IAM Engineer

Multiplied
The Hague, Netherlands
2 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Compensation
€ 6K

Job location

The Hague, Netherlands

Tech stack

Microsoft Access
Microsoft Active Directory
API
User Authentication
Computer Security
Identity and Access Management
Intrusion Detection and Prevention
Kerberos (Protocol)
Network Control
NT LAN Manager
Powershell
Azure
Security Information and Event Management
3-tier Architectures

Job description

We are looking for an IAM Engineer to lead the design and implementation of our Enterprise Credential Tiering Model. In this role, you will be the technical owner responsible for securing privileged identities, isolating high-impact administrative assets within Active Directory Domain Services (AD DS), and extending these security boundaries into Microsoft Entra ID.

Your mission is to strengthen the organisation's identity security posture by eliminating lateral movement opportunities, protecting the identity control plane, and ensuring that identity architecture aligns with a strict Zero Trust security framework.

You will work at the intersection of Identity & Access Management, cybersecurity, and infrastructure, partnering closely with Security Operations and IT teams to build a secure and future-proof identity environment., * Configure Active Directory Organizational Units (OUs), Group Policy Objects (GPOs), Authentication Policies, and Authentication Silos.

  • Prevent privileged credentials from being exposed on lower-tier systems.
  • Implement modern privileged access solutions, including:
  • Microsoft Entra Privileged Identity Management (PIM)
  • Conditional Access Policies (CAPs)
  • Secure Administrative Workstations (SAWs/PAWs)
  • Tier-specific administrative access models

Identity Security Improvement & Legacy Cleansing

  • Identify and remediate identity security risks, including:
  • Unmanaged service accounts
  • Excessive permissions
  • Over-privileged groups
  • Cross-tier group nesting
  • Legacy configurations that bypass security boundaries
  • Improve overall identity hygiene and reduce attack paths., * Work closely with Security Operations (SecOps) teams to align identity controls with SIEM monitoring and security detection capabilities.
  • Support detection and response processes for anomalous authentication behaviour and privileged access risks.
  • Contribute to identity governance standards and security improvements.

Requirements

  • Strong hands-on experience with Active Directory Domain Services (AD DS), including:
  • Forests, domains, and trusts
  • Kerberos and NTLM security concepts
  • Group Policy engineering
  • Active Directory Administrative Center
  • Authentication security controls
  • Extensive knowledge of Microsoft Entra ID, including:
  • Directory roles
  • Administrative Units
  • Conditional Access policies
  • Authentication strengths
  • Token protection
  • Privileged Identity Management (PIM)
  • Proven experience implementing:
  • Microsoft Legacy 3-Tier Model
  • Enterprise Access Model (EAM)
  • Privileged Identity Management strategies

Security & Automation Skills

  • Experience designing and deploying:
  • Privileged Access Workstations (PAWs)
  • Secure jump servers
  • Tier-specific administrative environments
  • Strong PowerShell scripting skills for:
  • Identity audits
  • Automation of security controls
  • Compliance reporting
  • Experience with Microsoft Graph API for Entra ID automation and reporting.
  • Familiarity with identity security assessment tools such as:
  • BloodHound
  • PingCastle
  • Microsoft Defender for Identity

Benefits & conditions

  • Competitive salary up to €6,000 gross per month, depending on experience.
  • Lease car as part of your employment package.
  • Attractive bonus scheme based on performance.
  • The opportunity to work on strategic identity security projects with a strong focus on Zero Trust.
  • A challenging role where you can directly influence enterprise security architecture.

Apply for this position