IAM Engineer (Specialized Consultant - III)
Overview
The Identity and Access Management (IAM) Engineer plays a critical role in modernizing the organization’s identity and directory services as we transition from a traditional, on-premises Active Directory (AD)–centric model to a cloud-first identity architecture. This role leads and supports initiatives to simplify, consolidate, and rationalize AD infrastructure while reducing reliance on legacy directory services in favor of modern cloud identity platforms such as Microsoft Entra ID.
Responsibilities
- Lead the modernization, consolidation, and rationalization of Active Directory environments, including domain and forest design, trust models, and directory hygiene initiatives.
- Design and implement strategies to reduce organizational dependence on Active Directory by shifting authentication, authorization, and identity governance workloads to cloud-native platforms (e.g., Microsoft Entra ID).
- Partner with security, infrastructure, and application teams to enable modern authentication methods such as passwordless authentication, phishing-resistant MFA, and conditional access, while minimizing the use of legacy authentication protocols.
- Provide technical leadership during migrations to colocation or cloud-adjacent environments, ensuring directory services remain secure, resilient, and supportable throughout transition phases.
- Define and document target-state identity architectures, design standards, and migration roadmaps aligned with Zero Trust and cloud security principles.
- Serve as a trusted technical advisor to stakeholders by translating complex identity and directory challenges into actionable solutions and implementation plans.
- Contribute to operational excellence by improving automation, monitoring, and lifecycle management of identity services.
Required Qualifications
- Strong hands-on experience with Microsoft Active Directory, including domain and forest architecture, Group Policy, DNS integration, trusts, and identity lifecycle management.
- Demonstrated experience designing, implementing, or operating hybrid identity solutions involving Active Directory and Microsoft Entra ID (Azure AD).
- Practical knowledge of modern cloud identity concepts, including conditional access, identity governance, least-privilege access, and Zero Trust architectures.
- Solid understanding of authentication and authorization protocols such as Kerberos, LDAP, SAML, OAuth 2.0, and OpenID Connect, including their modern cloud implementations.
- Experience collaborating across infrastructure, security, and application teams within complex enterprise environments.
- Strong documentation and communication skills, with the ability to produce clear architecture diagrams, design documentation, and implementation guidance.
- Familiarity with enterprise-scale security strategies and governance frameworks.
Why Join Us
Drive high-impact identity and security modernization initiatives.
Strengthen the organization’s Zero Trust posture and reduce authentication-related risk.
Maximize the value of cloud security and identity investments.
Help shape the future of enterprise identity and access management in a dynamic, evolving environment.
About Seneca Resources
Seneca Resources is a client driven provider of strategic Information Technology consulting services and Workforce Solutions to government and industry. Seneca Resources is a leading IT services provider with offices in Reston, Virginia, Alabama and Columbia, Maryland that service clients throughout the United States. The key to our success lies within our strong corporate culture which drives our business. We challenge our staff through engaging work, and we reward our staff through competitive compensation, extensive professional training, and excellent opportunities for career advancement. In turn, we look for only the best and brightest to join our team. We are an Equal Opportunity Employer and value the benefits of diversity in our workplace.