Cyber Identity Administrator

Identity And Access Management Administrator

The Innovation and Technology department for the City of Charlotte is currently recruiting an Identity and Access Management (IAM) administrator. This role is responsible for safeguarding access to critical municipal systems through the design, administration, and continuous improvement of the City's identity and access management ecosystem.

This position leads the integration of hybrid identity technologies across Active Directory, Microsoft Entra, and Okta, ensuring secure access, regulatory compliance, and operational resilience. Responsibilities include managing PCI compliance, coordinating cybersecurity incident response, and supporting cybersecurity automation and project delivery. This role partners closely with Cyber Protection and other IT teams to enhance identity governance, enforce policy, and modernize IAM capabilities.

Essential Duties and Responsibilities

• Design, implement, and manage enterprise identity and access management (IAM) solutions across Active Directory, Microsoft Entra ID, and Okta.
• Build, manage, and maintain Active Directory environments, including domain services, replication, and server roles.
• Administer identity lifecycle processes including provisioning, deprovisioning, and role-based access controls across hybrid environments.
• Deploy and integrate Single Sign-On (SSO) solutions between identity providers and SaaS and cloud applications using SAML, OAuth, OpenID Connect, and SCIM.
• Configure and troubleshoot Microsoft Entra App Registrations, Enterprise Applications, Conditional Access Policies, and RBAC models.
• Design and enforce enterprise access governance aligned with Zero Trust principles.
• Develop and maintain automation for IAM processes using PowerShell, Okta Workflows, and other scripting tools.
• Manage Group Policy Objects (GPOs) and enforce configuration standards across the enterprise.
• Administer and support hybrid AD and Azure AD environments including directory synchronization and identity federation.
• Deploy and maintain PKI infrastructure including certificate authorities, certificate lifecycle management, SCEP, and NDES integrations.
• Manage certificate services including issuance, renewal, revocation, and enterprise certificate governance.
• Monitor identity systems, analyze logs, respond to alerts, and lead troubleshooting and root cause analysis for identity-related incidents.
• Perform regular access reviews, audits, and remediation of role-based policies and permissions to ensure compliance with CJIS, NIST, and other regulatory frameworks.
• Support Active Directory backup and recovery strategies, including testing and validation of restoration processes.
• Coordinate and execute IT and cybersecurity projects, including remediation plans for audit findings and security gaps.
• Develop documentation, standards, and architectural diagrams for IAM systems and processes.
• Provide guidance and consultation to IT staff and leadership on identity governance, access risk, and automation strategies.
• Perform other related duties as assigned.

Minimum Qualifications

• Bachelor's degree in Computer Science, Information Security, Information Systems, or a related field or an equivalent combination of education and relevant work experience.
• 3+ years of experience in Information Technology or Identity and Access Management.

Preferred Qualifications or Certifications

• CISSP, GCIH, or similar cybersecurity certifications.
• Microsoft Identity and Access Administrator Associate certification.
• Okta Certified Professional or Administrator certification.
• 5+ years of experience in Identity and Access Management or related IT roles.

Competencies for Successful Performance of Job Duties

• Strong communication skills and ability to work across cross-functional technical teams.
• Advanced knowledge of Active Directory architecture, including multi-domain and multi-forest environments.
• Strong knowledge of Windows Server administration, including installation, configuration, patching, and hardening.
• Strong knowledge of Group Policy design, administration, and troubleshooting.
• Strong knowledge of DNS and Microsoft DNS configuration and troubleshooting.
• Strong knowledge of Microsoft Entra ID (Azure AD) including identity governance, conditional access, and hybrid identity.
• Strong knowledge of Okta administration, including lifecycle management, federation, and workflow automation.
• Experience with IAM automation using PowerShell, Python, or similar scripting languages.
• Strong understanding of identity lifecycle management, RBAC, and access governance models.
• Knowledge of Zero Trust architecture and modern identity security frameworks.
• Strong knowledge of PKI infrastructure, certificate lifecycle management, and cryptographic best practices.
• Experience with certificate deployment technologies such as SCEP and NDES.
• Knowledge of AD backup and recovery tools and processes.
• Knowledge of hybrid identity synchronization tools and services.
• Strong understanding of SSO protocols including SAML, OAuth, OpenID Connect, and SCIM.
• Knowledge of MFA technologies including TOTP, WebAuthN, and FIDO2.
• Experience with logging, monitoring, and incident response for identity systems.
• Knowledge of cybersecurity frameworks and compliance standards such as CJIS, NIST, and HIPAA.
• Ability to design scalable IAM solutions and improve operational efficiency through automation.
• Strong analytical, troubleshooting, and problem-solving skills.
• Ability to document systems, processes, and architecture for both technical and non-technical audiences.
• Experience with certificate management and enterprise PKI design

Ability to:

• Meet schedules and deadlines of the work
• Work In Office two days per week minimum and as needed in addition.
• Must be physically located near Charlotte, NC.

Working Conditions & Physical Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

This position is relative free from unpleasant environmental conditions or hazards and is generally sedentary. Incumbents may be required to exert up to 10 pounds of force occasionally, a negligible amount of force frequently, and/or constantly having to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally and all other sedentary criteria are met.

Conditions of Employment

The City's Background Check Policy requires background checks to be conducted on final internal or external candidate(s) applying for any position with the City of Charlotte. The type of information that will be collected as part of a background check includes, but is not limited to: reference checks, social security verification, education verification, criminal conviction record check, and, if applicable, a credit history check, sex offender registry and motor vehicle records check.

Background checks must be in compliance with all federal and state statutes, such as the Fair Credit Reporting Act (FCRA). The checks must be consistent with the guidelines set forth by these laws requiring organizations to obtain a candidate's written authorization before obtaining a criminal background report, motor vehicle records check or credit report; and to properly store and dispose of information derived from such reports.

Final candidates must pass a pre-employment drug-screening test and physical examination. During the selection process, candidates may be asked to take a skills test, and/or participate in other assessments.

The City of Charlotte is an Equal Opportunity Employer and does not unlawfully discriminate on the basis of race, religion, color, sex, national origin, marital status, age, disability, sexual orientation, political affiliation or on the basis of actual or perceived gender as expressed through dress, appearance, or behavior.

Our culture is to serve the community honorably.

How to Apply

Apply online.

Federal law requires employers to provide reasonable accommodations to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job.

You are welcome to visit the City of Charlotte Human Resources Department lobby, where self-service application kiosks are available. They are located in our office at 700 East 4th Street, Suite 200, Charlotte, NC 28202. We are open Monday through Friday, from 9:30 a.m. to 3:30 p.m. (EST), excluding official City holidays.

For questions about your application or the hiring process, please email View email address on click.appcast.io.

The City of Charlotte is committed to making our services and programs accessible to all. Upon request, auxiliary aids, written materials in alternate formats, language access, and other reasonable accommodations or modifications will