IAM Engineer

We are seeking a forward-thinking IAM Engineer to drive the evolution of our identity landscape. In this role, you will lead the charge in transitioning our organization from a legacy, on-premises Active Directory (AD) environment to a modern, cloud-first identity architecture.

As a key member of our security and infrastructure team, you will rationalize our existing AD footprint while building out robust, scalable solutions in Microsoft Entra ID. This is a "builder" role that sits at the intersection of architecture, security, and hands-on engineering, directly supporting our broader Zero Trust and digital transformation initiatives.

Key Responsibilities Identity Modernization: Lead the design and implementation of cloud-native identity solutions, reducing reliance on legacy on-premises infrastructure.

Hybrid Management: Manage and optimize the integration between on-premises Active Directory and Microsoft Entra ID (Azure AD), ensuring seamless synchronization and security.

Infrastructure Rationalization: Simplify and consolidate AD domains, forests, and Group Policy Objects (GPOs) to improve efficiency and reduce the attack surface.

Zero Trust Engineering: Implement modern authentication controls, including Conditional Access policies, Least-Privilege Access, and Identity Governance.

Cross-Functional Collaboration: Partner with Security, Infrastructure, and Application teams to integrate modern protocols (OIDC, SAML, OAuth) into the enterprise ecosystem.

Documentation: Create high-quality architecture diagrams, technical design documents, and implementation playbooks for global identity services.

Directory Services: Deep expertise in Microsoft Active Directory (Forest/Domain design, DNS, Trust relationships, and GPO management).

Cloud Identity: Proven experience operating Microsoft Entra ID and managing hybrid identity synchronization.

Protocols: Proficiency in both legacy (Kerberos, LDAP) and modern (SAML, OAuth 2.0, OpenID Connect) authentication/authorization standards.

Security Frameworks: Strong understanding of Zero Trust architecture, identity lifecycle management (ILM), and security governance.

Soft Skills: Excellent communication skills with the ability to translate complex technical concepts into clear documentation for diverse stakeholders. Equal Opportunity Employer / Disabled / Protected Veterans

For temporary assignments lasting 13 weeks or longer, AllSTEM Connections is pleased to offer major medical, dental, vision, 401k and any statutory sick pay where required. We are committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation for any part of the employment process, please contact your staffing representative who will reach out to our HR team. AllSTEM Connections participates in the E-Verify program in certain locations as required by law. Learn more about the E-Verify program. _Participation_Poster_ES.pdf We also consider for employment qualified applicants regardless of criminal histories, consistent with legal requirements, including, if applicable, the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance. Pursuant to applicable state and municipal Fair Chance Laws and Ordinances, we will consider for employment-qualified applicants with arrest and conviction records, including, if applicable, the San Francisco Fair Chance Ordinance. For Los Angeles, CA applicants: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.