Identity and Access Management ("IAM") Engineer

Identity and Access Management ("IAM") EngineerCooley is seeking an IAM Engineer to join the Security team.Position summary: Cooley Technology embraces a culture of customer service excellence, and all members of the department are expected to move this agenda forward. To that end, the Technology Identity and Access Management ("IAM") Engineer works independently and serves as a key contributor in designing, implementing, and operating secure, compliant, and scalable identity services. This role supports the firm's IAM program across Entra ID (Azure AD), Privileged Access Management, Active Directory, SSO/MFA/Conditional Access, Identity Governance processes, Cloud Identity (AWS), and Certificate Lifecycle Management. The position partners closely with Cybersecurity, Innovation and Technology teams, HR, as well as business stakeholders to deliver reliable identity capabilities that protect firm data and enable business operations. Specific duties include, but are not limited to, the following:Position responsibilities:Deliver and operate IAM capabilities across provisioning, authentication, authorization, and identity lifecycle processesAdminister and improve Microsoft Entra ID (Azure AD) and on-prem Active Directory including account lifecycle management, group/role administration, delegations, and directory hygieneImplement and support Single Sign-on (SSO), Multi Factor Authentication (MFA), and Conditional Access controls, ensuring authentication standards are applied consistently and exceptions are documented and governedEngineer and maintain identity integrations for SaaS and on-prem applications, including federation and enterprise application configurationsSupport the Privileged Access Management (PAM) program by onboarding privileged identities, implementing credential protection and rotation workflows, supporting access approvals and break-glass proceduresExecute identity governance workflows such as joiner/mover/leaver workflows, access requests, access reviews, exception handling, and remediation activities in coordination with IAM leadership and HR/Technology stakeholdersImplement cloud identity solutions using secure access patterns for human and workload identities, aligned to firm standards and least privilegeContribute to certificate lifecycle management efforts, including inventory support, ownership mapping, issuance/renewal processes, and automation initiativesImplement, manage and maintain internal and external certificate platformsAutomate and standardize IAM operations through scripting or other automation workflows to improve efficiency, consistency, and reliabilityMonitor IAM systems and access posture for issues or anomalies and partner with Cyber Security and other Technology teams to resolve findingsDevelop and maintain clear documentation, procedures, and runbooks for IAM systems and integrationsParticipate in on-call rotation and after-hours support, as requiredAll other duties as assigned or requiredSkills & experience:Required:After orientation at Cooley LLP, exhibit proficiency in the Microsoft Office suite, iManage and other firm applicationsAbility to work extended and/or weekend hours, as requiredAbility to travel, as required4+ years of progressive IAM/directory/authentication or relevant experience in an enterprise environment. Senior level candidates must have 5+ years' directly applicable experience.Hands-on experience with Entra ID (Azure AD) and Active Directory administration, including identity lifecycle management and enterprise account administrationHands-on experience implementing and supporting SSO/MFA/Conditional Access controlsExperience with identity and access protocols such as SAML, OAuth, OpenID Connect, LDAP, and SCIMExperience supporting or engineering Privileged Access Management (PAM) workflowsExperience working with cloud identity services, including roles, policies, and federation for human and workload identitiesAbility to troubleshoot and resolve complex IAM issues and communicate solutions clearly to technical and non-technical stakeholdersPreferred:Bachelor's degree in computer science, Information Systems, or related fieldExperience with PAM tooling and privileged identity workflows and/or identity governanceFamiliarity with AWS IAM and broader cloud IAM patternsPowerShell scripting (or equivalent) to support automation and operational consistencyExperience with CrowdStrike Identity ProtectionExperience with Tenable Identity ExposureExperience with SIEM solutionsPrior law firm or professional services experienceRelevant certifications such as CISSP, Azure, AWS or other IAM-focused certificationsCompetencies:Entrepreneurial by natureStrong analytical and problem-solving skills, with the ability to design, implement and troubleshoot identity and access solutionsDemonstrates sound technical judgement when implementing authentication, access controls, and security integrationsWorks independently while effectively prioritizing tasks and managing multiple workstreamsCommunicates clearly and professionally with both technical and non-technical stakeholdersMaintains a high level of accuracy, documentation, and attention to detail in operational workAdapts quickly to changing requirements, technologies, and prioritiesAbility to organize, prioritize and coordinate multiple activities often under tight timelinesAbility to drive projects to completion and achieve goalsStrong judgmentTeam-player with collaborative spiritCooley offers a competitive compensation and excellent benefits package and is committed to fair and equitable employment practices.EOE.The expected annual pay range for this position with a full-time schedule is $130,000 - $195,000. Senior level candidates may be considered for this position and would be eligible for a higher salary range based on experience. Please note that final offer amount will be dependent on geographic location, applicable experience and skillset of the candidate.We offer a full range of elective benefits including medical, health savings account (with applicable medical plan), dental, vision, health and/or dependent care flexible spending accounts, pre-tax commuter benefits, life insurance, AD&D, long-term care coverage, backup care for children and/or adults and other parental support benefits. In addition to elective benefit options, benefited employees receive firm-paid life insurance, AD&D, LTD, short term medical benefits as well as 21 days of Paid Time Off ("PTO") and 10 paid holidays each year. We provide generous parental leave and fertility benefits. New employees will attend a detailed benefit orientation to learn more about our many benefits and resources.