IAM Engineer
iManage · Chicago, IL · 5 days ago
HybridEngineering$90k–$115k/yrFull-time
About the role
We offer a flexible working policy that supports a healthy balance between personal and professional well-being. This role requires in-office presence on Tuesdays & Thursdays to collaborate, connect, and learn from peers - while also maintaining the flexibility for meaningful work-life balance.
Responsibilities
- Owning IAM infrastructure across the iManage environment: identity federation, SSO, directory services, and PAM via CyberArk.
- Designing and maintaining SSO integrations for SaaS applications using SAML 2.0, OAuth 2.0, OIDC, and SCIM.
- Administering Entra ID as the primary identity provider: user lifecycle, group management, app registrations, and conditional access.
- Configuring and maintaining Entra ID PIM, Identity Protection, entitlement management, and access reviews.
- Automating user lifecycle management (provisioning, deprovisioning, access reviews) via PowerShell, Graph API, and Entra ID Governance.
- Enforcing zero-trust principles, least-privilege access, and RBAC policies across the environment.
- Monitoring sign-in activity, risky users, and identity alerts; remediating in line with internal SLAs.
- Managing MFA policies including Conditional Access controls, authentication methods, and exception handling.
- Governing service account lifecycle: creation standards, CyberArk vaulting, credential rotation, and decommissioning.
- Maintaining documentation for IAM configurations, access policies, runbooks, and SOPs.
- Leading IAM incident response, performing root cause analysis, and implementing preventive controls.
- Supporting JML automation in partnership with Dayforce to ensure timely access changes across the employee lifecycle.
- Managing break-glass accounts including regular review, audit logging, and alerting.
- Providing on-call coverage for identity incidents and participating in scheduled IAM maintenance windows.
Qualifications
- 5+ years of experience in infrastructure or systems engineering with a primary focus on identity and access management.
- Deep hands-on expertise with Microsoft Entra ID including conditional access, PIM, Identity Protection, entitlement management, and access reviews.
- Demonstrated experience designing and maintaining SSO integrations for SaaS applications using SAML 2.0, OAuth 2.0, OIDC, and SCIM.
- Strong scripting capability for IAM automation using PowerShell and Microsoft Graph API; Python or Bash a plus.
- Familiarity with PAM concepts and tooling; experience with CyberArk preferred.
- Foundational networking knowledge (TCP/IP, DNS, DHCP, VPN, firewall basics) sufficient to provide secondary coverage; Palo Alto familiarity a plus.
- Strong communication skills with the ability to convey technical detail clearly to both engineering peers and non-technical stakeholders.
Benefits
- The overall US annual base salary range for this position is $90,000–$115,000 per year.
- Your recruiter will provide further details about the offer range, incentives, and overall compensation during the hiring process.
Pay
The overall US annual base salary range for this position is $90,000–$115,000 per year. Individual compensation for each candidate depends on factors such as qualifications, experience, and candidate location.
Schedule
This is an individual contributor role based in London, working closely with colleagues in Belfast, Chicago, and Bangalore.