Entra Identity and Governance Administrator

The Office of the New York State Attorney General (OAG) is seeking an Information Technology Specialist 3 (Information Security) to serve as an Identity and Access Management (IAM) Administrator for Microsoft Entra under the Security Operations team in the .

This unit manages the identity and access systems and ensures secure access to both on-premises and cloud-based resources. This role requires expertise in Microsoft Entra, identity governance, and authentication protocols. This role is responsible for maintaining user access, enforcing security policies, and integrating IAM systems with other security tools to ensure the integrity and security of the organization’s identity management infrastructure. By controlling and securing access to critical resources, this position directly enhances the agency''''''''''''''''s ability to prevent unauthorized access and maintain a strong security framework.

Duties:
• Lead the development and implementation of the IAM strategy to be aligned with business objectives and regulatory requirements in conjunction with security policy.
• Support design and documentation for IAM architecture, identity governance, and role-based access control.
• Manage security operations tasks related to identity and access management, including incident response recommended solutions.
• Identify and rectify gaps within current infrastructure as it relates to onboarding and offboarding personnel.
• Ensure IAM processes comply with industry standards (NIST, ISO, CIS) and internal policies developed by the CISO and SecOps teams.
• Conduct regular audits and assessments to identify vulnerabilities and ensure compliance.
• Assess current applications and architecture to ensure current implementations align with identity-first security strategies, best practices, and approved standards.
• Define integration methodologies for IAM solutions with existing and onboarding applications, including cloud services, on-prem systems, and third-party applications (Entra ID, Azure, on-prem Active Directory, Oracle Identity Manager (OIM)).
• Work closely with other teams within the IT bureau (O365, Windows, Linux, EA, etc) to ensure fluid cohesiveness.
• Other duties as assigned.

Qualifications:
Bachelor’s degree with at least 15 credit hours in cyber security, information assurance, or information technology; and two years of information technology experience, at least one year of which is information security or information assurance experience.

OR

A bachelor''''''''''''''''s degree in any field with at least three years of information technology experience, at least one year of which is information security or information assurance experience.

OR

An associate''''''''''''''''s degree in any field with four years of general information technology experience at least one of which is information security or information assurance experience.

OR

At least five years of information security or information assurance experience.

PREFERRED QUALIFICATIONS:
• 2+ years of dedicated identity and access management experience with multi-environment experience (Oracle Identity + Microsoft) a plus
• 5+ years of information technology administration experience or equivalent combination of work and educational experiences
• Intermediate to advanced knowledge of identity technologies and concepts.
• Intermediate to advanced knowledge of directories, Single-Sign On (SSO), identity federation, privileged access management, automated life-cycle management.
• Proven knowledge of security (preferred - CISSP, CISA, CISM, GPEN, GWAPT, GCIH, other GIAC certifications, OSCP, CEH, Security+, etc.)
• An understanding in application integration patterns and API-based access control
• An understanding of Microsoft Entra ID hardening, role-based access control, active directory attributes and privileged identity management
• Experience with Microsoft Entra ID by configuring and maintaining Conditional Access policies, enforcing MFA, and securing authentication methods to reduce identity-related risks.
• Experience implementing controls, identity lifecycle management and third-party integrations for automation using Microsoft Entra ID Governance
• Strong familiarity with administering and maintaining Role-Based Access Control (RBAC) in Microsoft Entra ID, including the creation of custom roles, access reviews, and ensuring alignment with least-privilege principles.
• Ability to leverage Active Directory and Entra ID user attributes to automate access provisioning and group memberships using dynamic group rules.
• Skilled in supporting Privileged Identity Management (PIM) by configuring just-in-time access to critical roles, implementing approval workflows, and conducting periodic access reviews.