Identity & Access Management (IAM) Engineer

Role Purpose 

This role focuses on Identity and Access Management (IAM) across Microsoft 365 and Azure, ensuring that identities, roles, and access are correctly provisioned, governed, monitored, and reviewed in line with Zero Trust principles and regulatory requirements. The position is centered on Microsoft Entra ID (Azure AD), Conditional Access, Privileged Identity Management (PIM), Access Reviews, SSO/App Registrations, and identity lifecycle automation. The M365 Security Admin (IAM) partners with Security, IT, and business stakeholders to maintain a secure, compliant, and user friendly identity platform and to continuously improve posture through policy hardening, access rightsizing, and automation. 

Responsibilities 

Identity & Access Operations 

• You will administer Entra ID tenants including users, groups, roles, and directory settings in accordance with least privilege and Zero Trust principles. 

• You will implement and maintain Conditional Access policies for MFA enforcement, session controls, device/network conditions, and risk based access. 

• You will manage Privileged Identity Management (PIM) for just in time elevation, approval workflows, and access expiry for privileged roles. 

• You will configure and operate Access Reviews, Entitlement Management, and group lifecycle to right size access and remove excessive entitlements. 

• You will manage identity lifecycle processes (joiner, mover, leaver), including automated provisioning/deprovisioning with HRIS and SCIM enabled apps. 

• You will support single sign on (SSO) for SaaS and line of business apps using SAML/OIDC/OAuth and maintain application registrations and enterprise app configurations. 

• You will administer service principals, manage identities, API permissions, and consent workflows in line with security guidelines. 

• You will maintain secure self service capabilities (SSPR, group management, app request catalogs) with appropriate guardrails and logging. 

Governance, Security & Compliance 

• You will define and enforce IAM standards, RBAC models, naming conventions, and separation of duties (SoD) safeguards across M365 and Azure. 

• You will monitor identity risk signals (Identity Protection), remediate risky users/sessions, and tune policies to reduce business disruption. 

• You will coordinate periodic access certifications with control owners and auditors, producing evidence for regulatory and internal audits. 

• You will implement data access governance in collaboration with Security and Purview teams to protect sensitive information across SharePoint, OneDrive, and Teams. 

• You will document IAM processes, runbooks, diagrams, and configuration baselines to ensure repeatability and audit readiness. 

Automation, Monitoring & Support 

• You will automate IAM tasks using PowerShell, Microsoft Graph, and workflow platforms to reduce manual effort and error rates. 

• You will monitor identity related alerts, sign in logs, audit logs, and conditional access insights to detect anomalies and improve posture. 

• You will troubleshoot access issues across applications, endpoints, and networks, collaborating with Security, Workplace, and Application teams. 

• You will contribute to incident response for identity related events, including containment actions, RCA documentation, and control enhancements. 

• You will stay current on Microsoft identity features and roadmap, and you will recommend changes that improve security, compliance, and user experience. 

Collaboration & Service Enablement 

• You will partner with app owners to onboard applications to Entra ID with secure SSO, provisioning, and role design. 

• You will work with HR, Legal, Audit, and business stakeholders to align IAM controls with policy, privacy, and regulatory requirements. 

• You will provide clear guidance and enablement to helpdesk and end users on MFA, SSPR, and access request processes. 

Skills 

Required 

• You should have 4–6+ years of experience in Identity and Access Management or Microsoft 365 administration within enterprise environments. 

• You should have strong hands on experience with Microsoft Entra ID (Azure AD) including users, groups, roles, app registrations, enterprise apps, and SSO. 

• You should have proven experience implementing and supporting Conditional Access, MFA, session controls, and device based access policies. 

• You should have practical experience with Privileged Identity Management (PIM), eligible/active role assignments, and approval workflows. 

• You should have experience running Access Reviews, Entitlement Management, and governance of security groups/M365 groups/teams. 

• You should have proficiency with PowerShell and Microsoft Graph for IAM automation, reporting, and configuration management. 

• You should understand Zero Trust, least privilege, and separation of duties principles and their application in M365/Azure. 

• You should have strong troubleshooting skills across authentication/authorization (SAML, OIDC, OAuth), conditional access outcomes, and sign in failures. 

• You should have the ability to communicate clearly with both technical and nontechnical audiences and to document standard operating procedures. 

• You should have fluent English, written and spoken.