Job Title Senior IAM Engineer - Global Identity Integration
Location Dallas, Texas- Onsite
Duration- 12 months + Extension
Description
We are looking for a deep technical IAM specialist with strong hands-on experience in Microsoft Entra ID (Azure AD). The ideal candidate brings expertise across authentication, authorization, multi-tenant architecture, privileged access, Microsoft Graph API, and backend identity service development. This role partners closely with teams in Japan and the US to deliver global identity integration, lifecycle management, and security operations. Can work independently to engineer, configure, automate, and improve enterprise identity solutions.
KEY RESPONSIBILITIES:
• Conditional Access & Authentication: Engineer, configure, and continuously refine Conditional Access policies, authentication strengths, named locations, and sign-in session controls to enforce adaptive, risk-aware security at scale.
• Entra Application Management: Own Entra application registrations end-to-end: configure OAuth 2.0/OIDC/SAML integrations, manage API permissions and consent, maintain service principals, and govern enterprise SSO applications.
• Multi-Tenant & B2B Guest Management: Configure and maintain multi-Entra tenant environments including cross-tenant access policies, cross-tenant synchronization, and B2B guest identity lifecycle from provisioning through offboarding.
• Cross-Tenant Synchronization: Enhance and maintain user synchronization processes from local tenants to a centralized federated tenant, ensuring identity fidelity and a seamless user experience across environments.
• SCIM & Identity Lifecycle: Implement and maintain SCIM-based provisioning integrations for SaaS and custom applications, troubleshoot provisioning cycles, and ensure accurate attribute mapping for automated identity lifecycle operations. Develop and manage backend services for user provisioning and identity lifecycle operations.
• Microsoft Graph API: Utilize the Microsoft Graph API extensively to query, manage, and automate identity objects, policies, app registrations, group memberships, audit logs, and lifecycle operations across the tenant.
• Backend Identity Services: Design and build server-side services for authentication, token issuance, and policy enforcement across applications and platforms. Build custom APIs, extensions, and self-service portals leveraging Azure AD capabilities.
• PIM, PAM & RBAC: Administer and refine PIM (Privileged Identity Management) role assignments, activation policies, and access reviews; support PAM tooling integrations for privileged session and credential management.
• Strong MFA & Authentication Standards: Enforce and expand phishing-resistant MFA coverage across user and workload identities, including FIDO2, Certificate-Based Authentication (CBA), and Microsoft Authenticator; manage authentication method policies and exception handling.
• Risk-Based & Identity Protection Controls: Tune and operate risk-based Conditional Access policies using Identity Protection signals (sign-in risk, user risk), continuous access evaluation, and adaptive policy triggers to reduce exposure.
• Legacy Modernization: Modernize legacy identity tools with automated, scalable solutions for access control and lifecycle management.
• Automation & Scripting: Automate identity-related processes and tasks using PowerShell, Python, and Microsoft Graph API integrations.
• Global Collaboration: Work closely with teams in Japan and the US to support global identity integration, operations, and transitions. Serve as a cross-functional partner bridging business requirements with IAM technical delivery.
• Documentation & Operational Rigor: Document configurations, write runbooks, build knowledge base articles, and maintain IAM operational guides to ensure repeatability and audit readiness.
Never miss an opportunity! Create an alert based on the job you applied for.