IAM/RBAC Engineer

• Design and maintain an enterprise Azure RBAC role taxonomy and document role-to-permission mappings and changes.
• Map permissions to roles and enforce least-privilege access via security groups and role assignments while prohibiting broad, direct privilege assignments.
• Implement Just-in-Time workflows for elevated access with approvals and time-bound permissions using PIM.
• Establish usage restrictions and configuration norms for VPN, jump hosts, and privileged sessions.
• Define and oversee emergency access procedures, incident notification, and post-event review.
• Configure MFA for privileged roles using strong authenticators such as smartcards or security keys.
• Provision Azure AD administrator roles for services such as SQL where applicable.
• Enforce managed identities for applications and reduce reliance on local service keys.
• Ensure users safeguard issued authenticators and prevent unencrypted embedded static credentials in code, images, and configurations.
• Author and maintain policies, standards, and operating procedures for access controls.
• Conduct periodic access reviews and support audit evidence collection.
• Maintain inventories of assets and data with baseline configurations aligned to configuration management practices.
• Configure Azure-native monitoring and logging for identity and access events and route alerts to service owners and security teams.
• Validate emergency access use through incident workflows and support audit readiness across access-related controls.

Due to client requirements, applicants must be willing and able to work on a w2 basis. For our w2 consultants, we offer a great benefits package that includes Medical, Dental, and Vision benefits, 401k with company matching, and life insurance., * Advanced knowledge of Microsoft Entra ID, Azure RBAC, security groups, PIM, and JIT access workflows.

• Hands-on experience with Azure Policy and resource configurations, including enabling managed identities and provisioning Azure AD admin roles.
• Ability to minimize local service key usage through centralized identity control.
• Familiarity with Azure monitoring and logging capabilities and AAA concepts, including integration with approval workflow tools.
• Demonstrated experience implementing least-privilege design at scale and articulating rationale for RBAC in Azure.
• Proven capability to implement and govern remote and elevated access, emergency access processes, and related incident handling.
• Competence in baseline configuration management and maintaining accurate asset and data inventories.
• Ability to author and maintain IAM policies and procedures, perform access reviews, and support audit evidence and control test preparation.
• Strong communication and documentation skills for technical writing and stakeholder coordination.
• Experience integrating identity workflows with enterprise approval systems and ticketing or incident processes (preferred).
• Exposure to application identity design patterns and CI/CD controls for secret management (preferred).
• Background supporting audit readiness for access controls in cloud environments (preferred).

Skills, experience, and other compensable factors will be considered when determining pay rate. The pay range provided in this posting reflects a W2 hourly rate; other employment options may be available that may result in pay outside of the provided range.

W2 employees of Eliassen Group who are regularly scheduled to work 30 or more hours per week are eligible for the following benefits: medical (choice of 3 plans), dental, vision, pre-tax accounts, other voluntary benefits including life and disability insurance, 401(k) with match, and sick time if required by law in the worked-in state/locality.

Eliassen Group is a leading strategic consulting company for human-powered solutions. For over 30 years, Eliassen has helped thousands of companies reach further and achieve more with their technology solutions, financial, risk & compliance, and advisory solutions, and clinical solutions. With offices from coast to coast and throughout Europe, Eliassen provides a local community presence, balanced with international reach. Eliassen Group strives to positively impact the lives of their employees, clients, consultants, and the communities in which they operate. Eliassen Group is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. Don't miss out on our referral program! If we hire a candidate that you refer us to then you can be eligible for a $1,000 referral check!