Need candidates to be onsite 4 days a week in either of these locations : NYC,NY/San Francisco, CA/Richmond, VA/ Dallas, TX/Chicago,IL, Boston, MA, Atlanta, GA/ Philadelphia,PA/ Cleveland,OH/St Louis,MO/Minneapolis, MN.
Job Description:
The Senior IAM Engineer will play a critical role in modernizing the identity and directory services. Our
plan is to transition from a traditional, on-premises Active Directory (AD)-centric model to a cloud-first
identity architecture. This role will lead and support initiatives to simplify, consolidate, and rationalize
AD infrastructure while reducing overall reliance on legacy directory services in favor of modern cloud
identity platforms such as Microsoft Entra ID. This position blends hands-on engineering, design, and
collaboration to enable secure, scalable, and resilient identity services aligned with Zero Trust and cloud
transformation objectives.
Responsibilities:
Lead the modernization, consolidation, and rationalization of Active Directory environments,
including domain/forest design, trust models, and directory hygiene initiatives.
Design and implement strategies to reduce organizational dependence on Active Directory by
shifting authentication, authorization, and identity governance workloads to cloud-native platforms
(e.g., Microsoft Entra ID).
Partner with security, infrastructure, and application teams to enable modern authentication
methods (passwordless, phishing-resistant MFA, conditional access), and minimize legacy protocol
usage.
Provide technical leadership during migrations to colocation or cloud-adjacent environments,
ensuring directory services remain secure, resilient, and supportable during transition phases.
Define and document target-state identity architectures, design standards, and migration roadmaps
aligned with Zero Trust and cloud security principles.
Serve as a trusted technical advisor to stakeholders, translating complex identity and directory
challenges into actionable solutions and implementation plans.
Contribute to operational excellence by improving automation, monitoring, and lifecycle
management for identity services.
Requirements
Required Experience:
A minimum of eight years of experience with Microsoft Active Directory, including domain/forest
architecture, Group Policy, DNS integration, trusts, and identity lifecycle management
Demonstrated experience designing or operating hybrid identity solutions involving Active Directory
and Microsoft Entra ID (Azure AD)
Practical knowledge of modern cloud identity concepts, including conditional access, identity
governance, least-privilege access, and Zero Trust architectures
Knowledge and expertise of authentication and authorization protocols (Kerberos, LDAP, SAML,
OAuth 2.0, OpenID Connect) and their modern cloud equivalents
Experience collaborating across infrastructure, security, and application teams in a complex
enterprise environment
Strong documentation and communication skills, with the ability to produce clear architecture
diagrams, design documents, and implementation guidance
Familiarity with enterprise-scale security strategies and governance frameworks
Never miss an opportunity! Create an alert based on the job you applied for.
