Senior Azure IAM Cloud Engineer (SME)

Summary: The Senior Azure IAM Cloud Engineer (SME) role requires an expert in Identity and Access Management (IAM) within Microsoft Azure and hybrid cloud environments. The position involves designing, implementing, and maintaining Azure Active Directory configurations while providing technical leadership and ensuring compliance with security regulations. The engineer will also serve as a trusted advisor for IAM strategy and collaborate with various IT and security teams. This role is remote and classified as outside IR35.

Key Responsibilities:

• Act as the subject matter expert (SME) for Identity and Access Management (IAM) within Microsoft Azure and hybrid cloud environments.
• Design, implement, and maintain Azure Active Directory (AAD) and Entra ID configurations including authentication, authorization, and conditional access policies.
• Provide technical leadership in IAM solutions, guiding junior engineers and collaborating across IT and security teams.
• Ensure compliance with security, governance, and regulatory requirements (e.g., SOX, GDPR, HIPAA).
• Serve as a trusted advisor for IAM strategy, roadmaps, and integration with enterprise applications.
• Configure and manage Azure AD, Entra ID, ADFS, Azure AD B2B/B2C, and hybrid identity (Azure AD Connect, federation, synchronization).
• Implement role-based access control (RBAC), Privileged Identity Management (PIM), and Just-in-Time (JIT) access.
• Build, maintain, and optimize conditional access policies, MFA, password less authentication, and risk-based sign-ins.
• Integrate SaaS and on-premises applications with Azure AD via SAML, OAuth, OIDC, SCIM.
• Manage service principals, managed identities, API permissions, and certificates for secure app integrations.
• Conduct regular access reviews, entitlement recertifications, and least privilege enforcement.
• Support Zero Trust architecture and ensure IAM aligns with organizational security strategy.
• Monitor identity logs and signals for anomalies using Azure AD Identity Protection, Microsoft Defender for Identity, and Sentinel.
• Partner with InfoSec teams for identity threat detection, incident response, and remediation.
• Develop automation and scripts (PowerShell, Graph API, Terraform, Bicep) to streamline IAM operations.
• Maintain and improve IAM workflows, provisioning/de-provisioning processes, and lifecycle management.
• Troubleshoot and resolve authentication, federation, SSO, and access issues across platforms.
• Work with application and infrastructure teams to onboard apps securely into Azure AD.
• Provide mentorship and guidance to IAM engineers and analysts.
• Act as liaison with auditors and compliance teams to demonstrate IAM controls and evidence.
• Drive continuous improvement and innovation in IAM practices, tools, and standards.

Key Skills:

• Expertise in Identity and Access Management (IAM) within Microsoft Azure.
• Proficient in Azure Active Directory (AAD) and Entra ID configurations.
• Strong understanding of security, governance, and regulatory compliance (SOX, GDPR, HIPAA).
• Experience with role-based access control (RBAC) and Privileged Identity Management (PIM).
• Knowledge of automation tools and scripting (PowerShell, Graph API, Terraform, Bicep).
• Ability to mentor and lead junior engineers.
• Strong analytical and problem-solving skills.
• Excellent communication and collaboration abilities.

Salary (Rate): undetermined

City: undetermined

Country: USA

Working Arrangements: remote

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT