IAM Engineer

Job title:- IAM Engineer
Location:- Boston, MA 02210 
Duration:- 12 Months
 
Job Description:-
Qualifications:

• The IAM Engineer will play a critical role in modernizing the organization’s identity and directory services as we transition from a traditional, on-premises Active Directory (AD)–centric model to a cloud-first identity architecture. This role will lead and support initiatives to simplify, consolidate, and rationalize AD infrastructure while reducing overall reliance on legacy directory services in favor of modern cloud identity platforms such as Microsoft Entra ID.
• This position blends hands-on engineering, design, and cross-team collaboration to enable secure, scalable, and resilient identity services aligned with Zero Trust and cloud transformation objectives.
• Strong hands-on experience with Microsoft Active Directory, including domain/forest architecture, Group Policy, DNS integration, trusts, and identity lifecycle management.
• Demonstrated experience designing or operating hybrid identity solutions involving Active Directory and Microsoft Entra ID (Azure AD).
• Practical knowledge of modern cloud identity concepts, including conditional access, identity governance, least-privilege access, and Zero Trust architectures.
• Solid understanding of authentication and authorization protocols (Kerberos, LDAP, SAML, OAuth 2.0, OpenID Connect) and their modern cloud equivalents.
• Experience collaborating across infrastructure, security, and application teams in a complex enterprise environment.
• Strong documentation and communication skills, with the ability to produce clear architecture diagrams, design documents, and implementation guidance.
• Familiarity with enterprise-scale security strategies and governance frameworks.

 
Responsibilities:

• Lead the modernization, consolidation, and rationalization of Active Directory environments, including domain/forest design, trust models, and directory hygiene initiatives.
• Design and implement strategies to reduce organizational dependence on Active Directory by shifting authentication, authorization, and identity governance workloads to cloud-native platforms (e.g., Microsoft Entra ID).
• Partner with security, infrastructure, and application teams to enable modern authentication methods (passwordless, phishing-resistant MFA, conditional access) and minimize legacy protocol usage.
• Provide technical leadership during migrations to colocation or cloud-adjacent environments, ensuring directory services remain secure, resilient, and supportable during transition phases.
• Define and document target-state identity architectures, design standards, and migration roadmaps aligned with Zero Trust and cloud security principles.
• Serve as a trusted technical advisor to stakeholders, translating complex identity and directory challenges into actionable solutions and implementation plans.
• Contribute to operational excellence by improving automation, monitoring, and lifecycle management for identity services.