IAM Security Engineer/Architect

We’re partnering with a leading financial institution to bring on a hands-on IAM Security Engineer/Architect to support a large-scale FedRAMP-compliant Azure environment. This is a high-impact role where you’ll own identity architecture, enforce security controls, and ensure audit readiness across a complex cloud ecosystem.Key Responsibilities:Design and implement scalable Azure IAM architecture (RBAC, PIM, Conditional Access, Managed Identities)Establish and enforce identity governance, least privilege access, and secure access patternsBuild and maintain Azure Policy/Blueprints to enforce IAM security baselinesIntegrate identity threat protection (Entra ID Protection, Defender) with monitoring tools like Microsoft SentinelPartner with SecOps, cloud engineering, and compliance teams to support FedRAMP / NIST 800-53 requirementsDrive audit readiness through documentation, control narratives, and evidence generationRequired Experience:7+ years in security engineering/architecture, including 3+ years focused on Azure IAMDeep expertise with Entra ID (Azure AD), PIM, RBAC, Conditional Access, Key VaultHands-on experience with Sentinel, KQL, and policy-as-code approachesStrong understanding of FedRAMP, NIST controls, and audit processesAbility to balance architecture strategy with hands-on executionNice to Have:Experience in Azure Government / GCC HighScripting/automation (PowerShell, Terraform/Bicep)Security certifications (AZ-500, SC-300, CISSP, etc.)This role is ideal for someone who can own IAM end-to-end—from architecture design to implementation, monitoring, and compliance.#LI-AL1