Apply for Identity & Access Management (IAM) System Engineer, Microsoft Azure Active Directory

On behalf of our public sector client, Affinity is seeking an Identity & Access Management System Engineer, Technology Services. The successful candidate will support identity modernization, access management, authentication, and security hardening across a hybrid Microsoft environment including Active Directory, Entra ID / Azure AD, SSO, MFA, Conditional Access, and hybrid identity. They will drive secure access, identity governance, and authentication modernization in support of cloud migration, cybersecurity uplift, and operational resiliency initiatives. They will work closely with cybersecurity, infrastructure, endpoint, M365, ServiceNow, application, and cloud teams to ensure identity services are secure, scalable, and aligned to modernization outcomes.

Responsibilities:

• Assess the current-state Active Directory, Entra ID / Azure AD, hybrid identity, authentication, authorization, and access management environment.

• Review identity synchronization, domain services, OU/group structures, group policy dependencies, authentication patterns, administrative roles, service accounts, and identity-related technical debt.

• Identify risks, constraints, configuration gaps, legacy dependencies, and security issues that may affect Windows 11, M365, Azure, server migration, application access, or operational resiliency.

• Design and implement identity controls including SSO, MFA, Conditional Access, role-based access, group-based access, privileged administration, and identity protection patterns.

• Support Entra ID / Azure AD hybrid scenarios, including secure access between cloud services, domain-joined devices, hybrid-joined devices, on-premises applications, Azure-hosted workloads, and M365 services.

• Support remediation of legacy authentication, insecure access patterns, unmanaged service accounts, excessive privileges, weak group ownership, and unclear access lifecycle processes.

• Develop and maintain identity architecture diagrams, authentication flow diagrams, dependency maps, integration documentation, access models, and operational decision records.

• Support identity readiness for Windows 11 deployment, Intune enrollment, Autopilot, M365 service operationalization, Azure IaaS migration, and server replatforming.

• Define and document privileged access practices including administrative role assignment, break-glass accounts, emergency access, access review processes, and operational audit controls.

• Support joiner/mover/leaver processes, group ownership, access request workflows, deprovisioning requirements, and integration with ITSM processes where required.

• Troubleshoot and resolve identity-related issues affecting user access, device compliance, application authentication, service availability, and migration readiness.

• Produce runbooks, operational procedures, support documentation, configuration standards, test plans, validation evidence, change documentation, and transition-to-operations materials.

• Work with cybersecurity, infrastructure, endpoint, M365, ServiceNow, application, and cloud teams to align identity services with security, operational, and modernization requirements.

• Support implementation planning, change readiness, cutover activities, hypercare, and knowledge transfer related to identity changes.

Qualifications:

• Minimum of 10 years’ experience in identity and access management, directory services, or systems engineering in complex hybrid Microsoft environments.

• Degree in computer science, information systems, or a related field, or an equivalent combination of training and experience.

• Strong hands-on experience designing and implementing Active Directory, Entra ID / Azure AD, hybrid identity, SSO, MFA, and Conditional Access is required.

• Microsoft certifications such as Identity and Access Administrator Associate, or Security/Enterprise Administrator credentials, are strong assets.

• Experience with identity synchronization (Entra Connect), federation, and privileged access management is an asset.

• Experience working in highly available public safety or other regulated environments is an asset.

• Knowledge of identity and access management standards, authentication and authorization patterns, and Zero Trust principles.

• Knowledge of Active Directory, Entra ID / Azure AD, hybrid identity, Conditional Access, MFA, and privileged access practices.

• Knowledge of identity lifecycle, access governance, and audit/compliance requirements.

• Knowledge of and experience in the design and deployment of secure systems, preferably in a public safety context.

• Knowledge of MS Visio, Teams, PowerPoint, and SharePoint.

• Ability to respond to shifting priorities, demands, and timelines.

• Ability to anticipate, investigate, research, and analyze complex identity problems, and to resolve or escalate issues in a timely fashion.

• Ability to work effectively and elicit cooperation with a variety of internal and external contacts.

• Ability to communicate effectively orally and in writing and to prepare clear, concise, and complete documentation.

• Ability to prepare and maintain a variety of records and technical documentation related to the work.

• Position Type: Full-time contract position.

Affinity Earn:

Know someone who’s great for this, or any of our open roles? Earn up to $4,000/year for each successful referral through Affinity Earn. You can also earn up to $50,000 for helping us find new clients. Learn about our referral program at https://affinity-group.ca/earn/ or browse our jobs & follow us at https://www.linkedin.com/company/affinity-staffing/jobs/

About Affinity: 

Affinity Group is a technology and business consulting and services company. We believe in creating long term relationships between clients and consultants that foster a mutually beneficial partnership. Affinity is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All employment is decided on the basis of qualifications, merit and business need.

For more information on Affinity, please visit www.affinity-group.ca

Job Number: 13585

#LI-Hybrid