Job ID: JOB_ID_8125
Job Overview
We are seeking a highly skilled and experienced IAM Security Engineer/Architect to join our team. This role requires a deep understanding of identity and access management principles, with a strong focus on Azure native tooling. The ideal candidate will have a proven track record in designing, implementing, and managing robust IAM solutions that align with security best practices and compliance requirements.
Key Responsibilities
- Design, implement, and manage Azure native IAM solutions, including Microsoft Entra ID (Azure AD), PIM, Conditional Access, RBAC, and Managed Identities.
- Develop and enforce identity and access policies, ensuring least privilege principles are applied.
- Implement and manage threat protection measures using Entra ID Protection, Microsoft Defender for Identity, and Microsoft Defender XDR.
- Integrate IAM solutions with SIEM/SOAR platforms, specifically Microsoft Sentinel, for monitoring and incident response.
- Utilize Azure Policy, Azure Blueprints, and Azure Automation for posture management and policy enforcement.
- Manage secrets and cryptographic keys using Azure Key Vault, including FIPS 140-2 compliant solutions.
- Implement monitoring and telemetry using Azure Monitor to track sign-in and audit logs, diagnostic settings, and activity logs.
- Collaborate with cross-functional teams to ensure seamless integration of IAM solutions into the overall security architecture.
- Provide technical guidance and mentorship to junior security engineers.
- Stay up-to-date with the latest trends and advancements in IAM and cloud security.
- Contribute to the development of security documentation, runbooks, and access governance procedures.
Required Qualifications
- 7+ years in security engineering/architecture, with 3+ years focused on IAM in Azure using native tooling.
- Deep hands-on experience with Entra ID (Azure AD), RBAC, PIM, Conditional Access, Managed Identities, and Key Vault, including policy design and enforcement at scale.
- Practical knowledge of FedRAMP baselines (Moderate/High), NIST SP 800-53 control families, and audit/assessment processes; experience contributing to SSP/ConMon evidence.
- Strong proficiency in Azure Policy/Blueprints and policy-as-code approaches; experience embedding controls into CI/CD.
- Ability to design high-fidelity detections and automate incident response for identity threats using Sentinel and Logic Apps.
- Excellent documentation and communication skills for control narratives, runbooks, access governance procedures, and executive status reporting.
- Bachelors degree in Information Security, Computer Science, Information Systems, or related field; equivalent experience considered.
Preferred Qualifications
- Experience operating in Azure Government or GCC High tenants and understanding telemetry/control nuances in those environments.
- Background in Zero Trust principles, privileged identity strategy, and secure service-to-service authentication patterns.
- Familiarity with Microsoft Purview and data access governance for sensitive workloads.
- Scripting/automation skills (KQL, PowerShell, Bicep/Terraform basics) to manage identities, enforce policies, and generate evidence.
- Certifications: AZ-500 (Azure Security Engineer Associate), SC-300 (Identity and Access Administrator), SC-200 (Security Operations Analyst), CISSP/CCSP, or equivalent.
Special Requirements
Visa: US Citizen or Green Card Holder; Interview: Video; Requires LinkedIn ID; 4 days onsite required weekly from day one; Location: New York, NY or Pittsburgh, PA
Compensation & Location
Salary: $100 – $150 per year
Location: New York, NY
Recruiter / Company – Contact Information
Recruiter / Employer: Tek pyramids.inc
Email: endra.s@tekpyramids.com
Recruiter Notice:
To remove this job posting, please send an email from
endra.s@tekpyramids.com with the subject:
DELETE_JOB_ID_8125