Identity and Access Management Analyst

Job description:

Job Title : IT Security Identity and Access Management .

Duration : 12 Months

Work Location : New York, NY 10004

Type : Hybrid

Years of Experience : 7 ~ 9 yrs .

GENERAL INFORMATION :

**PLEASE NOTE THIS POSITION WILL ALLOW CONSULTANT TO WORK A HYBRID REMOTE SCHEDULE.
UPON START DATE CONSULTANT WILL BE REQUIRED TO WORK FIRST MONTH FULLY ONSITE. ONCE WORK CAPABILITY IS ESTABLISHED, CONSULTANT WILL BE ALLOWED TO WORK A HYBRID REMOTE SCHEDULE CONSISTING OF 3 DAYS ONSITE/ 2 DAYS REMOTE. ASLO HOURS PER WEEK IS 37.5 NO OVERTIME**

Overview:

The IGA Analyst will play a critical role in strengthening the organization’s identity security posture across corporate, frontline, and operational technology (OT) environments. This role will focus on onboarding applications into the enterprise IGA platform, modernizing authentication through FIDO2 and passwordless technologies, and reducing technical debt through effective governance and lifecycle management controls.

The ideal candidate has hands-on experience with major IGA, PAM, and MFA platforms, possesses a strong understanding of Active Directory and Entra ID, and can collaborate with cross-functional teams to implement scalable identity controls that align with Zero Trust principles.

KEY RESPONSIBILITIES
**Application Onboarding & Integration**

* Partner with application owners to onboard and certify applications within the IGA platform (e.g., SailPoint, Saviynt, or Oracle).
* Define and enforce access models, entitlements, and approval workflows for new and existing applications.
* Establish least-privilege and segregation-of-duties (SoD) controls within IGA.

**Identity Security Posture & Technical Debt Reduction**

* Identify and remediate identity risks such as orphaned accounts, excessive entitlements, and privileged access sprawl.
* Contribute to ongoing cleanup initiatives for AD, Entra ID, and connected systems to align with modern identity hygiene standards.
* Support implementation of risk-based access policies and automated lifecycle management processes.

**Authentication Modernization**

* Support the adoption of phishing-resistant authentication methods, including FIDO2 security keys and passwordless sign-ins.
* Collaborate with MFA and SSO platform teams to migrate legacy authentication flows to modern protocols (e.g., WebAuthn, OIDC, SAML).
* Evaluate user experience, security impact, and deployment readiness across diverse user populations (corporate, frontline, OT).

**Federation & Access Management**

* Configure and manage federated SSO integrations via Entra ID and other IdPs.
* Apply conditional access and adaptive authentication policies based on user risk, device health, and context.
* Coordinate with PAM teams to align privileged session management with federated access controls.

**Cross-Domain Collaboration**

* Partner with security architecture, IAM engineering, and compliance teams to ensure IGA controls meet enterprise and regulatory standards.
* Document and report on metrics related to access certifications, compliance posture, and identity lifecycle performance.
* Provide operational support for IGA platform maintenance, upgrades, and new integrations.

QUALIFICATIONS*

Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience).
* 3–5 years of hands-on experience in Identity Governance & Administration (IGA).
* Strong knowledge of Active Directory, Entra ID, and federated authentication protocols (SAML, OIDC, OAuth2).
* Familiarity with one or more of the following platforms:

IGA: SailPoint, Saviynt, Oracle IDCS
PAM: BeyondTrust, CyberArk, ManageEngine PAM360
MFA/SSO: Microsoft Entra ID, Duo, Okta, Ping Identity
Working knowledge of Zero Trust, FIDO2, passwordless, and phishing-resistant MFA concepts.
Experience applying IGA controls for diverse user types (corporate, frontline, OT).
Strong analytical, documentation, and communication skills; ability to collaborate across technical and business teams.

ADDITIONAL SKILLS AND INFORMATION :

Experience with identity lifecycle automation and role-based access control (RBAC) modeling.
Understanding of privilege escalation risks, identity threat detection, and compliance frameworks (NIST 800-63B, CIS, TSA, etc.).
Scripting knowledge (PowerShell, Python, or SQL) for data analysis or automation.
Familiarity with cloud identity models (Azure, AWS, GCP).

Pay: $65.00 - $68.00 per hour

Expected hours: 40 per week

Application Question(s):

• Do you have working knowledge of Zero Trust principles or identity-related compliance frameworks (e.g., NIST 800-63B, CIS)?
• Are you in or near to New York, NY 10004, Local candidates are allowed.
• Are you authorized to work on W2.

Experience:

• Identity Governance & Administration (IGA) platforms: 3 years (Required)
• Active Directory (AD) and Microsoft Entra ID (Azure AD): 4 years (Required)
• SAML, OIDC, or OAuth2: 3 years (Required)
• MFA or passwordless authentication (FIDO2, WebAuthn): 5 years (Required)
• CyberArk, BeyondTrust, ManageEngine PAM360: 2 years (Required)

Location:

• New York, NY 10004 (Required)

Ability to Commute:

• New York, NY 10004 (Required)

Work Location: In person

Salary : $65 - $68