Senior DevOps Engineer – Identity & Access Management (IAM)

In this role, you will be a key member of the team that manages user identities and provides appropriate access to resources across all of product infrastructure. You will move beyond legacy on-premise operations to build our next-generation, cloud-native identity fabric.

The goal is to establish Microsoft Entra ID as the central control plane, ingesting identity information from corporate systems and applying automated roles and policies to govern access to our multi-cloud production environment (Azure & GCP). Automation is your primary deliverable: you will help build robust JML (Joiner-Mover-Leaver) workflows and manage RBAC as code to ensure systems are secure by default, providing engineers with a seamless, self-service experience.

Responsibilities:

• Design and automate identity lifecycles: Architect and build end-to-end Joiner, Mover, and Leaver (JML) workflows using Microsoft Entra ID, Lifecycle Workflows, and custom automation to ensure zero-touch provisioning and immediate de-provisioning.
• Implement Identity as Code: Manage all Role-Based Access Control (RBAC), Conditional Access policies, and PIM configurations using Terraform and version control systems.
• Engineer Modern Access Controls: Implement advanced Entra features such as Privileged Identity Management (PIM), Just-in-Time (JIT) access, and Workload Identity Federation in a robust and scalable manner.
• Develop Automation Tooling: Write production-quality code (Python, or PowerShell) to interact with the Microsoft Graph API for complex identity tasks that cannot be solved via native configuration alone.
• Partner Cross-Functionally: Collaborate with security, compliance, and engineering teams to ensure that all automated access activities are logged, monitored, and properly audited.
• Mentorship & Trends: Evaluate new Entra ID features (Governance, Verified ID, etc.) for adoption and mentor junior engineers in IaC and automation best practices.
• Operational Support: Participate in an on-call rotation schedule to support the identity platform.

What You Bring:

Basic Qualifications:

• Bachelors in Computer Science, Electrical Engineering, Information Systems, or equivalent.
• 5+ years of development or engineering experience with a specific focus on Identity and Access Management (IAM).
• Deep expertise in Microsoft Entra ID (formerly Azure AD):
• Configuring and managing Enterprise Applications and App Registrations.
• Designing and implementing Conditional Access Policies.
• Managing Entra ID Governance and PIM.
• Infrastructure as Code (IaC) Mastery: Proven experience writing and managing complex Terraform modules to deploy RBAC assignments, custom roles, and cloud resources.
• JML Automation Experience: A proven track record of designing and coding automated workflows for user lifecycle management (Joiners, Movers, Leavers).
• Strong Coding Skills: Proficiency in Python, Go, or advanced PowerShell with extensive experience interacting with REST APIs (specifically Microsoft Graph API).
• Protocol Knowledge: Strong understanding of modern authentication protocols including OIDC, OAuth2, and SAML.

Preferred Skills:

• Masters in Computer Science.
• Microsoft Security/Identity Certifications (e.g., SC-300: Identity and Access Administrator, AZ-500).
• Experience synchronizing identities across multi-cloud environments (Azure and GCP).
• Experience converting legacy Active Directory group-based access into dynamic, attribute-based access controls in the cloud.
• Experience with CI/CD pipelines (GitHub Actions, Azure DevOps) for deploying Identity-as-Code.
• Understanding of the underlying infrastructure of systems at scale, including load balancing and certificate infrastructure.
• Demonstrated experience working with multiple vendors in the identity ecosystem.