Senior Identity and Messaging Engineer

About The Position

Requirements

• Provided hands-on DNS/SPF/DMARC/DKIM changes/support/implementation previously for larger multi-domain companies.
• Must have advanced, prior “hands-on” experience with O365, AzureAD/EntraID, On-Prem Active Directory domains (multiple) and demonstrated expertise by successful implementation of projects with minimal disruption to the business, users, and customers.
• Must be able to take an identity and messaging (Teams/Email/Sharepoint/O365) lead role on projects which will be related to various aspects of infrastructure.
• It is critical this individual can communicate solutions and issues around the solutions to his/her peers in the business, infrastructure, application, and database areas.
• Ability to support escalations from IT Service Desk and act as 3rd tier resource to resolve issues.
• Never an issue to contact a user directly to find out what exactly might be the problem.
• Monitor mail flow, create/execute on checklists to validate email flows
• Hands-on creation of Powershell scripts to manage messaging/AD environments
• Job has on-call responsibilities.
• Works on project-based initiatives and provides written and verbal status updates to business users/stakeholders.
• Assist with patching process on servers in environment.
• Minimum Bachelor's degree in Computer Science, Information Security, or related field (or equivalent work experience)
• 10+ years of experience in IAM and Enterprise Messaging systems
• Strong knowledge of on-premises Active Directory, Azure AD/Entra ID, and hybrid identity concepts and technologies
• Expertise in Enterprise Email systems (e.g., Exchange on-premises, Exchange Online, Microsoft 365)
• Proficiency in PowerShell and other scripting languages for automation and management tasks
• Experience with Azure AD Connect, Conditional Access, and Microsoft Graph APIs
• Familiarity with authentication protocols (e.g., SAML, OAuth, OpenID Connect)
• Strong problem-solving and analytical skills
• Excellent communication and documentation abilities

Nice To Haves

• Current industry certifications from Microsoft or Identity certifications
• Experience in a larger IT environment preferred with over 3000 users and multiple domains and O365 tenants
• Security experience a plus especially with email security platforms and identity security platforms
• Experience with cloud platforms (e.g., Azure, AWS) and their IAM components

Responsibilities

• Design, implement, and maintain IAM solutions, including on-premises Active Directory, Azure AD/Entra ID, and hybrid identity environments
• Manage and optimize multiple Azure AD Connect environments for seamless synchronization between on-premises AD and Azure AD/Entra ID
• Implement and maintain identity federation solutions for single sign-on (SSO) across applications and services, including Azure AD Application Proxy and ADFS
• Configure and manage Conditional Access policies and Multi-Factor Authentication in Azure AD/Entra ID
• Develop and enforce IAM policies, workflows, and procedures to ensure secure and efficient access management across on-premises and cloud environments
• Manage user lifecycle, including onboarding, offboarding, and role changes, ensuring adherence to security policies and compliance requirements
• Conduct periodic access reviews and audits to maintain compliance
• Create processes for automatic disablement of accounts when certain criteria are met
• Design, manage, and maintain Office 365 environment(s) with on-premises Exchange and Microsoft 365 components
• Implement and support email security measures to protect the organization's email domains and ensure secure external mail flow
• Work to create API-based integration automation solutions for onboarding, audits, and other service management functions
• Provide 3rd level technical support for Email Services components and custom tools
• Author and maintain operations, security controls, and technology lifecycle related documentation
• Collaborate with cross-functional teams to align IAM and messaging solutions with business goals and security requirements
• Stay current with industry best practices, regulations, and compliance standards related to IAM and messaging systems
• Respond to incidents, investigate security breaches, and perform root cause analysis for both IAM and messaging-related issues
• Generate reports and metrics related to IAM and messaging activities and security posture
• Utilize PowerShell and other scripting languages for automation and management tasks across on-premises and cloud environments
• Maintains current, meticulous documentation, on all infrastructure components that are shared amongst all team members and with peer teams as required
• Troubleshooting and setting up AzureAD/EntraID SCIM with SaaS applications
• Thorough knowledge of Entra Connect Sync and Entra Cloud Sync to support it hands-on
• Good understanding of Azure AD B2C and Entra External ID setup and management to support it hands-on
• Participate in the development of a safe and healthy workplace.
• Comply with instructions given for their own safety and health and that of others, in adhering to safe work procedures.
• Co-operate with management in its fulfilment of its legislative obligations.
• Other duties as assigned by management.

Benefits

• Health and Welfare Benefits: Medical (including prescription coverage), Dental, Vision, Health Savings Account, Commuter Account (IL only), Flexible Spendings Account, Health Care and Dependent Care Flexible Spending Accounts, Group Accident, Group Accident, Critical Illness and hospital indemnity program, Life Insurance, AD&D, Wellbeing Program and Work/Life Resources (including Employee Assistance Program)
• Leave Benefits: Paid Holidays, Annual Paid Time Off (includes paid state/local paid leave where required), Short-Term Disability, Long-Term Disability, Other Leaves (e.g., Bereavement, FMLA, ADA, Jury Duty, Military Leave, and Parental and Adoption Leave)
• Retirement Benefits: Contributory Savings Plan (401k).