Sr IAM Engineer

The Senior IAM Directory Services Engineer plays a critical role in shaping the future of identity at Northwestern Mutual. This position partners with engineering teams, security architects, product managers, and vendors to design, automate, and modernize our identity ecosystem.

We are looking for an engineer who is forward-thinking, automation-driven, and passionate about leveraging modern identity technologies, including AI-assisted threat detection, advanced authentication patterns, and infrastructure-as-code.

This role is responsible for engineering, enhancing, and supporting Identity and Access Management capabilities with a focus on Entra ID, Active Directory, application integrations, Identity Provider (IdP) technologies, and Zero Trust authentication models.

What You'll be doing:

• Engineer and support enterprise identity solutions across Entra ID, Active Directory, SSO, and federated identity platforms (OAuth/OIDC, SAML, WS-Fed).
• Design and maintain policies for MFA, Conditional Access, workload identities, and modern authentication protocols.
• Develop automated IAM workflows using PowerShell, Python, Terraform, GitLab/GitHub CI/CD, and other IaC frameworks.
• Create predictable and repeatable deployment patterns for identity services through CI/CD pipelines.
• Identify opportunities for automation and help evolve an "automate first" engineering culture.
• Use tools such as Splunk, Crowdstrike Identity Protection, Bloodhound and other monitoring platforms to analyze identity logs, detect anomalies, and drive resolution.
• Work with product and engineering leaders to assess and pilot AI-driven identity technologies.
• Lead complex problem resolution and support escalations requiring deep IAM expertise.
• Document architecture, decisions, playbooks, and engineering patterns.
• Collaborate in agile teams and mentor engineers on identity engineering best practices.

• Bachelor's degree in computer science, Cybersecurity, Information Systems, or equivalent experience.
• 5+ years of professional engineering experience in IAM or directory services.
• Strong experience with Active Directory, Entra ID, SSO/IdP integrations, identity lifecycle automation, and Conditional Access.
• Hands-on experience with scripting/automation (PowerShell and/or Python).
• Experience with CI/CD pipelines (GitLab, GitHub, Azure DevOps).
• Knowledge of cloud identity patterns across Azure, AWS, and SaaS providers.
• Strong problem-solving ability and communication skills.
• Strong documentation, testing and automation skills.

What Sets you apart:

• Experience with Terraform, Bicep, Ansible, or other IAC tools.
• Background in Splunk, Sentinel, or equivalent SIEM platforms.
• Familiarity with AI/ML-driven identity tooling and adaptive access policies.
• Understanding of Zero Trust architectures.
• Relevant certifications (Microsoft Identity, Azure Architect, AWS, Security+, CCSP, CISSP).

Northwestern Mutual is an equal opportunity employer who welcomes and encourages diversity in the workforce. We are committed to creating and maintaining an environment in which each employee can contribute creative ideas, seek challenges, assume leadership and continue to focus on meeting and exceeding business and personal objectives.