Senior Infosec Identity Engineer

Full Job Description

Essential Functions

• Take a lead role in the delivery of BAU Identity and Access management operations.
• Participate in the design, installation, maintenance, upgrades, and troubleshooting of applications and tools directly impacting the InfoSec Identity service deliverables.
• Active Directory (AD), Azure Active Directory/Entra ID :
• Analyze, design, implement, and support the hybrid on-premises and cloud Active Directory environment.
• Collaborate with business and technical partners to integrate systems and applications with centralized authentication using AD.
• Implement security baselines and recommended best practices for AD.
• Provide subject matter expertise on Azure AD and Entra ID.
• Support and maintain Entra ID Enterprise Applications and other integrated solutions
• Collaborate closely with global cross-functional teams to ensure stability and security.
• Support synchronization and federation between on-premises AD, Azure AD, and Entra ID.
• Troubleshoot and optimize synchronization processes to maintain consistency across environments.
• Privileged Management (PIM, PAM, and Endpoint Privilege Management) :
• Implement time-based and approval-based role activation to mitigate risks associated with privileged accounts.
• Administer PAM platforms, including Centrify, CyberArk, and Quest Active Roles Server.
• Design and implement controls for managing privileged access on endpoints (Windows, macOS, Linux).
• Collaborate with system administrators and security teams to enforce least privilege principles.
• Implement and manage role-based access control (RBAC) for various systems and applications.
• Define and enforce group-based access policies to elevate privileges when necessary.
• Identity Governance and Administration (IGA) :
• Contribute during phases of design, configuration, deployments, and operations in the area of IAM.
• Work on access management, identity governance, and identity management solutions.
• AWS Identity and Azure Identity :
• Leverage AWS Identity and Access Management (IAM) and Azure Active Directory for secure cloud identity management.
• Integrate IAM policies and roles with AWS services and Azure resources.
• Develop and maintain integrations between Entra ID and Linux-based systems.
• Ensure seamless authentication and authorization for Linux users.
• Automation of User and Device Onboarding/Offboarding :
• Develop and maintain scripts or workflows to automate user and device provisioning and deprovisioning.
• Streamline the onboarding and offboarding processes to enhance efficiency and security.
• Application Certification and Secret Lifecycle Management :
• Collaborate with application owners to certify and manage access to critical applications.
• Ensure secure handling of application secrets (API keys, passwords, etc.) throughout their lifecycle.
• Participate in on-call rotation, providing 24x7 escalation capabilities
• Participation within incident response efforts as Incident Commander.
• Other duties as assigned or directed.

Education, Experience, and Skills required

• Proven experience as a Senior Active Directory/Entra ID Engineer or similar role with a 5 to 8 years of experience.
• Advanced knowledge of Active Directory, Azure Active Directory/Entra ID, Lightweight Directory Access Protocol (LDAP).
• Familiarity with PIM, PAM, and IGA concepts.
• Experience with endpoint privilege management, AWS IAM, Azure AD, and Linux integration.
• 1+ years of experience with cloud infrastructure, networking and security, preferably with AWS and Azure. Platform certification are a plus.
• Experience with orchestration and automation solutions utilizing a variety of API’s, scripting languages or commercial orchestration tools.
• Experience with creating and reviewing workflow processes and technical documentation.
• Comfortable with mentoring other team members, providing guidance and direction during incident response and engineering efforts.
• Familiarity with regulations and frameworks such as NIST, PCI, SOC, HIPAA, SSAE 16/SOC 1, SOC 2, ISO 17799/27002
• Preferred but not required:
• Bachelor’s degree in CyberSecurity, computer science, Information Technology or related field or equivalent work experience
• Relevant Microsoft certifications such as Microsoft Certified: Identity and Access Administrator Associate, Microsoft Certified: Azure Security Engineer Associate, or other industry certifications (e.g., CISSP, CISM, CompTIA Security+).
• Certifications including but not limited to: CISSP – Certified Information
• Systems Security Professional, CISM – Certified Information Security
• Manager, ISSAP – Information Systems Security Architecture Professional,
• CEH – Certified Ethical Hacker, AWS Certified Solution Architect