IAM Engineer AD & Azure AD Focus

IAM Engineer – AD & Azure AD Focus Chicago, IL: Hybrid work from home schedule – 2 days WFH; 3 days onsite in the loop (can pick what days you work from home) Summary: The IAM Engineer is is focused on designing, installing, configuring, and managing Active Directory across Windows Desktop and Server environments – in both an Azure AD an on-prem AD environment. You'll be working on a team of 5, and be the 2nd most senior person on the team, but the most senior engineer with AD – as such, you'll be owning the AD health, topology, replication, and security baselines. Additionally you'll be designing/implementing domain and forest configurations while promoting DCs. You'll also troubleshoot DNS, DHCP, GPO and trust relationships, and plan/execute migrations and DR/recovery tests. What you'll be doing (this full list is from an older job description, and may not be as indicative of the true AD responsibilities described above): Work with the IAM Manager to build out and oversee the IAM function's technical controls and its related activities including planning, solutioning, testing, reporting and delivering IAM services. Oversee the implementation of all current solutions to ensure they are configured appropriately and are delivering maximum value for the Firm. Review current documentation such as Procedures, run books, and Knowledge Base Articles used by the Service Desk. Review and/or establish Best Practices where applicable Engage and interact with other IT Departmental Engineers to ensure future efforts (ours and their's) result in continued uninterrupted delivery of all IAM services. Demonstrate extensive understanding of IAM concepts such as directory services, SSO, federation, MFA, provisioning, access certification, roles and SOD. The analysis, design, implementation, and maintenance of all layers of IAM applications, including Authorization / Authentication and Account Creation / Management / Provisioning / Retirement in data repositories. Including; strategy, organizational design, process re-engineering and technology implementation. Functional areas and work experience should include; fine-grained access control, policy driven security, Identity Governance, Access Management, and Privileged access management, user provisioning/de-provisioning, and federation. Provide support with respect to requirements gathering, project management and delivery of one or more Identity platforms, such as SailPoint (Identity IQ), Okta, and Saviynt. Serve as the central point of contact for information security and IAM policy and process related issues. Address Vulnerabilities, Pentest findings and audit issues in a timely manner. Participate in a 24x7x365 on-call rotation Stay abreast of industry trends, solution landscape and market conditions and update peers and management accordingly. Other duties, as assigned. Skills we're seeking 3+ years of experience in an IAM focused role Must have strong experience with Active Directory – both on-prem AND Azure AD – which is the most important experience for this role. You must be strong in the following areas here: Installing/architecting Active Directory, promoting Domain Controllers, configuring domains/forests Managing directory services across multiple Windows Server environments (physical/virtual) DNS/DHCP/WINS/Client/ADFS/PKI/GPOs Directory migration, recovery, security, capacity management Process automation and improvement in AD workflows Must have Windows Server experience Nice to haves (in this order) Experience with multiple domains/forests Scripting/Automation experience, ideally with Powershell Experience with other Azure services Experience with MS Exchange Experience with SCCM Experience with SharePoint Experience with ITIL, COBIT or other similar frameworks Experience with other IAM tools (Okta for example) Bachelor's Degree or Master's Degree in Computer Science or a related field Relevant certifications

Created: 2026-04-03