Sr IAM Directory Services Engineer

Responsibilities for this role include:

• Coordinate and/or implement new or enhanced security products and toolsets
• Participate in governance, audit and compliance support activities, as they pertain to identity and access management security
• Identify, define and implement continuous process improvements utilizing modern tools, technologies, and methodologies
• Architect, engineer, and deploy large-scale security initiatives in Active Directory / Entra ID including domain and application migrations between platforms
• Participate in implementation of large-scale security initiatives for new technologies being deployed globally
• Conduct regular configuration and security assessments of Active Directory and Azure and provide recommendations for changes based on industry standards and security guidelines utilizing tools such as, Microsoft On-demand Assessment, Bloodhound, Purple Knight, etc.
• Monitor AD logs to identify any potential security incidents, respond to security findings, and develop and maintain incident response procedures
• Support large-scale Active Directory domain consolidations and domain migration activities with a security-based approach
• Perform health checks, discoveries and cleanup of Active Directory and Entra ID Infrastructure
• Analyze, review and manage Active Directory services such as DNS, Group Policy etc.
• Document platform technical issues, analysis, communications, and resolutions as reference for future issue resolution in SharePoint, Confluence, ServiceNow or similar medium.
• Develop documentation such as knowledge articles, How-to documents, and presentations for large audiences.
• Provide technical assistance, support and troubleshooting for IAM-related issues.
• Support team during incident management, problem management and disaster recovery activities

What we're looking for:

• 5+ years of hands-on technical experience with Active Directory and Entra ID (Azure AD) in enterprise environments
• 4+ years supporting and implementing AD security, auditing, monitoring, and recovery solutions (e.g., identity threat detection, change auditing, privileged access monitoring, backup/recovery tools such as CrowdStrike IDP, Semperis, or similar)
• 4+ years of hands-on technical experience in Identity and Access Management (IAM) on Active Directory
• 3+ years of experience with IAM tools and platforms (Okta, Ping, Centrify, etc.)
• 3+ years writing code and automation scripts (PowerShell, Python, .NET, JavaScript, etc.)
• 2+ years performing AD domain cleanups, domain/forest recovery, DNS management, Group Policy, gMSA, and security group administration
• Experience with Azure AD / Entra ID Governance, Conditional Access, cloud identity federation (SAML, OIDC, OAuth) and hybrid identity solutions
• Experience with AWS IAM and Google Cloud Platform IAM/Google Workspace identity management
• Familiarity with cloud-native directory services (AWS Directory Service, Google Managed Microsoft AD)

Soft Skills:

• Problem-solving mindset with a focus on delivering secure solutions
• Self-starter: proactive, motivated, resourceful, takes ownership, embraces challenges, and strives for excellence
• Strategic thinker with the ability to drive business outcomes
• Excellent written and verbal communication skills; cross-functional team engagement, documentation, and electronic communication
• Commitment to continuous learning and professional development in cloud, automation, and AI technologies 

Additional experience that would be good to have:

• Scripting and automation in cloud environments (AWS CLI, Azure CLI, Google Cloud Platform SDK)
• Familiarity with databases (SQL, Oracle) and directory protocols (LDAP, Kerberos, NTLM)
• Experience with AD migrations, upgrades, and domain restructuring
• AD security best practices, auditing, privileged access management, and incident response
• Certificate Services (AD CS), PKI fundamentals, and certificate lifecycle management
• AI/ML experience for identity analytics, anomaly detection, or automation (e.g., using AI for access reviews, threat detection, or workflow automation)
• Familiarity with identity-related AI tools and platforms
• Relevant certifications (CISSP, CISM, cloud security certifications) are a plus