Snr IAM Directory Services Engineer

JD:

Who we are

American International Group, Inc. (AIG) is a leading global insurance organization. AIG member companies provide a wide range of property and casualty insurance in approximately 70 countries and jurisdictions. These diverse offerings include products and services that help businesses and individuals protect their assets and manage risks.

We’re also committed to making a positive difference for our colleagues and in the communities where we work and live. We encourage colleagues to give back to the causes they care most about, supporting these efforts through our Volunteer Time Off and Matching Grants Programs.

Get to know the business

At AIG, technology is at the heart of everything we do, from underwriting risks to processing claims. The Information Technology team equips our colleagues with the latest tools to complete their work efficiently and with the highest standards of excellence. The team is responsible for shielding the company’s systems from security risks while designing technology strategies that enable AIG’s businesses to achieve their goals. AIG’s Information Technology functions include enterprise architecture, software and systems engineering, cybersecurity, and technology risk and compliance.

About the role

The Directory Services Engineer will be responsible for managing and supporting activities related to Active Directory and Entra ID security services, including Group Policies (GPO), Domain Name Services (DNS), and the deployment and support of security, auditing, monitoring, and recovery solutions. In this role, you will architect, engineer, and deploy security solutions to address complex challenges in directory services and IAM environments. The Directory Services Engineer will identify opportunities to strengthen security, drive automation, and promote operational excellence. Additional responsibilities include addressing security findings, analyzing large data sets in SIEM platforms such as Splunk, CrowdStrike, Snowflake, and supporting incident response. This role provides an opportunity to help shape the direction of identity and directory services for AIG. 

Responsibilities for this role include:

• Coordinate and/or implement new or enhanced security products and toolsets
• Participate in governance, audit, and compliance support activities, as they pertain to identity and access management security
• Identify, define, and implement continuous process improvements utilizing modern tools, technologies, and methodologies
• Architect, engineer, and deploy large-scale security initiatives in Active Directory / Entra ID, including domain and application migrations between platforms
• Participate in the implementation of large-scale security initiatives for new technologies being deployed globally
• Conduct regular configuration and security assessments of Active Directory and Azure, and provide recommendations for changes based on industry standards and security guidelines, utilizing tools such as Microsoft On-Demand Assessment, Bloodhound, Purple Knight, etc.
• Monitor AD logs to identify any potential security incidents, respond to security findings, and develop and maintain incident response procedures
• Support large-scale Active Directory domain consolidations and domain migration activities with a security-based approach
• Perform health checks, discoveries, and cleanup of Active Directory and Entra ID Infrastructure
• Analyze, review, and manage Active Directory services such as DNS, Group Policy, etc.
• Document platform technical issues, analysis, communications, and resolutions as reference for future issue resolution in SharePoint, Confluence, ServiceNow or similar medium.
• Develop documentation such as knowledge articles, How-to documents, and presentations for large audiences.
• Provide technical assistance, support, and troubleshooting for IAM-related issues.
• Support team during incident management, problem management, and disaster recovery activities

What we're looking for:

• 5+ years of hands-on technical experience with Active Directory and Entra ID (Azure AD) in enterprise environments
• 4+ years supporting and implementing AD security, auditing, monitoring, and recovery solutions (e.g., identity threat detection, change auditing, privileged access monitoring, backup/recovery tools such as CrowdStrike IDP, Semperis, or similar)
• 4+ years of hands-on technical experience in Identity and Access Management (IAM) on Active Directory
• 3+ years of experience with IAM tools and platforms (Okta, Ping, Centrify, etc.)
• 3+ years writing code and automation scripts (PowerShell, Python, .NET, JavaScript, etc.)
• 2+ years performing AD domain cleanups, domain/forest recovery, DNS management, Group Policy, gMSA, and security group administration
• Experience with Azure AD / Entra ID Governance, Conditional Access, cloud identity federation (SAML, OIDC, OAuth), and hybrid identity solutions
• Experience with AWS IAM and Google Cloud Platform IAM/Google Workspace identity management
• Familiarity with cloud-native directory services (AWS Directory Service, Google Managed Microsoft AD)

Soft Skills

• Problem-solving mindset with a focus on delivering secure solutions
• Self-starter: proactive, motivated, resourceful, takes ownership, embraces challenges, and strives for excellence
• Strategic thinker with the ability to drive business outcomes
• Excellent written and verbal communication skills; cross-functional team engagement, documentation, and electronic communication
• Commitment to continuous learning and professional development in cloud, automation, and AI technologies 

Additional experience that would be good to have:

• Scripting and automation in cloud environments (AWS CLI, Azure CLI, Google Cloud Platform SDK)
• Familiarity with databases (SQL, Oracle) and directory protocols (LDAP, Kerberos, NTLM)
• Experience with AD migrations, upgrades, and domain restructuring
• AD security best practices, auditing, privileged access management, and incident response
• Certificate Services (AD CS), PKI fundamentals, and certificate lifecycle management
• AI/ML experience for identity analytics, anomaly detection, or automation (e.g., using AI for access reviews, threat detection, or workflow automation)
• Familiarity with identity-related AI tools and platforms
• Relevant certifications (CISSP, CISM, cloud security certifications) are a plus

Why Join Us?

• Opportunity to shape the direction of identity and directory services in a global enterprise
• Work with cutting-edge IAM, cloud, and security technologies

Collaborative, innovative, and growth