IAM Operations Analyst

POSITION TITLE: IAM Operations Analyst
LOCATIONS: Reston VA, Parsippany NJ, Charlotte NC, Atlanta GA these 4 locations are fine, hybrid role 3-4 days a week

Duration:12+months

Interview: video

About the role:
We are seeking a highly skilled and motivated IAM Operations Analyst to join our Identity and Access Management (IAM) team. In this role, you will be responsible for supporting, securing, and optimizing enterprise directory services and IAM platforms across on-premises and cloud environments. You will play a key role in the management of Active Directory, Entra ID (Azure AD), and cloud IAM solutions, while driving automation, security, and operational excellence.
Responsibilities for this role include:
Coordinate and implement new or enhanced security products and toolsets for identity and access management
Participate in governance, audit, and compliance support activities related to IAM security
Identify, define, and implement continuous process improvements using modern tools, technologies, and methodologies
Architect, engineer, and deploy large-scale security initiatives in Active Directory / Entra ID, including domain and application migrations
Support the implementation of global security initiatives for new technologies
Conduct regular configuration and security assessments of Active Directory and Azure, providing recommendations based on industry standards and security guidelines (using tools such as Microsoft On-demand Assessment, Bloodhound, Purple Knight, etc.)
Monitor AD logs to identify potential security incidents, respond to findings, and develop/maintain incident response procedures
Support large-scale Active Directory domain consolidations and migrations with a security-focused approach
Perform health checks, discovery, and cleanup of Active Directory and Entra ID infrastructure
Analyze, review, and manage Active Directory services such as DNS and Group Policy
Document technical issues, analysis, communications, and resolutions for future reference (SharePoint, Confluence, ServiceNow, or similar)
Develop knowledge articles, how-to documents, and presentations for broad audiences
Provide technical assistance, support, and troubleshooting for IAM-related issues
Support the team during incident management, problem management, and disaster recovery activities
What we're looking for:
4+ years of hands-on technical experience with Active Directory and Entra ID (Azure AD) in enterprise environments
3+ years supporting and implementing AD security, auditing, monitoring, and recovery solutions (e.g., identity threat detection, change auditing, privileged access monitoring, backup/recovery tools such as CrowdStrike IDP, Semperis, or similar)
3+ years of hands-on technical experience in Identity and Access Management (IAM)
2+ years of experience with IAM tools and platforms (Okta, Ping, AWS IAM, Google Cloud Platform IAM, etc.)
2+ years scripting and automation (PowerShell, Python, .NET, JavaScript, etc.)
1+ years performing AD domain cleanups, domain/forest recovery, DNS management, Group Policy, gMSA, and security group administration
Experience with Azure AD / Entra ID Governance, Conditional Access, cloud identity federation (SAML, OIDC, OAuth), and hybrid identity solutions
Experience with AWS IAM and Google Cloud Platform IAM/Google Workspace identity management
Familiarity with cloud-native directory services (AWS Directory Service, Google Managed Microsoft AD)
Soft Skills:
Problem-solving mindset with a focus on delivering secure solutions
Self-starter: proactive, motivated, resourceful, takes ownership, embraces challenges, and strives for excellence
Strategic thinker with the ability to drive business outcomes
Excellent written and verbal communication skills; cross-functional team engagement, documentation, and electronic communication
Commitment to continuous learning and professional development in cloud, automation, and AI technologies

Additional experience that would be good to have:
Scripting and automation in cloud environments (AWS CLI, Azure CLI, Google Cloud Platform SDK)
Familiarity with databases (SQL, Oracle) and directory protocols (LDAP, Kerberos, NTLM)
Experience with AD migrations, upgrades, and domain restructuring
AD security best practices, auditing, privileged access management, and incident response
Certificate Services (AD CS), PKI fundamentals, and certificate lifecycle management
AI/ML experience for identity analytics, anomaly detection, or automation (e.g., using AI for access reviews, threat detection, or workflow automation)
Familiarity with identity-related AI tools and platforms
Relevant certifications (CISSP, CISM, cloud security certifications) are a plus