IAM Engineer - Entra ID

Your OpportunityAt Schwab, you're empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us "challenge the status quo" and transform the finance industry together.We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).We are seeking an Entra IAM Engineer at the associate level who has a foundational understanding of Microsoft Entra ID, Azure and Identity & Access Management (IAM) concepts along with Active Directory. This role will support the design, implementation, and day‐to‐day operations of identity services while developing hands‐on experience with modern identity security practices.This is an excellent opportunity for someone looking to grow into a senior IAM or security engineering role.Key ResponsibilitiesMicrosoft Entra IDAssist in configuring and maintaining:Users, groups, and rolesEnterprise applications and SSO integrationsMFA and basic/custom Conditional Access policies* Support onboarding of applications using SAML, OIDC, or OAuth (with guidance).* Monitor Entra ID sign‐in activity and security alerts and escalate when needed.IAM Principles & GovernanceApply IAM for best practices such as least privilege, role‐based access, and separation of duties.Support identity changes through established change management and control processes in lower and production environments.Support identity lifecycle processes including provisioning, modification, and deprovisioning of access.Support access reviews, audits, and compliance activities.Follow identity standards, procedures, and security baselines.Documentation & CollaborationCreate and update technical documentation, runbooks, and standard operating procedures.Working closely with senior IAM engineers, security teams, and IT support teams.Participate in incident response and root‐cause analysis related to identity issues.What you haveRequired Qualifications1-3 years of experience in IT, security, or systems administration (or equivalent internship / lab experience).Foundational knowledge of:Microsoft Entra ID (Azure AD)Active Directory concepts (users, groups, OUs, GPOs, authentication)Basic IAM principles and access control modelsUnderstanding authentication concepts such as MFA, passwords, and SSO.Familiarity with common identity protocols (basic understanding is sufficient):SAML, OAuth2, OpenID Connect* Basic scripting or automation exposure (PowerShell preferred).* Willingness to learn about modern identity and security technologies.Preferred QualificationsExposure to hybrid identity environments using Active Directory and Entra Connect.Familiarity with Infrastructure as Code (IaC) concepts and exposure to Terraform, particularly for managing identity‐related resources.Microsoft certifications or in progress:SC‐300, AZ‐900, SC‐900, or similar* Interest in identity security, Zero Trust, and cloud security.