Azure ICAM Engineer

We are seeking a Azure ICAM Solutions Engineer to support a Identity, Credential, and Access Management (ICAM) modernization initiative for a federal customer. This role focuses on designing and delivering scalable identity solutions leveraging Microsoft Entra ID and Azure cloud services, translating ICAM requirements into secure, enterprise-ready architectures, and integrating identity capabilities across hybrid and multi-cloud environments.

Key Responsibilities

Azure-Based Solution Design & Integration

• Translate ICAM and mission requirements into Azure-native architectures and implementable solutions
• Design, architect, and deploy identity solutions leveraging Microsoft Entra ID (Azure AD), Azure Active Directory Domain Services, and Azure security services
• Integrate identity and access management capabilities across cloud, hybrid, and on-prem enterprise systems
• Design and implement integrations between Entra ID and enterprise applications, SaaS platforms, APIs, and external identity providers
• Develop secure, scalable identity architectures aligned with Azure Well-Architected Framework and Zero Trust principles

Modern ICAM Engineering (Entra ID Focus)

• Implement and manage Microsoft Entra ID services, including:
  • Conditional Access
  • Identity Protection
  • Access Reviews
  • Lifecycle Workflows
• Configure Single Sign-On (SSO) and federation using SAML, OAuth, and OpenID Connect, with Entra ID as the identity provider
• Design and implement B2E, B2B, and B2C identity scenarios using Entra External ID capabilities
• Support Privileged Identity Management (PIM) and Just-In-Time (JIT) access models
• Develop automation using PowerShell, Azure CLI, ARM/Bicep templates, and REST APIs to manage identity operations

Azure Platform & Security Integration

• Integrate identity solutions with broader Azure services including:
  • Azure Key Vault
  • Azure API Management
  • Microsoft Defender for Cloud
  • Azure Monitor and Log Analytics
• Implement identity-driven security controls across Azure workloads and applications
• Enable centralized logging, monitoring, and alerting using Azure-native tools and Splunk

Collaboration & Delivery

• Coordinate with developers, cloud engineers, architects, and cybersecurity teams to deliver cohesive Azure-based solutions
• Participate in Agile ceremonies, sprint planning, and technical design sessions
• Support system testing including integration, functional, and security validation
• Troubleshoot and resolve identity-related issues across development, staging, and production environments

Security & Compliance Alignment

• Ensure solutions align with federal security requirements, FedRAMP, and Zero Trust architecture
• Implement RBAC, ABAC, and policy-based access controls using Entra ID and Azure governance tools
• Support ATO efforts and ensure compliance with NIST 800-53, NIST SP 800-63, and FICAM frameworks
• Enforce least privilege access using Azure-native identity governance and access controls

Required Qualifications

• U.S. Citizenship required; ability to obtain a Public Trust clearance
• Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience)
• 5+ years of experience in identity and access management, Azure cloud engineering, or cybersecurity
• Hands-on experience designing and implementing Microsoft Entra ID (Azure AD) solutions in enterprise environments
• Strong experience with Azure architecture and cloud-native identity services
• Deep understanding of authentication protocols (SAML, OAuth, OpenID Connect)
• Experience integrating identity solutions with Azure services, SaaS applications, and enterprise systems
• Experience with automation and scripting (PowerShell, Python, REST APIs, Azure CLI)

Preferred Qualifications

• Experience supporting Zero Trust or ICAM modernization initiatives in federal environments
• Hands-on experience with:
  • Azure AD B2C / External ID
  • Microsoft Entra Permissions Management
  • Azure Policy and governance frameworks
• Familiarity with CyberArk or other PAM tools alongside Entra PIM
• Experience integrating with external identity providers (login.gov, ID.me, federation partners)
• Knowledge of DevSecOps and CI/CD pipelines in Azure (Azure DevOps, GitHub Actions)
• Azure certifications (e.g., AZ-104, AZ-305, SC-300, SC-100) strongly preferred