Cyber Identity Administrator
City of Charlotte · Charlotte, NC · 6 days ago
$94k–$135k/yrFull-time
About the role
The Innovation and Technology department for the City of Charlotte is currently recruiting an Identity and Access Management (IAM) administrator.
Responsibilities
- Design, implement, and manage enterprise identity and access management (IAM) solutions across Active Directory, Microsoft Entra ID, and Okta.
- Build, manage, and maintain Active Directory environments, including domain services, replication, and server roles.
- Administer identity lifecycle processes including provisioning, deprovisioning, and role-based access controls across hybrid environments.
- Deploy and integrate Single Sign-On (SSO) solutions between identity providers and SaaS and cloud applications using SAML, OAuth, OpenID Connect, and SCIM.
- Configure and troubleshoot Microsoft Entra App Registrations, Enterprise Applications, Conditional Access Policies, and RBAC models.
- Develop and maintain automation for IAM processes using PowerShell, Okta Workflows, and other scripting tools.
- Manage Group Policy Objects (GPOs) and enforce configuration standards across the enterprise.
- Administer and support hybrid AD and Azure AD environments including directory synchronization and identity federation.
- Deploy and maintain PKI infrastructure including certificate authorities, certificate lifecycle management, SCEP, and NDES integrations.
- Manage certificate services including issuance, renewal, revocation, and enterprise certificate governance.
- Monitor identity systems, analyze logs, respond to alerts, and lead troubleshooting and root cause analysis for identity-related incidents.
- Perform regular access reviews, audits, and remediation of role-based policies and permissions to ensure compliance with CJIS, NIST, and other regulatory frameworks.
- Support Active Directory backup and recovery strategies, including testing and validation of restoration processes.
- Coordinate and execute IT and cybersecurity projects, including remediation plans for audit findings and security gaps.
- Develop documentation, standards, and architectural diagrams for IAM systems and processes.
- Provide guidance and consultation to IT staff and leadership on identity governance, access risk, and automation strategies.
- Perform other related duties as assigned.
Requirements
- Bachelor’s degree in Computer Science, Information Security, Information Systems, or a related field or an equivalent combination of education and relevant work experience.
- 3+ years of experience in Information Technology or Identity and Access Management.
- Or certifications: CISSP, GCIH, or similar cybersecurity certifications.
- Microsoft Identity and Access Administrator Associate certification.
- Okta Certified Professional or Administrator certification.
- 5+ years of experience in Identity and Access Management or related IT roles.
Qualifications
- Strong communication skills and ability to work across cross-functional technical teams.
- Advanced knowledge of Active Directory architecture, including multi-domain and multi-forest environments.
- Strong knowledge of Windows Server administration, including installation, configuration, patching, and hardening.
- Strong knowledge of Group Policy design, administration, and troubleshooting.
- Strong knowledge of DNS and Microsoft DNS configuration and troubleshooting.
- Strong knowledge of Microsoft Entra ID (Azure AD) including identity governance, conditional access, and hybrid identity.
- Strong knowledge of Okta administration, including lifecycle management, federation, and workflow automation.
- Experience with IAM automation using PowerShell, Python, or similar scripting languages.
- Strong understanding of identity lifecycle management, RBAC, and access governance models.
- Knowledge of Zero Trust architecture and modern identity security frameworks.
- Strong knowledge of PKI infrastructure, certificate lifecycle management, and cryptographic best practices.
- Experience with certificate deployment technologies such as SCEP and NDES.
- Knowledge of AD backup and recovery tools and processes.
- Knowledge of hybrid identity synchronization tools and services.
- Strong understanding of SSO protocols including SAML, OAuth, OpenID Connect, and SCIM.
- Knowledge of MFA technologies including TOTP, WebAuthN, and FIDO2.
- Experience with logging, monitoring, and incident response for identity systems.
- Knowledge of cybersecurity frameworks and compliance standards such as CJIS, NIST, and HIPAA.
- Ability to design scalable IAM solutions and improve operational efficiency through automation.
- Strong analytical, troubleshooting, and problem-solving skills.
- Ability to document systems, processes, and architecture for both technical and non-technical audiences.
- Experience with certificate management and enterprise PKI design.
Skills
- Strong communication skills and ability to work across cross-functional technical teams.
- Advanced knowledge of Active Directory architecture, including multi-domain and multi-forest environments.
- Strong knowledge of Windows Server administration, including installation, configuration, patching, and hardening.
- Strong knowledge of Group Policy design, administration, and troubleshooting.
- Strong knowledge of DNS and Microsoft DNS configuration and troubleshooting.
- Strong knowledge of Microsoft Entra ID (Azure AD) including identity governance, conditional access, and hybrid identity.
- Strong knowledge of Okta administration, including lifecycle management, federation, and workflow automation.
- Experience with IAM automation using PowerShell, Python, or similar scripting languages.
- Strong understanding of identity lifecycle management, RBAC, and access governance models.
- Knowledge of Zero Trust architecture and modern identity security frameworks.
- Strong knowledge of PKI infrastructure, certificate lifecycle management, and cryptographic best practices.
- Experience with certificate deployment technologies such as SCEP and NDES.
- Knowledge of AD backup and recovery tools and processes.
- Knowledge of hybrid identity synchronization tools and services.
- Strong understanding of SSO protocols including SAML, OAuth, OpenID Connect, and SCIM.
- Knowledge of MFA technologies including TOTP, WebAuthN, and FIDO2.
- Experience with logging, monitoring, and incident response for identity systems.
- Knowledge of cybersecurity frameworks and compliance standards such as CJIS, NIST, and HIPAA.
- Ability to design scalable IAM solutions and improve operational efficiency through automation.
- Strong analytical, troubleshooting, and problem-solving skills.
- Ability to document systems, processes, and architecture for both technical and non-technical audiences.
- Experience with certificate management and enterprise PKI design.
Benefits
The City of Charlotte provides a comprehensive benefits package to eligible employees. Click here to learn more about the City of Charlotte’s benefits.