IAM ENGINEER
Toronto - Hybrid
longterm contract
Job Description: Role Descriptions:
- Design and implement Azure Entra ID (formerly Azure AD) identity governance frameworks.
- Configure and manage Privileged Identity Management (PIM) for just-in-time privileged access.
- Implement and enforce Conditional Access policies| MFA| and phishing-resistant authentication (FIDO2| Passkeys).Manage RBAC role assignments across Azure subscriptions| resource groups| and management groups.
- Remediate guest user accounts| stale identities| and excessive permission assignments.
- Configure and maintain Break Glass (emergency access) accounts with monitoring and alerting.
- Integrate Microsoft Defender for Cloud governance rules with ServiceNow for ticketing workflows.
- Support cross-cloud IAM alignment across AWS IAM and OCI IAM where applicable.
- Participate in IAM audits| access reviews| and compliance reporting.
- Develop IAM runbooks| RBAC mapping documentation| and onboarding guides.
Essential Skills:
- More than 5 years of IAM experience| with 3+ years in Microsoft Azure / Entra ID.
- Deep knowledge of Azure RBAC| PIM| Conditional Access| and Entra ID roles.
- Experience with MFA enforcement| authentication methods| and access policies. Understanding of identity lifecycle management and access certification processes. Familiarity with Microsoft Defender for Cloud and Secure Score recommendations. Experience with ServiceNow or ticketing system integrations for IAM workflows.
- Microsoft Certified -Identity and Access Administrator (SC-300) preferred.
- Strong documentation and stakeholder communication skills.
Nice to Have
1. Experience with AWS IAM| Organizations| and SCPs.
2. Knowledge of OCI IAM compartments and policy structures.
3. Exposure to SASE or Zero Trust Network Access (ZTNA) frameworks Desirable Skills:
Keyword:
Skills: Digital : Microsoft Azure~Microsoft Identity And Access Management Experience Required: 6-8
Pay: $65.00-$67.00 per hour
Work Location: Hybrid remote in Toronto, ON (Toronto District)