IAM / RBAC EngineerWe are seeking an IAM/RBAC Engineer with deep hands-on experience in Microsoft Entra ID and Azure Role-Based Access Control (RBAC). This role is responsible for designing, implementing, and governing secure, scalable access controls across Azure environments while enforcing least-privilege principles and maintaining audit-ready identity operations.
Key ResponsibilitiesRBAC Design and Administration- Define and maintain an enterprise-wide Azure role taxonomy
- Map permissions to roles and enforce least-privilege access via security groups and role assignments
- Eliminate broad or direct privilege assignments
- Document role-to-permission mappings and track changes
Remote and Privileged Access Governance- Implement Just-in-Time (JIT) access workflows with approval and time-bound permissions
- Configure and govern Privileged Identity Management (PIM) processes
- Establish standards for VPN, jump host, and privileged session usage
- Define and oversee emergency "break-glass" access procedures, including incident notification and review
Identification and Authentication- Configure and enforce MFA for privileged roles using strong authenticators (e.g., smartcards, security keys)
- Provision Microsoft Entra ID administrator roles for Azure services (e.g., SQL)
- Enforce managed identities for applications such as App Services and Function Apps
- Centralize identity controls to reduce reliance on local service keys
Authenticator Protection and Secret Hygiene- Ensure secure handling and protection of issued authenticators
- Prevent unencrypted or embedded static credentials in code, images, and configurations
- Enforce enterprise password and secret management standards
Access Governance and Documentation- Author and maintain IAM policies, standards, and operating procedures
- Conduct periodic access reviews and remediate findings
- Support audit evidence collection and control testing
- Maintain asset and data inventories aligned with configuration management standards
Monitoring and Audit Readiness- Configure Azure-native monitoring and logging for identity and access events
- Route alerts to service owners and security teams
- Validate emergency access usage through incident workflows and post-event review
- Support audit readiness across access-related controls
Required Technical Skills- Advanced knowledge of Microsoft Entra ID (Azure AD), Azure RBAC, security groups, PIM, and JIT workflows
- Hands-on experience with Azure Policy and resource configurations
- Experience enabling managed identities and minimizing local credential usage
- Familiarity with Azure monitoring/logging, AAA concepts (authentication, authorization, accounting), and approval workflow integrations
- Strong understanding of least-privilege access design in Azure
- Experience maintaining configuration baselines and accurate asset/data inventories
Qualifications- Proven experience implementing least-privilege RBAC design at scale
- Ability to develop IAM policies and procedures and lead access governance reviews
- Experience governing remote, elevated, and emergency access processes
- Strong technical writing, documentation, and stakeholder communication skills
- Ability to collaborate across engineering, security, and operations teams
Nice to Have- Experience integrating identity workflows with enterprise approval and ticketing systems
- Exposure to application identity patterns and CI/CD secret management controls
- Background supporting audit readiness for cloud access controls
#LI-RG1
