Identity and Security Engineer

Greenberg Traurig (GT), a global law firm with locations across the world in 15 countries, has an exciting employment opportunity for you. We offer competitive compensation and an excellent benefits package, along with the opportunity to work within an innovative and collaborative environment.Join our Technology Team as an Identity and Security Engineer located in various offices.We are seeking a professional who thrives in a fast-paced, deadline-driven environment. The ideal candidate possesses strong problem-solving and decision-making abilities, ensuring efficiency and accuracy in every task. With a dedicated work ethic and a can-do attitude, you will take initiative and approach challenges with confidence and resilience. Excellent communication skills are essential for collaborating effectively across teams and delivering exceptional client service. If you are someone who demonstrates initiative, adaptability, and innovation, we invite you to join our team.This role can be based in various offices, on a hybrid basis. This role reports to the Enterprise Monitoring and Systems Management Supervisor.Position SummaryThe Identity & Security Engineer is responsible for the engineering, architecture, security and monitoring of the firm’s core identity services and hybrid integrations, primarily within Microsoft cloud ecosystems, with a growing presence in AWS and GCP. The engineer designs and implements enterprise identity and access management solutions, leads the design of secure authentication and authorization frameworks, drives automation and engineering best practices, performs root cause analysis on complex identity-based incidents, and ensures secure access to applications and resources at scale.The Identity & Security Engineer serves as a lead technical resource for complex identity systems and leads engineering efforts related to Active Directory Domain Services, Entra ID, Single Sign-On, privileged access management, identity protection, lifecycle automation, and enterprise access controls.This role requires deep technical expertise, strong architectural thinking, and the ability to lead identity modernization efforts across on-premise and cloud environments. This role requires individuals who are trustworthy, reliable, and uphold strict ethical standards in all professional dealings. This position requires the ability to work flexible hours and participate in on-call rotation.Key ResponsibilitiesDesigns, implements, optimizes, and maintains enterprise identity platforms (e.g. Active Directory Domain Services, Entra ID, SSO, MFA), including architecture, capacity planning, and lifecycle managementArchitects, implements, and improves secure identity frameworks across on-premise and cloud environments, including role-based access control (RBAC), least privilege access models, just-in-time (JIT) access models, conditional access policies, and access lifecycles to reduce over-privilegeDefines and improves identity role design to reduce over-privilegeEstablishes governance for non-human identities (service accounts, automation identities, app registrations) and implements guardrails that prevent unmanaged credentials and high-risk identitiesBuilds integrations between identity platforms and business systems and applicationsCollaborates with technology teams, including security, compliance, application, DevOps, and infrastructure to implement and ensure secure identity practices across on-premises and cloud environmentsLeads PKI design standards, hardening, modernization efforts and certificate-based authentication risk reductionDesigns, deploys, and maintains vendor remote access and privileged access management systems Engineers detection logic, monitoring, and auditing capabilities to identify and evaluate anomalous user and identity behaviorLeads detection engineering and incident response for identity and access threats using ITDR, EDR, and SIEM tools, and develops playbooks for containment and remediationPartners with Information Security on identity threat detection and responseProvides Tier 3 escalation support and guidance, and leads root cause analysis for complex identity issues impacting privileged access and authentication across on-prem and cloud environmentsImplements and maintains security configurations to protect against unauthorized access and other security threats against the firm’s on-prem infrastructure and cloud-based platformsDevelops, maintains, and reviews automation frameworks, scripts, and infrastructure-as-code to drive process improvement and reduce manual administrative and routine tasks Partners with information security and compliance teams to design controls and engineer evidence collection that demonstrate compliance with industry standardsLeads project delivery and execution of tasks related to areas of identity responsibility, including requirements, design, implementation, testing, rollout, and operational transitionEvaluates and recommends emerging technologies, trends, and best practices in identity and access management, identity protection and governanceAuthors design documentation, runbooks, and standards, and enforces identity governance procedures across the teamQualificationsSkills & CompetenciesDeep expertise in AD DS, Entra ID, ADCS, and Single Sign-OnExpert knowledge of identity and access management and role-based access controlsExpertise designing and engineering federation and multifactor authentication solutionsExpertise in authentication and authorization protocols and flows (Kerberos, SAML, OAuth 2.0, and OIDC, SAML, LDAP)Good working knowledge of public key infrastructure (PKI) and certificate lifecycle managementStrong understanding of Zero Trust security principlesIn-depth knowledge of Microsoft Windows operating systemsGood working knowledge of basic networking concepts, including TCP/IP, DNS, and DHCPAdvanced automation and scripting skills (PowerShell, Microsoft Graph API, Python, Terraform, or similar)Fundamental understanding of AI model infrastructure and AI agent securityStrong analytical, critical thinking, and problem-solving skillsAbility to troubleshoot and resolve complex system, application, security, and performance issuesStrong communication, interpersonal, and cross-functional collaboration skillsAbility to articulate issues, risks, and proposed solutions to various levels of technology staff, management, and non-technical audiencesStrong attention to detail and accuracyAbility to document and maintain security and monitoring policies, procedures, and configurationsAbility to multitask efficiently yet prioritize and organize competing work demandsDemonstrated integrity and commitment to strict ethical standards in all professional dealingsProven record of reliability and dependabilityCandidate must be a self-starter and independent, yet function as an integral part of a teamProven ability to work independently and collaboratively in a fast-paced, and security-conscious environmentCandidate must demonstrate a high degree of initiative and motivationAbility to work flexible hours and be on-callEducation & Prior ExperienceBachelor’s degree in Computer Science, Information Security, or related field, or equivalent work experience8+ years of professional experience designing and engineering medium-to-large enterprise Microsoft Windows AD DS environments, preferably in a law firm or professional services environments5+ years of hands-on experience with Microsoft Entra ID in hybrid environmentsExtensive hands-on experience with Active Directory Domain Services design and operationsStrong hands-on experience with Microsoft Entra Suite architectureStrong hands-on experience with federation and SSO integrationsHands-on experience with identity platforms such as Okta, Ping Identity, or similarExperience managing multifactor authentication solutions Experience engineering and managing Privileged Access Management platformsExperience with AD CS design/hardening or certificate-based authentication modernizationStrong experience with automation (PowerShell required, API experience strongly preferred)Experience with ITDR platforms such as Microsoft Defender for Identity, Entra ID Protection, and Microsoft Defender XDR, or similarFamiliarity with AWS and GCP cloud environments are a plusRelevant Microsoft certifications: Azure Security Engineer Associate and Identity and Access Administrator Associate, or equivalent are preferredRelevant professional cybersecurity certifications, such as CISSP, are a plusGT is an EEO employer with an inclusive workplace committed to merit-based consideration and review without regard to an individual’s race, sex, or other protected characteristics and to the principles of non-discrimination on any protected basis.