Identity and Access Management (IAM) administrator

The City Of Charlotte
Charlotte, United States of America
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Shift work
Languages
English
Experience level
Intermediate
Compensation
$ 135K

Job location

Charlotte, United States of America

Tech stack

Microsoft Active Directory
Software as a Service
Cloud Computing
CompTIA Security+
Computer Security
Information Systems
Data Recovery
DNS
Identity and Access Management
Python
Log Analysis
OAuth
PCI Data Security Standards
Public Key Infrastructure
Powershell
Role-Based Access Control
Openid Connect
Azure
Zero Trust Network Access
Security Assertion Markup Language (SAML)
Single Sign-On
User Provisioning Software
Backup and Restore
SSL Certificate Management
Data Logging
Scripting (Bash/Python/Go/Ruby)
Enterprise Software Applications
Okta
Information Technology

Job description

  • Providing all customers with courteous, responsive, accessible, and seamless quality services

  • Taking initiative to identify, analyze, and solve problems

  • Collaborating with stakeholders to make informed decisions, The Innovation and Technology department for the City of Charlotte is currently recruiting an Identity and Access Management (IAM) administrator. This role is responsible for safeguarding access to critical municipal systems through the design, administration, and continuous improvement of the City's identity and access management ecosystem., This position leads the integration of hybrid identity technologies across Active Directory, Microsoft Entra, and Okta, ensuring secure access, regulatory compliance, and operational resilience. Responsibilities include managing PCI compliance, coordinating cybersecurity incident response, and supporting cybersecurity automation and project delivery. This role partners closely with Cyber Protection and other IT teams to enhance identity governance, enforce policy, and modernize IAM capabilities., The intent of this job description is to provide a representative summary of the major duties and responsibilities performed by employees in this job. Employees may be requested to perform job-related tasks other than those specifically presented in this description.

  • Design, implement, and manage enterprise identity and access management (IAM) solutions across Active Directory, Microsoft Entra ID, and Okta.

  • Build, manage, and maintain Active Directory environments, including domain services, replication, and server roles.

  • Administer identity lifecycle processes including provisioning, deprovisioning, and role-based access controls across hybrid environments.

  • Deploy and integrate Single Sign-On (SSO) solutions between identity providers and SaaS and cloud applications using SAML, OAuth, OpenID Connect, and SCIM.

  • Configure and troubleshoot Microsoft Entra App Registrations, Enterprise Applications, Conditional Access Policies, and RBAC models.

  • Design and enforce enterprise access governance aligned with Zero Trust principles.

  • Develop and maintain automation for IAM processes using PowerShell, Okta Workflows, and other scripting tools.

  • Manage Group Policy Objects (GPOs) and enforce configuration standards across the enterprise.

  • Administer and support hybrid AD and Azure AD environments including directory synchronization and identity federation.

  • Deploy and maintain PKI infrastructure including certificate authorities, certificate lifecycle management, SCEP, and NDES integrations.

  • Manage certificate services including issuance, renewal, revocation, and enterprise certificate governance.

  • Monitor identity systems, analyze logs, respond to alerts, and lead troubleshooting and root cause analysis for identity-related incidents.

  • Perform regular access reviews, audits, and remediation of role-based policies and permissions to ensure compliance with CJIS, NIST, and other regulatory frameworks.

  • Support Active Directory backup and recovery strategies, including testing and validation of restoration processes.

  • Coordinate and execute IT and cybersecurity projects, including remediation plans for audit findings and security gaps.

  • Develop documentation, standards, and architectural diagrams for IAM systems and processes.

  • Provide guidance and consultation to IT staff and leadership on identity governance, access risk, and automation strategies.

  • Perform other related duties as assigned.

Requirements

Required Education and Experience

  • Bachelor's degree in Computer Science, Information Security, Information Systems, or a related field or an equivalent combination of education and relevant work experience.
  • 3+ years of experience in Information Technology or Identity and Access Management.

Preferred Qualifications or Certifications

  • CISSP, GCIH, or similar cybersecurity certifications.
  • Microsoft Identity and Access Administrator Associate certification.
  • Okta Certified Professional or Administrator certification.
  • 5+ years of experience in Identity and Access Management or related IT roles., * Strong communication skills and ability to work across cross-functional technical teams.
  • Advanced knowledge of Active Directory architecture, including multi-domain and multi-forest environments.
  • Strong knowledge of Windows Server administration, including installation, configuration, patching, and hardening.
  • Strong knowledge of Group Policy design, administration, and troubleshooting.
  • Strong knowledge of DNS and Microsoft DNS configuration and troubleshooting.
  • Strong knowledge of Microsoft Entra ID (Azure AD) including identity governance, conditional access, and hybrid identity.
  • Strong knowledge of Okta administration, including lifecycle management, federation, and workflow automation.
  • Experience with IAM automation using PowerShell, Python, or similar scripting languages.
  • Strong understanding of identity lifecycle management, RBAC, and access governance models.
  • Knowledge of Zero Trust architecture and modern identity security frameworks.
  • Strong knowledge of PKI infrastructure, certificate lifecycle management, and cryptographic best practices.
  • Experience with certificate deployment technologies such as SCEP and NDES.
  • Knowledge of AD backup and recovery tools and processes.
  • Knowledge of hybrid identity synchronization tools and services.
  • Strong understanding of SSO protocols including SAML, OAuth, OpenID Connect, and SCIM.
  • Knowledge of MFA technologies including TOTP, WebAuthN, and FIDO2.
  • Experience with logging, monitoring, and incident response for identity systems.
  • Knowledge of cybersecurity frameworks and compliance standards such as CJIS, NIST, and HIPAA.
  • Ability to design scalable IAM solutions and improve operational efficiency through automation.
  • Strong analytical, troubleshooting, and problem-solving skills.
  • Ability to document systems, processes, and architecture for both technical and non-technical audiences.
  • Experience with certificate management and enterprise PKI design

Ability to:

  • Meet schedules and deadlines of the work
  • Work In Office two days per week minimum and as needed in addition.
  • Must be physically located near Charlotte, NC.

WORKING CONDITIONS & PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

This position is relative free from unpleasant environmental conditions or hazards and is generally sedentary. Incumbents may be required to exert up to 10 pounds of force occasionally, a negligible amount of force frequently, and/or constantly having to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.

CONDITIONS OF EMPLOYMENT

The City's Background Check Policy requires background checks to be conducted on final internal or external candidate(s) applying for any position with the City of Charlotte. The type of information that will be collected as part of a background check includes, but is not limited to: reference checks, social security verification, education verification, criminal conviction record check, and, if applicable, a credit history check, sex offender registry and motor vehicle records check.

Background checks must be in compliance with all federal and state statutes, such as the Fair Credit Reporting Act (FCRA). The checks must be consistent with the guidelines set forth by these laws requiring organizations to obtain a candidate's written authorization before obtaining a criminal background report, motor vehicle records check or credit report; and to properly store and dispose of information derived from such reports.

Final candidates must pass a pre-employment drug-screening test and physical examination. During the selection process, candidates may be asked to take a skills test, and/or participate in other assessments.

Benefits & conditions

$94,029-$146,921 Commensurate with experience, The City of Charlotte provides a comprehensive benefits package to eligible employees.

Apply for this position