Jobs · Engineering · New Jersey

Senior Identity and Access Management Engineer

BioSpace · Bridgewater, NJ · 3 wk ago
Engineering$133k–$173k/yrFull-time

About the role

The Senior Identity and Access Management (IAM) Engineer will be responsible for the implementation, administration, and continuous improvement of Insmed's enterprise identity services across Active Directory, Microsoft Entra ID, and federated multi-cloud and SaaS platforms. This role ensures identity systems operate in a secure, resilient, compliant, and audit-ready state while enabling modern authentication, automated lifecycle management, and least-privilege access. The position partners closely with Cybersecurity, Infrastructure & Operations, Enterprise Applications, Computer System Validation (CSV), and Quality Assurance (QA) teams to maintain a validated identity environment that supports regulatory requirements, operational resilience, and enterprise identity modernization initiatives. This role is accountable for centralized identity, authentication, and federation across platforms.

Responsibilities

  • Administer and support Active Directory Domain Services and Microsoft Entra ID, including user, group, and device identity management.
  • Manage hybrid identity synchronization using Entra ID Connect / Cloud Sync, including troubleshooting provisioning and synchronization issues.
  • Maintain directory health, replication, security configuration, and access governance controls. Implement and maintain SSO integrations using SAML, OIDC, OAuth, and LDAP.
  • Configure and manage Conditional Access, Multi-Factor Authentication (MFA), and passwordless authentication policies. Support Privileged Identity Management (PIM) and enforce least-privilege access controls.
  • Implement automated Joiner-Mover-Leaver lifecycle processes and identity governance workflows.
  • Maintain federation between Active Directory, Microsoft Entra ID, AWS, GCP, and enterprise SaaS platforms. Troubleshoot authentication, federation, and provisioning issues across hybrid environments.
  • Support identity integrations with enterprise platforms such as Workday, ServiceNow, AWS, Microsoft 365, and regulated applications.
  • Partner with Cybersecurity to codify rules & investigate identity-related alerts around suspicious authentication activity, and access anomalies. Participate in incident response activities related to credential compromise or privileged access misuse. Implement identity security controls aligned with Zero Trust principles and enterprise security standards.
  • Develop, maintain, and test identity platform disaster recovery (DR) and business continuity procedures. Validate backup, restore, and failover capabilities for directory services.
  • Develop and maintain automation using PowerShell, Microsoft Graph, or scripting to reduce manual provisioning and touchpoints.

Requirements

  • Minimum of Bachelor’s degree in Information Technology, Computer Science, or related discipline as well as 8+ years of experience supporting enterprise Identity & Access Management or Directory Services.
  • Strong hands-on experience with Active Directory (users, groups, GPOs, trusts, replication, and security administration).
  • Hands-on experience with Microsoft Entra ID administration and hybrid identity design.
  • Experience implementing SSO, MFA, Conditional Access, and identity lifecycle automation.
  • Working knowledge of authentication and federation protocols (SAML, OAuth, OIDC, LDAP).
  • Experience maintaining hybrid identity environments using Entra Connect or Cloud Sync.
  • Hands-on experience supporting identity federation across AD, Entra ID, AWS, and GCP.
  • Experience supporting identity security operations, incident response, or resilience planning.
  • Experience across Okta and Microsoft Entra ID.
  • Experience in Life Sciences, Pharmaceutical, or other GxP-regulated environments.
  • Familiarity with Microsoft 365 security and compliance capabilities.
  • Experience automating identity workflows using PowerShell or Microsoft Graph API.
  • Microsoft certifications such as: Identity and Access Administrator Associate, Azure Administrator Associate, and/or Windows Server / Active Directory.

Qualifications

  • Hybrid role based out of our Bridgewater, NJ office.
  • Minimal travel expected.

Similar jobs