IAM Engineer - Hybrid Onsite

An international law firm is looking for an IAM Engineer to join their Security team and will support the design, implementation and ongoing operations of core enterprise identity and access management and PKI certificate systems. The Firm has more than 1,300 lawyers and has offices that span the globe from Boston, New York, Beijing, Brussels, Hong Kong, Houston, London, Los Angeles, Palo Alto, Sao Paulo, Tokyo and Washington, D.C. The Firm consistently ranks among the world's leading law firms. The Firm has the following practice areas: Corporate, Litigation, Banking & Credit, Capital Markets, Mergers & Acquisitions, Real Estate, Restructuring and Private Funds. They support clients in a variety of industries such as Energy (Oil & Gas, Power & Renewables), Financial Services, Healthcare & Life Sciences, Infrastructure, Technology, Insurance & Reinsurance, and Data Centers. This role will be 3 days onsite in NYC and the remaining 2 days remote, with the exception of the first two weeks of training which will be 4 days onsite.

This role will join a team of two resources responsible for IAM operational tasks in Entra/Active Directory and special projects. They will be responsible for responding to IAM tickets that come through, troubleshooting issues and ensuring the appropriate approval processes are in place, certificates, adding accounts, granting access, etc. They are mostly onprem AD but there will be some in Azure EntraID.

Key Responsibilities:
- Administer and support Active Directory and Microsoft Entra ID environments, including users, groups, organizational units, and access policies.
- Support identity lifecycle processes including provisioning, modification, and account termination.
- Manage and support authentication protocols and systems including Kerberos, LDAP, SAML, and MFA platforms
- Onboard applications to SSO platforms
- Administer enterprise PKI (public key infrastructure), including certificate issuance, renewal, revocation, and support
- Assist in the design, maintenance, and testing of role-based access and entitlements across infrastructure and applications.
- Assist with periodic access reviews and certification campaigns.
- Implement access requests according to established procedures and security policies, ensuring least privileged access.
- Provide Tier 1 & 2 support for IAM related issues, troubleshooting access problems and escalating complex issues to leadership.
- Create and maintain clear and concise documentation related to IAM processes, configurations, and troubleshooting steps.
- Assist with monitoring IAM systems for anomalies and generate reports on access activity.
- Participate in testing of IAM system updates, patches, and new features.
- Assist in the development and implementation of automation scripts to streamline IAM processes (e.g., PowerShell, Python).
- Work closely with other IT teams (Help Desk, Applications, Infrastructure, Information Security) to ensure seamless integration of IAM solutions.

They may also be asked to help with special projects like upgrading their MFA system on all server/laptops; implementing new vendor for Identity Validation and go through vendor selection, POC, Implementation etc; deploying browser plug in for secret server; assist in IGA solution implementation etc.

Compensation:
$50/hr to $53/hr.
Exact compensation may vary based on several factors, including location, skills, experience, and education.
Employees in this role will enjoy a comprehensive benefits package starting on day one of employment, including options for medical, dental, and vision insurance. Eligibility to enroll in the 401(k) retirement plan begins after 90 days of employment. Additionally, employees in this role will have access to paid sick leave and other paid time off benefits as required under the applicable law of the worksite location.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

- 7+ years in IAM
- Expert understanding of IAM concepts including authentication, authorization, RBAC, and least privilege
- Hands-on experience with Entra ID and Active Directory
- experience with troubleshooting IAM issues around certificates, create accounts, etc
- familiarity with identity management (users, groups, accounts, etc), Authentication (SSO, MFA), Authorization & Access control, etc
- Familiarity with certificate lifecycle management systems / PKI
- understanding of authentication protocols including Kerberos, SAML, OAuth, OIDC, etc.
- Understanding of zero-trust and modern security architectures

- Automation of security tasks (Python, C++, Java, Ruby, Bash etc)
- lawfirm background
- Security certifications (Security+, CEH, CRISC, CISM, CISA, CISSP, CCNP Security, GIAC GSEC, and Microsoft Systems Developer training)

Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.