Sign upLog in

IAM/RBAC Engineer

Veterans Sourcing Group

Jersey City, NJ

Apply
JOB DETAILS
SKILLS
Access Control, Accounting, Authentication, Best Practices, Configuration Management, Data Quality, Embedded Systems, Identity Data Management, Incident Response, Just in Time (JIT), Microsoft Product Family, Microsoft Windows Azure, Policy Development, Protocol Independent Multicast (PIM), Remote Access, SQL (Structured Query Language), Software Design, Standard Operating Procedures (SOP), Systems Administration/Management, Taxonomies, VPN (Virtual Private Network), Writing Skills
LOCATION
Jersey City, NJ
POSTED
30+ days ago
Job Title: IAM/RBAC Engineer
Duration: 12+ Months (Possible extension)
Location: Jersey City, NJ 07302
Onsite Role (4 days a week)

Responsibilities:
  • Seeking IAM/RBAC Engineer with deep hands-on experience in Microsoft Entra ID (formerly Azure AD) and Azure Role-Based Access Control (RBAC).
  • Will design, implement, and administer access controls across Azure resources, enforce least-privilege principles, and support secure, auditable access for privileged and non-privileged users.
  • This role focuses on practical, scalable identity solutions, strong authenticator management, and consistent access governance and monitoring.
RBAC Design and Administration
  • Define and maintain an enterprise role taxonomy across Azure resources.
  • Map permissions to roles and enforce least-privilege access via security groups and role assignments.
  • Prohibit broad, direct privilege assignments; document role-to-permission mappings and changes.
Remote and Privileged Access Governance
  • Implement Just-in-Time (JIT) workflows for elevated access with approvals and time-bound permissions.
  • Establish usage restrictions and configuration norms for VPN/jump hosts/privileged sessions.
  • Define and oversee emergency access ( "break-glass”) procedures, incident notification, and review.
Identification and Authentication
  • Configure multi-factor authentication (MFA) for privileged roles using strong authenticators (e.g., smartcards or security keys).
  • Provision Azure AD administrator roles for services such as SQL where applicable.
  • Enforce managed identities for applications (e.g., App Service, Function Apps) and centralize identity control to reduce reliance on local service keys.
Authenticator Protection and Secret Hygiene
  • Ensure authorized users safeguard issued authenticators.
  • Prevent unencrypted, embedded static credentials in code, images, and configurations; enforce password and memorized secret parameters per enterprise standards.
Access Governance and Documentation
  • Author and maintain policies, standards, and operating procedures for access controls.
  • Conduct periodic access reviews and support audit evidence collection.
Monitoring and Audit Readiness
  • Configure Azure-native monitoring and logging for identity and access events.
  • Route alerts to service owners/security teams and support audit readiness across access-related controls.
  • Validate use of emergency access through incident workflows and post-event review
Education/Experience:
  • Advanced knowledge of Microsoft Entra ID (Azure AD), Azure RBAC, security groups, privileged identity management (PIM), and JIT access workflows.
  • Demonstrated experience implementing least-privilege design at scale and articulating the rationale for RBAC in Azure.
  • Hands-on experience with Azure Policy and resource configurations, including enabling managed identities, provisioning Azure AD admin roles for services, and minimizing local service key usage.
  • Familiarity with Azure monitoring and logging capabilities, AAA (authentication, authorization, accounting) concepts, and integration with approval workflow tools.
  • Strong understanding of least-privilege access design and practical application of access control best practices in Azure.
  • Competence in baseline configuration management and maintaining accurate asset/data inventories.
  • Ability to author and maintain IAM policies and procedures, perform access reviews, and support audit evidence and control test preparation.
  • Proven capability to implement and govern remote/elevated access, emergency access processes, and related incident handling.

About the Company

V

Veterans Sourcing Group

Resume Resources

Free Resume TemplatesFree Resume Builder