monitor, troubleshoot, and optimize directory synchronization and identity lifecycle flows.

Partner with our SOC to drive a successfulITDRprogram.Helpbuild and tune detections to identify threats such as DCSync, Golden/Silver Ticket, Kerberoasting, pass-the-hash/ticket, risky sign-ins, and impossible travel.

Harden AD and Entra ID: apply baselines, admin tiering, PAW usage, secure delegation, privileged workflow controls, regular access reviews, and identity threat hunting.

Automate identity operations and ITDR tasks with PowerShell and APIs (Graph/Entra): alert enrichment, response runbooks, access certifications, reporting, and drift remediation.

Lead complex troubleshooting and incident response for identity (Kerberos/NTLM, replication, DCSync/Golden/Silver Ticket detections, Conditional Access failures); drive root cause and preventive actions.

Produce runbooks, standards, and change records; mentor team members and collaborate with stakeholders to align IAM operations with business needs.

Minimum Qualifications

A bachelor's degree and 10 years of professional work experience (or equivalent experience) is required.

Additional Qualifications

A successful candidate for this role will have a combination of some or all of the following skills/experience:

7+ years in enterprise Active Directory operations and hardening including DC lifecycle management, sites/services, replication, BCDR, and observability.

Hands-on experience with Microsoft Entra ID: Conditional Access, MFA, Identity Protection, PIM, app registration and service principal governance.

Experience operating Azure AD Connect or Cloud Sync in hybrid identity environments.

Identity Governance and Administration experience for provisioning, role/entitlement models, and access certifications.

Proficiency with PowerShell, Python and Microsoft Graph/Entra APIs for automation.

Experience with privileged access models and administrative tiering.

Ability to support after-hours maintenance and incident response as needed.

SSO/Federation: SAML/OIDC/OAuth; SCIM provisioning to SaaS apps.

AD security: trusts, LDAP/LDAPS, constrained delegation, GPO hardening.

PKI and certificates: AD CS, CRL/OCSP, auto enrollment, renewal automation for workloads and service principals/certs.

Backup/Recovery: authoritative restore, forest recovery planning and drills.

IaC/automation: DSC, GPO as Code, Git workflows; CI/CD familiarity for scripts/policies.

Compliance familiarity: CMMC, NIST CSF/800-53/171, ISO 27001

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Dice Id: mathw
Position Id: 416f5e4034ecf29cca4468d351d98847
Posted 12 hours ago

Create job alert

Never miss an opportunity! Create an alert based on the job you applied for.

Framingham, Massachusetts

•

Today

Job Description Staples is business to business. You're what binds us together. Our Staples Digital Solutions team is redefining what it means to be an IT organization. We are passionate, collaborative, and agile professionals who thrive on innovation and creativity. Our team anticipates the needs of customers and business partners, delivering reliable and customer-centric technology services. If you are intellectually curious, excited by advancements in technology, and eager to help drive Sta

Full-time

Senior Active Directory (AD) Engineer

Bedford, Massachusetts

•

Today

Koniag IT Systems, LLC, a Koniag Government Services company, is seeking a Senior Active Directory (AD) Engineer to support KITS and our government customer in Carson, CA. This position is for a Future New Business Opportunity. The customer may need support as needed at other locations Columbus, OH, Bedford, MA, Fort Lee, VA, and Smyrna, GA. We offer competitive compensation and an extraordinary benefits package including health, dental and vision insurance, 401K with company matching, flexibl

Full-time

Senior Identity Access Management Engineer

Boston, Massachusetts

•

Today

Teamwork makes the stream work. Roku is changing how the world watches TV Roku is the #1 TV streaming platform in the U.S., Canada, and Mexico, and we've set our sights on powering every television in the world. Roku pioneered streaming to the TV. Our mission is to be the TV streaming platform that connects the entire TV ecosystem. We connect consumers to the content they love, enable content publishers to build and monetize large audiences, and provide advertisers unique capabilities to engag

Full-time

USD 158,000.00 - 279,000.00 per year

Senior Identity Governance Engineer

Waltham, Massachusetts

•

Today

About us At National Grid, we keep people connected and society moving. But it's so much more than that. National Grid supplies us with the environment to make it happen. As we generate momentum in the energy transition for all, we don't plan on leaving any of our customers in the dark. So, join us as a Senior Identity Governance Engineer, and find your superpower. We need you! We want to find an innovative, adaptable, and results-oriented Senior Identity Governance Engineer for our Cybersecur

Full-time

USD 136,000.00 - 160,000.00 per year

Search all similar jobs

Principal IAM/AD Engineer

Dice Job Match Score™

Job Details

Skills

Summary

Similar Jobs