Senior Infrastructure Engineer - IAM & Automation

This role will be responsible for the day-to-day administration, maintenance, support, and triage of Infrastructure escalations within the Platform Services function of IT. This role will require demonstrated experience in Identity and Access Management platforms and workflows, PowerShell and MS Graph, and demonstrate customer service as top priority and skillset. Primary areas of responsibilities include working directly in Okta and M365 for Identity and Access Management, Automation authoring and maintenance tasks via PowerShell and/or MS Graph, and supporting the administration and configuration of our M365 tenant.

• Serve as the primary engineer and platform owner for the firm’s Identity & Access Management ecosystem, with emphasis on Okta, lifecycle workflows, and automation patterns.
• Triage incidents and calls. Independently analyze, solve, and correct issues in real time, providing problem resolution end-to-end.
• Manage and monitor Identity and Access controls through Okta and Entra/Active Directory.
• Create, support, and maintain Okta configurations to support access to business applications, Single Sign-On, SAML, SCIM, Multi-Factor Authentication, and lifecycle management.
• Create, support, and maintain the configuration and enforcement of policies and settings using Conditional Access, including phishing-resistant and device-aware authentication, biometrics, and managed-device enforcement for tier-1 applications.
• Provide administration, technical support, and troubleshooting for application authentication, provisioning, lifecycle, and SSO setup requests or issues through Okta and M365.
• Create, Support, and Maintain automation scripts, Azure Automation runbooks, Freshservice workflows, and related processes for employee onboarding and offboarding, group and account management, and OU/Active Directory processes.
• Support onboarding, offboarding, and identity lifecycle workflows driven by UKG and other source systems, including integrations that pull and validate data from SQL databases and other structured data sources.
• Manage and monitor identity synchronization between Active Directory and Microsoft Entra ID, including sync rules, attribute mappings, scoping filters, exception handling, and AD extension attributes.
• Assist in the management of Active Directory and Entra ID.
• Support and maintain Netwrix Directory Manager and related technology platforms to enforce PAM and least privilege access.
• Support and maintain Microsoft Entra Privileged Identity Management (PIM), including role assignments, activation settings, approval workflows, and privileged access controls.
• Create, Support, and Maintain Microsoft Entra app registrations, enterprise applications, service principals, API permissions, client secret and certificate renewals, and related access controls.
• Establish and maintain standards for automation, scripting, documentation, reporting, monitoring, and change management within IAM and Automation.
• Collaborate closely with HR, Recruiting, Security, Infrastructure, User Support, application owners, and business partners, including Facilities, to support and improve identity and access workflows.
• Design and maintain end-to-end identity lifecycle processes (joiner, mover, leaver) across UKG/HRIS, Active Directory, Okta, M365, and key business applications.
• Provide day-to-day technical guidance and support for IAM and Automation processes.
• Ensure that systems related documentation is maintained and kept up to date.
• Provide 24 x 7 support for critical production systems.
• Other duties as assigned.
• Employees approved for flexible work arrangements are expected to be available and maintain a practice of reliable, consistent attendance during the employees scheduled work shift including, but not limited to, Teams/instant message, Zoom, email and voicemail, and by phone.

• Advanced/Expert Level of PowerShell script building and automation, including Azure Automation runbooks and MS Graph.
• 5+ Years supporting Okta or other IAM platforms.
• 5+ Years supporting M365 Administration (Entra, Teams, OneDrive, Conditional Access).
• Strong experience supporting onboarding, offboarding, and automated life-cycle management workflows driven by UKG or another HRIS.
• Experience working with SQL databases and other structured data sources to support automation and identity workflows.
• Experience supporting identity synchronization, attribute mappings, Microsoft Entra Connect, and AD extension attributes.
• Experience with Netwrix Directory Manager or similar directory management platforms.
• Proficiency in Active Directory/Entra, Single Sign-On (SSO), Multi-Factor Authentication (MFA), identity federation, privileged access management, Conditional Access, and automated life-cycle management.
• Strong troubleshooting, documentation, communication, and customer service skills.