Sr. Identity Access Management Engineer

Location: Boston, MA (5 Day Onsite)

Client: Roku

Job Responsibilities

• Lead enterprisewide IAM standardization, including identity lifecycle management, access governance, and policy enforcement across global regions.
• Drive automation across IAM to streamline administration and improve user experience.
• Support onboarding of enterprise applications into Azure Entra ID, including Single SignOn (SSO), Conditional Access, and rolebased access control (RBAC).
• Enhance privileged access management and implement scalable monitoring, alerting, and auditability to support a secure, geographically distributed workforce.
• Collaborate with IT, Networking, and Security teams to troubleshoot identityrelated issues and support global infrastructure initiatives.
• Advance Zero Trust Identity Fabric principles such as continuous verification, leastprivilege access, and identityaware policy enforcement acrossusers, devices, workloads, and nonhuman identities.
• Build identity automation with a DevOps mindset, including scripting, pipeline development, and engineering custom tooling from scratch rather than only configuration.

Job Description

• 8+ years of handson experience in Identity and Access Management and cloud automation, particularly within the Microsoft ecosystem.
• Strong analytical and troubleshooting skills for complex infrastructure and identityrelated issues.
• Excellent communication skills with the ability to explain technical concepts to both technical and nontechnical stakeholders.
• Deep experience with Microsoft Entra ID, including Conditional Access, Identity Governance, and Privileged Identity Management (PIM).
• Familiarity with Microsoft 365 services such as Exchange Online, Defender, Purview, Sentinel, Intune, and related platforms.
• Strong automation and scripting skills using PowerShell, Azure CLI, and Microsoft Graph API.
• Working knowledge of Azure services including Function Apps and Logic Apps.
• Experience onboarding and managing enterprise applications in Azure Entra ID.
• Advanced knowledge of SSO protocols including OAuth2, OpenID Connect, and SAML.
• Experience with privileged access tools (Azure PIM, CyberArk), secrets management (HashiCorp Vault or Azure Key Vault), and workload identitypatterns (SPIFFE & SPIRE).
• Familiarity with NonHuman Identity (NHI) governance, including service accounts and AI agents; exposure to policyascode frameworks such as OPA/Rego.
• Goodtohave familiarity with Microsoft Purview for DLP and data classification.
• Strong understanding of multifactor authentication and FIDO2.
• Familiarity with IT security frameworks and compliance standards.
• Knowledge of logging, monitoring, and alerting practices for identity and access events.
• Basic understanding of email security and DNS.
• Experience with backup and recovery strategies for identityrelated services.
• Understanding of Zero Trust Architecture principles.
• Familiarity with Jira and Confluence.

Education:

• Bachelor's or Master s degree in Computer Science, Computer or Electrical Engineering, Mathematics, or a related field.