System Administrator, Identity & Access Management
About the Role
Dianthus is growing quickly, and we are looking for a hands-on Systems Administrator with strong Identity and Access Management (IAM) expertise to help us scale securely. You will be the operational owner of our identity platform and access governance program, responsible for "who — and what — has access to what", covering employee, contractor, external partner (B2B), and non-human (service) identities. This is a high impact role where you will shape our identity lifecycle, strengthen our security posture, and support our SaaS and endpoint environment as we prepare for commercial scale.
We are building a culture of individuals who hold our core principles at the center of our operations, with the goal to elevate the care of our patients' lives. We are open to you working remotely.
Key Responsibilities
Own the full identity lifecycle including automated provisioning/deprovisioning, and timely access revocation
Manage external identities: Entra External ID / B2B guest access, cross-tenant collaboration, access packages, and routine guest access reviews
Manage non-human identities: service principles, managed identities workload identities, and service accounts, including credential rotation, secret/certificate lifecycle, federated credentials
Administer ID platform; conditional access policies, new program rollouts, identity protection, risk-based access controls, and Privileged Identity Management (PIM)
Design and operate SSO and SCIM provisioning integrations across the SaaS application portfolio
Lead periodic access reviews and recertification campaigns; maintain least-privilege and role-based access control (RBAC) models across M365, Azure, and SaaS systems
Manage privileged access: break-glass accounts, admin role assignments, just-in-time (JIT) elevation, and segregation of duties
Establish and enforce external collaboration governance: which tenants can collaborate with Dianthus, what data can be shared, how guest accounts are sponsored, and how they are decommissioned
Support IAM audit and compliance evidence collection
Support the response to identity-related security events in partnership with the cyber team
Endpoint, SaaS & End-User Support
Manage the MDM/MAM environment for endpoints: configuration profiles, compliance policies, app deployment, enrollment, and remediation workflows
Administer the Enterprise tenant including license management, security baselines, and DLP policies
Provide day-to-day administration of the SaaS application portfolio, including user and license management, configuration changes, integration health monitoring, and vendor escalations
Deliver escalated technical support to end-users across identity, endpoint, productivity, and SaaS application issues, ensuring a high-quality employee experience
Partner with our managed services provider (MSP) on escalations, projects, and security operations
Experience
Bachelors degree preferred and 4+ years of hands-on systems administration experience, with at least 2 years with explicit IAM responsibility
Strong understanding of IAM principles: identity lifecycle, RBAC, least privilege, separation of duties, access certification, and privileged access management
Experience administering B2B / guest identities and external collaboration controls
Working knowledge of non-human identity management: service principals, managed identities, workload identity federation, and secret/certificate rotation
Experience designing and operating SSO and SCIM provisioning integrations for SaaS applications
Experience with low-code automation platforms for workflow and integration automation
Demonstrated experience providing technical support to end-users, with strong customer service orientation and communication skills
Strong troubleshooting skills and a security-conscious, service-oriented mindset
Experience in a regulated industry preferred (biotech, pharma, healthcare, finance) with exposure to IAM audit controls
Familiarity with GxP / 21 CFR Part 11 requirements for identify and access controls preferred
Experience implementing or operating an Identity Governance & Administration (IGA) solution preferred
Experience with secrets management platforms and integrating them into application workflows preferred
MSC-300 (Identity and Access Administrator) strongly preferred; also MS-102, MD-102, or AZ-104