Identity Lead Engineer

Title: Identity Lead Engineer

Position Type: Contract

Location: NYC, NY (onsite)

Job Description:

In this role, the experienced Hybrid Identity Lead Engineer with deep expertise in designing and managing secure, scalable identity and access solutions across hybrid environments. Skilled in integrating and administering Active Directory, Microsoft Entra ID (Azure AD), AWS IAM, and Google Cloud Platform IAM to support modern Zero Trust architectures. Proven track record of leading enterprise IAM strategies, implementing identity lifecycle automation, enforcing the least privilege, and aligning access controls with security and compliance requirements in cloud and on-premises infrastructures.

Job Responsibilities:

Cloud Identity Engineering

• Manage and maintain a unified IAM architecture by integrating Active Directory (AD), Entra ID (Azure AD), and AWS IAM to ensure consistent, secure identity and access controls across on-premises and cloud platforms.
• Build and maintain a centralized identity framework connecting AD, Entra ID, and AWS IAM and Google Cloud Platform to protect sensitive healthcare data and streamline secure access across cloud and on-prem systems.
• Define and enforce enterprise identity standards, including naming conventions, group structures, RBAC policies, and lifecycle automation.
• Lead the adoption of Zero Trust principles and modern identity-centric security models by implementing secure IAM frameworks in AWS and Google Cloud Platform including roles, policies, SCPs, and federation while supporting vulnerability management efforts through alignment of access controls with cloud security findings.
• Collaborate with DevOps and cloud teams to ensure least privilege, access auditing, and just-in-time access models across Multi Cloud resources.

Microsoft Identity Management

• Administer and optimize on-prem Active Directory, including domain trusts, Sites and Services, GPOs, OU structure, and replication.
• Design and enforce Entra ID Conditional Access policies, MFA (DUO, MS), risk-based authentication, and device trust.
• Lead integration of Entra ID with key business and clinical systems.
• Implement and manage access certification processes, audit trails, and automated entitlement reviews aligned with HIPAA frameworks.
• Lead response efforts for IAM-related audit findings, penetration tests, and security assessments.
• Develop scripts and tools (PowerShell, Python, or Terraform) to automate user provisioning, de-provisioning, and group management across systems.
• Act as the subject matter expert (SME) for IAM technologies and processes.
• Mentor other engineers and contribute to cross-functional initiatives across IT security, clinical systems, cloud infrastructure, and compliance teams.

Minimum Qualifications:

To qualify you must have a Typically requires 7 or more years of experience and BA/BS degree.

Preferred Qualifications:

• Experience with Privileged Access Management (PAM) tools (e.g., CyberArk, BeyondTrust).
• Familiarity with Terraform, CloudFormation, or similar infrastructure-as-code tools for identity resource management.
• Preferred experience with Identity Governance and Administration (IGA) solutions such as SailPoint

Cloud certifications such as:

o Microsoft Certified: Identity and Access Administrator Associate

o AWS Certified Security Specialty

o Google Cloud Platform Cloud Security Engineer