Job Title: Azure IAM Security Engineer
Location: Pittsburgh, PA 15219 (Onsite)
Duration: 6-12+ Months Contract
** W2-Visa-independent candidates required **
Job Summary:
Must Have Skills:
Azure IAM - Microsoft Entra ID administration, including PIM, JIT elevation, and Conditional Access for privileged roles,RBAC
MFA, Microsoft Sentinel (SIEM), Identity Monitoring, Audit & Compliance, Azure Policy, Management Groups, Managed Identities, Azure AD-based admin configs, Azure Monitor, Log Analytics (KQL)
Secrets Management - Azure Key Vault , Microsoft Graph API, Azure CLI
Required Skills/ Experience:
Deep hands-on expertise with Microsoft Entra ID (Azure AD), Azure RBAC, security groups, PIM, and JIT workflows
Strong Azure Policy and resource configuration: enable managed identities, provision Azure AD admin roles (e.g., Azure SQL), minimize local service keys
Strong authenticator management and MFA for privileged roles (e.g., smartcards, FIDO2 security keys) with enforced session configuration norms
NIST SP 800-53 FedRAMP High controls expertise relevant to IAM
Experience in highly regulated environments (federal/financial services)
Azure-native monitoring/logging for identity/access events (e.g., Entra sign-in/audit logs, Azure Monitor), AAA alignment, and alert routing to service owners/security teams
Access governance and documentation: author/maintain IAM policies/standards/SOPs, conduct periodic access reviews, support audit evidence and control tests
Baseline configuration management and accurate asset/data inventories aligned to enterprise configuration practices
Secret hygiene: eliminate static credentials in code/images; enforce password and authenticator protection
Preferred Skills/ Experience:
Experience aligning Azure IAM/RBAC with internal policies/standards and external frameworks (e.g., SOX, ISO, NIST)
Exposure to application identity design patterns, least-privilege for service principals, and CI/CD controls for secret management (e.g., Key Vault, pipeline secret scanning
Advanced authenticator management
Required Software/ Technology:
Microsoft Entra ID administration, including PIM, JIT elevation, and Conditional Access for privileged roles
Azure RBAC across management group/subscription/resource scopes, custom role design, and enterprise role taxonomy
Azure governance with Azure Policy and Management Groups to enforce least‑privilege guardrails
MFA with strong authenticators (FIDO2 security keys, smartcards) and Microsoft Authenticator configuration
Managed Identities for Azure services and Azure Key Vault integration to eliminate local service keys
Monitoring and logging via Azure Monitor, Activity Logs, Diagnostic Settings, and Log Analytics (KQL)
Security operations integration with Microsoft Sentinel (SIEM) and Microsoft Defender for Cloud
Administration and automation using PowerShell (Az and Microsoft Graph), Azure CLI, and Microsoft Graph API
Inventory and configuration governance using Azure Resource Graph, tagging strategies, and naming conventions
Preferred Software/ Technology:
PowerShell; Azure CLI
Experience with CI/CD and DevSecOps integrations
Required Education/ Certifications
Preferred Education/ Certifications:
Microsoft SC-300 (Identity and Access Administrator)
Microsoft AZ-500 (Azure Security Engineer)
CISSP or CCSP (nice to have)
Never miss an opportunity! Create an alert based on the job you applied for.
