Full Job Description
JOB TITLE: IAM Security Engineer
JOB LOCATION: Remote
WAGE RANGE*: $60-68/hr.
JOB NUMBER: IAM3
REQUIRED EXPERIENCE:
Qualifications
JOB DESCRIPTION
Responsibilities
We are looking for a Principal Security Engineer - Identity Security to lead identity protection initiatives across our hybrid enterprise. This individual will be the technical owner of identity lifecycle security, focused on Microsoft Entra ID (Azure AD), RBAC, conditional access, and privileged access management. You will design and automate resilient identity architectures and lead the enforcement of least-privilege models and Zero Trust Identity frameworks.
Key Responsibilities:
Equal opportunity employer as to all protected groups, including protected veterans and individuals with disabilities
* While an hourly range is posted for this position, an eventual hourly rate is determined by a comprehensive salary analysis which considers multiple factors including but not limited to: job-related knowledge, skills and qualifications, education and experience as compared to others in the organization doing substantially similar work, if applicable, and market and business considerations. Benefits offered include medical, dental and vision benefits; dependent care flexible spending account; 401(k) plan; voluntary life/short term disability/whole life/term life/accident and critical illness coverage; employee assistance program; sick leave in accordance with regulation. Benefits may be subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions. Benefits offered are in accordance with applicable federal, state, and local laws and subject to change at TCM's discretion.
JOB LOCATION: Remote
WAGE RANGE*: $60-68/hr.
JOB NUMBER: IAM3
REQUIRED EXPERIENCE:
Qualifications
- 5+ years of hands-on identity security engineering, with deep expertise in Microsoft Entra ID (Azure AD).
- Strong command of RBAC, PIM, conditional access, SAML, OIDC, OAuth2, and federated identity standards.
- Experienced in developing and deploying automation workflows using PowerShell scripting, Microsoft Graph API integration, and identity focused Terraform modules.
- Advanced understanding of hybrid identity models, AD Connect, and synchronization configurations.
- Knowledge of Zero Trust principles, modern identity threat detection, and access governance.
- Certifications such as SC-300, CIST, CIMP, CIAM, CAMS, Azure Security, CISSP, or credentials with a specialization in Identity and Access Management are strongly preferred.
JOB DESCRIPTION
Responsibilities
We are looking for a Principal Security Engineer - Identity Security to lead identity protection initiatives across our hybrid enterprise. This individual will be the technical owner of identity lifecycle security, focused on Microsoft Entra ID (Azure AD), RBAC, conditional access, and privileged access management. You will design and automate resilient identity architectures and lead the enforcement of least-privilege models and Zero Trust Identity frameworks.
Key Responsibilities:
- Architect and secure Microsoft Entra ID (Azure AD) across federated and hybrid environments with a focus on SSO, conditional access, and authentication flows.
- Lead the deployment of robust RBAC models, JIT access via PIM, and secure provisioning/deprovisioning workflows.
- Automate identity operations using PowerShell, Microsoft Graph API, and Terraform, with emphasis on reproducibility and scalability.
- Enforce identity governance and entitlement management policies across users, apps, and services using Microsoft Entra ID Governance.
- Design and lead implementation of adaptive MFA and passwordless authentication strategies.
- Monitor for identity-based threats including token abuse, account compromise, and privilege escalation.
- Lead identity security incident response and ensure compliance with internal and regulatory policies.
- Collaborate cross-functionally with security, engineering, and compliance teams to enforce identity security across the stack.
Equal opportunity employer as to all protected groups, including protected veterans and individuals with disabilities
* While an hourly range is posted for this position, an eventual hourly rate is determined by a comprehensive salary analysis which considers multiple factors including but not limited to: job-related knowledge, skills and qualifications, education and experience as compared to others in the organization doing substantially similar work, if applicable, and market and business considerations. Benefits offered include medical, dental and vision benefits; dependent care flexible spending account; 401(k) plan; voluntary life/short term disability/whole life/term life/accident and critical illness coverage; employee assistance program; sick leave in accordance with regulation. Benefits may be subject to generally applicable eligibility, waiting period, contribution, and other requirements and conditions. Benefits offered are in accordance with applicable federal, state, and local laws and subject to change at TCM's discretion.
Job Information
Job Category:
Other
Spotlight
Employer
Related jobs
Full Time Branch Ambassador- West Suffolk Area
Capital One
Full Time Branch Ambassador- West Suffolk AreaThe Reimagined Branch Experience:Welcome to a new idea in banking. Here at Capital One, we're redefining how people bank. You see, we believe banking shou...
Jul 20, 2025
COMMACK, NY
Full Time Branch Ambassador- West Suffolk Area
Capital One
Full Time Branch Ambassador- West Suffolk AreaThe Reimagined Branch Experience:Welcome to a new idea in banking. Here at Capital One, we're redefining how people bank. You see, we believe banking shou...
Jul 20, 2025
FARMINGDALE, NY
Part Time Branch Ambassador - Suffolk Areas
Capital One
Part Time Branch Ambassador - Suffolk AreasThe Reimagined Branch Experience:Welcome to a new idea in banking. Here at Capital One, we're redefining how people bank. You see, we believe banking should...
Jul 20, 2025
RONKONKOMA, NY