Security Engineer/Architect - IAM
Veterans Sourcing Group, LLC
Job Title: Security Engineer/Architect - IAM
Duration: 12+ Months (Possible extension)
Location: New York, NY 10286
Onsite Role (4 days a week) Responsibilities:
Duration: 12+ Months (Possible extension)
Location: New York, NY 10286
Onsite Role (4 days a week) Responsibilities:
- Seeking a hands-on Security Engineer/Architect to design, implement, and govern identity and access management for a FedRAMP-compliant Azure environment using native Microsoft security tooling.
- Will own the IAM architecture and control lifecycle-policy design, privileged access, identity threat protection, lifecycle governance, and evidence generation-ensuring NIST SP 800-53 control coverage and audit readiness.
- Define and maintain Azure IAM architecture and guardrails: tenant segmentation, RBAC strategy, least privilege, managed identities, Conditional Access, and Just-In-Time access via PIM.
- Establish standardized access patterns for workloads, service principals, Managed Identities, and human identities across multi-tenant/multi-subscription Azure footprints.
- Design and enforce secure key/secret management using Azure Key Vault (FIPS 140-2 validated modules), including rotation, access policies, and monitoring.
- Integrate identity threat protection signals (Entra ID Protection, Defender for Identity) into detection and response workflows; ensure coverage for high-risk scenarios (privilege escalation, token theft, MFA fatigue, legacy protocols). Implementation and Control Enforcement
- Build and maintain Azure Policy/Blueprints to enforce IAM baselines (e.g., MFA requirements, disallow legacy auth, privileged role constraints, Key Vault access policies, managed identity usage).
- Configure Conditional Access, Authentication Strengths, and token controls; manage role assignments, custom roles, and privileged workflows consistent with FedRAMP requirements.
- Drive onboarding of identities and applications to native controls; integrate with CI/CD pipelines for pre-deployment checks and policy-as-code control inheritance.
- Partner with SecOps to ensure logging/telemetry completeness (Audit logs, Sign-In logs, Entra ID Risk events, Azure Activity logs) and Sentinel ingestion; author KQL-based detections/playbooks for IAM threats.
- Maintain IAM control narratives, SSP sections, and evidence packages; support POA&M lifecycle for IAM-related findings and corrective actions.
- Produce monthly/quarterly Continuous Monitoring artifacts for IAM controls (AC, IA, AU, CM, SC), including access reviews, break-glass account attestations, PIM usage audits, and privilege minimization metrics.
- Lead periodic access certification campaigns for privileged roles and sensitive applications; implement automated recertification workflows and exception governance.
- Quantify residual risk and document compensating controls; partner with risk/compliance and 3PAOs on assessments, interviews, and artifact reviews.
- Ensure material changes in IAM configurations are reflected in SSP/control narratives and communicated via change management.
- Identity & Access: Microsoft Entra ID (Azure AD), PIM, Conditional Access, Authentication Strengths, RBAC, Managed Identities
- Threat Protection: Entra ID Protection, Microsoft Defender for Identity, Microsoft Defender XDR signals
- SIEM/SOAR: Microsoft Sentinel (Log Analytics, Workbooks, Playbooks/Logic Apps)
- Posture & Policy: Azure Policy, Azure Blueprints, Azure Automation
- Secrets & Crypto: Azure Key Vault (FIPS 140-2), Key Vault HSM (as applicable)
- Monitoring/Telemetry: Azure Monitor, Sign-In/Audit Logs, Diagnostic Settings, Activity Logs
- Bachelor's degree in Information Security, Computer Science, Information Systems, or related field; equivalent experience considered.
- 7+ years in security engineering/architecture, with 3+ years focused on IAM in Azure using native tooling.
- Deep hands-on experience with Entra ID (Azure AD), RBAC, PIM, Conditional Access, Managed Identities, and Key Vault-including policy design and enforcement at scale.
- Practical knowledge of FedRAMP baselines (Moderate/High), NIST SP 800-53 control families, and audit/assessment processes; experience contributing to SSP/ConMon evidence.
- Strong proficiency in Azure Policy/Blueprints and policy-as-code approaches; experience embedding controls into CI/CD.
- Ability to design high-fidelity detections and automate incident response for identity threats using Sentinel and Logic Apps.
- Excellent documentation and communication skills for control narratives, runbooks, access governance procedures, and executive status reporting.
- Experience operating in Azure Government or GCC High tenants and understanding telemetry/control nuances in those environments.
- Background in Zero Trust principles, privileged identity strategy, and secure service-to-service authentication patterns.
- Familiarity with Microsoft Purview and data access governance for sensitive workloads.
- Scripting/automation skills (KQL, PowerShell, Bicep/Terraform basics) to manage identities, enforce policies, and generate evidence.
- Certifications: AZ-500 (Azure Security Engineer Associate), SC-300 (Identity and Access Administrator), SC-200 (Security Operations Analyst), CISSP/CCSP, or equivalent.
Vacancy posted 22 hours ago
Similar jobs that could be interesting for youBased on the Security Engineer/Architect - IAM in New York, NY vacancy
- ...IAM Architect with Application onboarding consultant (Onsite) Location - 102 Motor Parkway Hauppauge NY 11714 Experience level... ...plans with the team Should be able to drive the team of 6 8 engineers to onboard multiple applications simultaneously Should be...Suggested
Yantran LLC
New York, NY5 days ago - ...An established industry player is seeking a seasoned IAM Architect to design and implement secure, scalable IAM solutions. This role involves collaborating with cross-functional teams to align IAM strategies with business objectives and security requirements. You will...Suggested
TechDigital Group
New York, NY3 days ago $172k - $225.7k
...platform, Snowflake requires a secure-by-design foundation to drive... .... The Security Applied Field Engineering (AFE) organization is at the... .... As a Senior Security Architect on the Applied Field Engineering... ...and frameworks for Identity (IAM), Data Governance, Row-Level...SuggestedFlexible hoursSnowflake Computing
New York, NY5 days ago- ...A technology firm is seeking an experienced GCP Security Architect to design and manage secure cloud infrastructures, protecting critical applications. The ideal candidate has over 10 years of IT experience and a strong background in GCP Security services. Responsibilities...SuggestedFull timeRemote work
Opplane
New York, NY3 days ago - ...A security consulting firm is seeking a Principal Consultant specializing in Azure, IAM, and Endpoint Solutions. The role involves leading architecture and optimization of Microsoft security solutions for enterprise clients, requiring over 10 years of IT security experience...SuggestedRemote work
CrucialLogics
New York, NY3 days ago - ...Management Inc. is seeking a Manager, Identity & Access Management (IAM) to lead the enterprise IAM strategies across on-premises and... ...collaboration with multiple teams to ensure a Zero Trust security posture. The ideal candidate should have experience in managing...Remote workFlexible hours
Pharmacy Data Management Inc
Brooklyn, NY1 day ago - ...Cloudxtreme is seeking an IAM Specialist to design and implement lifecycle management processes using Saviynt. The role requires 3+... ...a solid understanding of Identity and Access Management and IT security concepts. Responsibilities include integrating Saviynt with various...
Cloudxtreme
New York, NY3 days ago - ...MAXAR TECHNOLOGIES, INC. seeks IAM Engineers to support mission requirements for an interoperable data ecosystem to enhance analytics for a DoD customer. The role involves designing and managing IAM solutions, enforcing Zero Trust principles, and automating user role management...
Maxar Technologies
New York, NY1 day ago $60 - $100 per hour
...Services organization is hiring a contractor to support them with IAM solutions related to CyberArk and SailPoint IIQ. This is a... ...tools. Required Skills & Experience 5+ years experience in the engineering and administration of CyberArk - specifically on a new implementation...Contract workFor contractorsRemote workParallel Consulting
New York, NY3 days ago$92k - $195k
...Vantor is seeking IAM Engineers to support mission requirements for a structured approach to further develop, integrate, and sustain a scalable... ...Identity and Access Management (IAM) solutions, ensuring secure authentication and access control across cloud and on‑premises...Maxar Technologies
New York, NY2 days ago- ...Responsibilities Design, develop, and deploy secure authentication and authorization solutions using Okta. Configure and manage Okta integrations... ...field. Minimum of 5 years of experience with Okta or similar IAM platforms. Knowledge of API usage and management. Must have Okta...
Nexus IT Group
New York, NY3 days ago $240k - $310k
A leading healthcare technology company seeks a dedicated Security Leader to build and manage their security engineering team. The role requires 10+ years of experience in security, with a strong focus on compliance (HIPAA) and risk management. You will work closely with...- ...fund is seeking a highly skilled Senior IAM Engineer to strategically shape the future of... ...engineering role at the crucial intersection of security, scale, and performance. It’s ideal for... ...identity platforms . This involves architecting scalable, secure, and resilient...Permanent employment
- 66degrees is seeking a Security Identity Engineer responsible for implementing and maintaining the SailPoint platform. This role emphasizes automation... .... Key responsibilities include developing APIs, supporting IAM operations, and creating technical documentation. The ideal...
66degrees
New York, NY2 days ago - ...Aws Security Architect Expecting the first 2-3 weeks on site in NYC and the remainder of the... ...management, identity and access management (IAM), network security (VPNs) within SaaS,... ...Architect or Certified DevOps Engineer would be a plus All qualified applicants...Local areaRemote work
Sonoma Consulting
New York, NY2 days ago - ...Principal Security Architect Are you ready to make an impact at DTCC? Do you want to work on... ...architecture‑focused role, not a hands‑on engineering position, and is ideal for a seasoned... ...security services and controls, including IAM, encryption, monitoring, logging, and...
Dtcc
Jersey City, NJ2 days ago $184k - $230k
...Principal Engineer, Identity and Access Management At Early Warning... ...and Access Management (IAM) team, you will play a pivotal... ...implementing, and maintaining robust security solutions to safeguard... ...organizational security objectives. Architect, design, and enhance IAM...Hourly payFor contractorsWork experience placementWork at officeImmediate startVisa sponsorshipWork visaFlexible hoursEarly Warning Services
New York, NY3 days ago- ...leading financial services firm is seeking a Principal Authentication Engineer to join their Cybersecurity team in New York. This role focuses... ...scale. Ideal candidates will possess extensive knowledge in IAM, with experience coding and operating in large enterprise...
- ...Senior Security Architect, Identity and Access Management The Identity & Access Management (IAM) Senior Security Architect is a hands-on role focused on security architecture in the IAM space supporting application joiner, mover, and leaver processes. The Senior IAM...Immediate start
Aequor Inc
New York, NY2 days ago - ...SECURITY ARCHITECT MILITARY FRIENDLY & PREFERRED - HOH SPONSOR SUMMARY Zermount Inc. is seeking... ...SaaS, shared responsibility model. AWS IAM, KMS, S3, RDS, SNS/SQS, Organization, Guard... ...of the following: Computer Science, Engineering, Information Technology, Cybersecurity,...Remote work
Zermount, Inc.
New York, NY3 days ago - ...Develop a strategic firewall security architecture vision, including standards... ...architecture. Assist Information Security Engineering team to evaluate and design security solutions... .... Identity & Access Management (IAM): Expertise in implementing and managing...
3B Staffing LLC
Brooklyn, NY22 hours ago $150.29k - $225.43k
...innovation with #YouToThePowerOfAI. The Security Architect will advise other technology teams in... ...IPS/IDS, identity and access management (IAM), data loss prevention (DLP), zero... ...hands‑on security architecture and/or engineering Minimum of five (5) years of experience...Full timeLyric
New York, NY3 days ago- ...Security Architect Location: Remote (Americas) – (Global Application Allowed, choose the region... ...Establish identity and access management (IAM) strategies, including secrets... ...Collaborate with blockchain architects, AI engineers, DevOps, and business teams to ensure security...Full timeContract workFor contractorsLocal areaRemote workFlexible hours
ChainGPT
New York, NY3 days ago - A leading IT solutions company is seeking a Sr. IAM Engineer to lead the design and deployment of SailPoint IdentityIQ solutions. Ideal candidates will have 7-9 years of experience, strong Java skills, and a solid understanding of IAM concepts. Responsibilities include...
$178.5k - $203.5k
...instant messaging. About the Role The Security Architect is a technical, hands‐on senior role responsible... ...DevSecOps integration and enabling engineering teams to build securely by default in... ...AI , BigQuery , VPC Service Controls, IAM, and Security Command Center....Work at officeWork from homeShift workTebra
New York, NY3 days ago- ...GuidePoint Security provides trusted cybersecurity expertise, solutions and services that... ...considered. About the role The Security Architect will be responsible for delivering architecture... ...prevention technologies. Knowledge of IAM, network security, cloud security, endpoint...Remote workFlexible hours
GuidePoint Security
New York, NY2 days ago - ...Principal, Security Architect page is loaded## Principal, Security Architectlocations: US Remotetime... ...patterns that bake in least privilege IAM, secure defaults, encryption standards,... ...: Partner with IT, Legal, Data, and Engineering leaders to implement controls for internal...
ServiceTitan
New York, NY3 days ago - ...Cyber Security Architect Position: Cyber Security Architect Location: Hybrid in any of the... ...infrastructure, network, cryptography, IAM, and risk management. • Excellent verbal... ...architecture, data architecture, engineering, and infrastructure. • Minimum 12 years...Work experience placement
Software Technology Inc
New York, NY2 days ago $166k - $192k
...Enterprise Identity & Access Management (IAM) Architect is a senior architecture role... ...Partner with risk, compliance, audit, and security leadership to ensure IAM controls are defensible... ...This role is not: A hands-on IAM engineering or operations role A single-tool or...Work at officeLocal areaRemote workMUFG
Jersey City, NJ3 days ago- ...A leading telehealth solutions provider in the United States seeks a Staff IAM Engineer to lead their Identity & Access Management program. This position involves mentoring a team, designing IAM solutions, and ensuring compliance with healthcare regulations like HIPAA...
OpenLoop Health, Inc.
New York, NY3 days ago
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Security Engineer/Architect - IAM. Be the first to apply!
Related searches
- sr information security engineer New York, NY
- senior application security engineer New York, NY
- associate security engineer New York, NY
- azure security engineer New York, NY
- principal security engineer New York, NY
- security engineering manager New York, NY
- aws cloud security engineer New York, NY
- dlp security engineer New York, NY
- entry level security engineer New York, NY
- lead security engineer New York, NY