Identity Security Engineer
United States
Full Time
1 hour ago
$99,750 - $120,225 USD
H1B Sponsor
Key skills
AzurePowerShellAzure ADEntra IDOAuthSAMLIdentity Management
About this role
Role Overview
- Protect the organization’s identity infrastructure by designing, implementing, and operating secure authentication, authorization, and access controls
- Focus on Microsoft Entra ID–centric identity security, including Conditional Access, privileged access, identity lifecycle automation, and identity-driven phishing protection
- Serve as the first responder for identity-based security events and partner closely with Security Engineering and GRC to reduce breach risk while enabling secure business growth
- Design, implement, and maintain secure identity architectures using Microsoft Entra ID
- Manage user, group, device, and service-principal identity lifecycle controls
- Enforce least-privilege access using role-based access control (RBAC)
- Design and operate Conditional Access policies (MFA, device trust, location, risk-based access)
- Implement passwordless and phishing-resistant authentication (FIDO2, TAP)
- Maintain emergency access and break-glass account controls
- Implement and operate Privileged Identity Management (PIM)
- Reduce standing administrative privileges across Entra ID and Azure
- Conduct periodic access and privilege reviews
- Automate joiner/mover/leaver processes using PowerShell and Microsoft Graph
- Support access reviews and entitlement management
- Integrate identity controls with HR and IT provisioning systems
- Design and maintain email authentication controls (SPF, DKIM, DMARC)
- Implement and manage Microsoft Defender for Office 365 anti-phishing policies
- Lead identity-focused response to phishing events: Token revocation and forced sign-out
- Monitor identity-related alerts and risky sign-in activity
- Support investigations involving credential theft or unauthorized access
Requirements
- Hands-on experience with Microsoft Entra ID (Azure AD)
- Strong understanding of Conditional Access, MFA, and PIM
- Proficiency with PowerShell and identity automation
- Working knowledge of SAML, OAuth, OIDC, and modern authentication flows
- Experience supporting security and compliance requirements
- Experience supporting multi-tenant or multi-subsidiary environments
- Familiarity with Microsoft Intune and Microsoft Defender integrations
- Experience implementing passwordless authentication strategies
- Experience managing Defender for Office 365 phishing protections
- Microsoft security certifications (SC-300, AZ-500) or equivalent
Tech Stack
- Azure
Benefits
- Choice of comprehensive medical plans (including two PPO-style plans and a HDHP w/ HSA option)
- Flex spending accounts (FSA)
- Dental and vision plans
- Comprehensive medical, dental and vision benefits extended to spouse / domestic partner and dependent children up to age 26
- 401k with company match and self-directed brokerage account option
- PTO including additional paid time off during the last week of the year
- Company paid life insurance coverage for employees and their eligible dependents
- Short and long-term disability, AD&D coverage
- Professional development opportunities, tuition reimbursement and professional licensing assistance
- Paid parental leave after one year of employment