Identity Cloud Engineer

Overview

POSITION OVERVIEW

The Identity Governance & Administration team is seeking an Identity Cloud Engineer with deep expertise in Azure, Microsoft Entra ID, and Privileged Access Management to drive enterprise‑wide standardization in how access is defined, assigned, protected, and governed. This role focuses on building consistent patterns, access models, governance frameworks, and PAM integrations rather than traditional infrastructure engineering. The engineer will shape how identities, applications, service principals, and privileged accounts are modeled and controlled across cloud and hybrid environments.

The ideal candidate understands Azure identity, Entra ID, and CyberArk at a strategic and technical level, translating security, compliance, and governance requirements into repeatable configurations, templates, workflows, and control models. They will ensure access is standardized, governed, auditable, and aligned to Zero Trust principles—reducing identity risk while improving operational consistency across the enterprise.

Duties & Responsibilities

Access Standardization & Governance

• Develop and maintain standardized access patterns across Azure and Microsoft Entra ID, including role designs, approval workflows, RBAC models, and application integration standards.
• Define governance frameworks for group‑based access, privileged elevation, application onboarding, and identity lifecycle management.
• Maintain naming conventions, tagging standards, metadata requirements, and standardized role/entitlement structures for Azure and Entra ID.
• Partner with security, compliance, cloud, and application teams to ensure consistent adoption of identity and access standards.

Azure & Entra ID Identity Configuration

• Implement and maintain consistent Entra ID configurations such as Conditional Access baselines, MFA/security settings, Managed Identity patterns, and standardized SSO/provisioning templates.
• Support application and workload teams in configuring access models aligned with identity standards.
• Troubleshoot access issues, misconfigurations, and inconsistent access patterns across cloud resources.

Identity Governance Lifecycle

• Support access reviews, entitlement management, and lifecycle workflows by ensuring standardized roles, groups, and access packages exist and are governed.
• Design access packages, role definitions, workflow templates, and lifecycle automation for identities, groups, service principals, and app registrations.
• Establish and enforce lifecycle standards for app registrations, service principals, permissions, ownership, and deprovisioning.
• Ensure applications integrate cleanly with IGA platforms with well‑structured entitlements that support classification, governance, and access certifications.

Privileged Access Management (CyberArk)

• Design, deploy, configure, and maintain CyberArk PAM solutions across on‑premises, hybrid, and Azure cloud environments.
• Administer CyberArk components such as EPV, PVWA, PSM/PSMP, CCP, CPM, CP, PTA, Conjur, and EPM.
• Integrate CyberArk with Azure services, Azure AD, Kubernetes, CI/CD pipelines, containers, and cloud‑native workloads.
• Manage privileged accounts, credentials, secrets, and machine identities across servers, databases, network devices, and cloud platforms.
• Perform ongoing platform operations including upgrades, patching, tuning, DR testing, hardening, and health monitoring.
• Troubleshoot PAM issues involving authentication, connectivity, session management, plugin behavior, and access workflows.
• Build automation (PowerShell, Python, REST API) for onboarding, provisioning, secret rotation, and lifecycle workflows.
• Develop or update custom connectors, plugins, and onboarding templates for non‑standard systems.
• Support audits, risk assessments, and remediation aligned with PAM best practices and Zero Trust.

Collaboration & Enablement

• Educate engineering, cloud, and application teams on identity and PAM best practices.
• Partner with IAM, DevOps, security operations, and cloud engineering to ensure access models and PAM integrations align with enterprise architecture.
• Maintain documentation for standards, patterns, runbooks, architecture diagrams, and operational processes.

Minimum Requirements

• BS in Computer Science or Business with emphasis in IT or equivalent.
• 3+ years of experience with Azure and Microsoft Entra ID identity configuration.
• 3+ years of experience working with CyberArk technologies. Devolutions experience is a plus.
• Strong knowledge of Windows Server, Linux/Unix, Active Directory, LDAP, SQL Server, Azure AD/Entra ID.
• Proficiency with PowerShell; working knowledge of Python.
• Experience with REST APIs, certificate management, and secrets automation.
• Strong understanding of Entra ID components, including Conditional Access, MFA, PIM, Identity Protection, App Registrations, and Enterprise Applications.
• Experience defining role models, RBAC structures, and access governance patterns.

Preferred Experience

• Governance‑focused mindset
• Strong analytical and documentation skills
• Ability to define and enforce standards
• Cross‑functional communication skills
• Attention to detail and commitment to consistency