IAM/RBAC Engineer Pittsburgh, PA, New York City, or Lake Mary, FL Long Term Contract Overview:
We are seeking an experienced IAM/RBAC Engineer with deep hands\-on expertise in Microsoft Entra ID (Azure AD) and Azure Role\-Based Access Control (RBAC). This role is responsible for designing, implementing, and administering secure, scalable access controls across Azure resources. The engineer will enforce least\-privilege principles, manage privileged access workflows, and ensure access governance that supports audit readiness.
Key Responsibilities:
- RBAC Design \& Administration Define and maintain an enterprise\-wide RBAC framework and role taxonomy. Map permissions to roles, enforce least\-privilege access, and use security groups for assignments. Document role\-to\-permission mappings and ensure direct privilege assignments are minimized.
- Remote \& Privileged Access Governance Implement Just\-in\-Time (JIT) access workflows, including approvals and time\-bound elevation. Oversee privileged access via VPN, jump hosts, and secure remote sessions. Maintain and govern emergency "break\-glass" access procedures, including incident notification and post\-event review.
- Identity \& Authentication Management Configure and administer multi\-factor authentication (MFA) for privileged accounts. Provision Azure AD administrator roles for services like SQL as needed. Enforce the use of managed identities for applications to reduce reliance on static service credentials.
- Authenticator Protection \& Secret Hygiene Ensure the protection and proper handling of issued authenticators. Prevent unencrypted static credentials in code or configuration. Enforce enterprise standards for password and secret parameters.
- Access Governance, Documentation \& Audit Readiness Author and maintain access control policies, standards, and operational Conduct periodic access reviews and support collection of audit evidence. Maintain accurate asset/data inventory and baseline configuration documentation.
- Monitoring \& Compliance Configure Azure\-native monitoring and logging for identity and access events. Route alerts to security or service owner teams and support audit readiness. Validate emergency access usage through workflow and incident review processes.
Required Technical Skills:
Advanced knowledge of Microsoft Entra ID (Azure AD), Azure RBAC, security groups, and Privileged Identity Management (PIM). Experience with JIT elevation workflows and privileged access governance. Hands\-on expertise with Azure Policy, enabling managed identities, and provisioning Azure AD admin roles. Familiarity with Azure monitoring/logging and AAA (authentication, authorization, accounting) concepts. Strong understanding of least\-privilege architecture and access controls on a scale. Experience with baseline configuration management and maintaining accurate environment inventories.
Qualifications \& Competencies:
Proven experience implementing least\-privilege RBAC designs in enterprise Azure Ability to author IAM policies, procedures, and documentation. Experience leading access reviews and supporting audits and control testing. Strong communication, documentation, and cross\-team collaboration skills. Ability to engage with engineering, security, and operations groups to drive consistent access governance.
Nice\-to\-Have Skills:
Experience integrating identity workflows with approval systems, ticketing platforms, and incident processes. Familiarity with CI/CD controls for secret management and application\-to\-database identity patterns. Background supporting access\-control audit readiness in cloud environments.
For applications and inquiries, contact: hirings@openkyber.com