IAM Engineer AD & Azure AD Focus

IAM Engineer – AD & Azure AD Focus

Chicago, IL: Hybrid work from home schedule – 2 days WFH; 3 days onsite in the loop (can pick what days you work from home)

Summary:

The IAM Engineer is

is focused on designing, installing, configuring, and managing Active Directory across Windows Desktop and Server environments – in both an Azure AD an on-prem AD environment. You'll be working on a team of 5, and be the 2 nd

most senior person on the team, but the most senior engineer with AD – as such, you'll be owning the AD health, topology, replication, and security baselines. Additionally you'll be designing/implementing domain and forest configurations while promoting DCs. You'll also troubleshoot DNS, DHCP, GPO and trust relationships, and plan/execute migrations and DR/recovery tests.

What you'll be doing (this full list is from an older job description, and may not be as indicative of the true AD responsibilities described above):

Work with the IAM Manager to build out and oversee the IAM function's technical controls and its related activities including planning, solutioning, testing, reporting and delivering IAM services.

Oversee the implementation of all current solutions to ensure they are configured appropriately and are delivering maximum value for the Firm. Review current documentation such as Procedures, run books, and Knowledge Base Articles used by the Service Desk. Review and/or establish Best Practices where applicable

Engage and interact with other IT Departmental Engineers to ensure future efforts (ours and their's) result in continued uninterrupted delivery of all IAM services.

Demonstrate extensive understanding of IAM concepts such as directory services, SSO, federation, MFA, provisioning, access certification, roles and SOD.

The analysis, design, implementation, and maintenance of all layers of IAM applications, including Authorization / Authentication and Account Creation / Management / Provisioning / Retirement in data repositories. Including; strategy, organizational design, process re-engineering and technology implementation.

Functional areas and work experience should include; fine-grained access control, policy driven security, Identity Governance, Access Management, and Privileged access management, user provisioning/de-provisioning, and federation.

Provide support with respect to requirements gathering, project management and delivery of one or more Identity platforms, such as SailPoint (Identity IQ), Okta, and Saviynt.

Serve as the central point of contact for information security and IAM policy and process related issues.

Address Vulnerabilities, Pentest findings and audit issues in a timely manner.

Participate in a 24x7x365 on-call rotation

Stay abreast of industry trends, solution landscape and market conditions and update peers and management accordingly.

Other duties, as assigned.

Skills we're seeking

3+ years of experience in an IAM focused role

Must have strong experience with Active Directory – both on-prem AND Azure AD – which is the most important experience for this role. You must be strong in the following areas here:

Installing/architecting Active Directory, promoting Domain Controllers, configuring domains/forests

Managing directory services across multiple Windows Server environments (physical/virtual)

DNS/DHCP/WINS/Client/ADFS/PKI/GPOs

Directory migration, recovery, security, capacity management

Process automation and improvement in AD workflows

Must have Windows Server experience

Nice to haves (in this order)

Experience with multiple domains/forests

Scripting/Automation experience, ideally with Powershell

Experience with other Azure services

Experience with MS Exchange

Experience with SCCM

Experience with SharePoint

Experience with ITIL, COBIT or other similar frameworks

Experience with other IAM tools (Okta for example)

Bachelor's Degree or Master's Degree in Computer Science or a related field

Relevant certifications