Enterprise IAM Engineer

They need someone who is strong in this space, strong IAC and Terraform, AWS cloud

Overview

We are seeking a highly skilled Enterprise Identity Engineer to manage, support, and secure enterprise identity infrastructure. This role is responsible for the administration, reliability, and security of Active Directory and related identity services that underpin critical business systems.

The position includes Tier 0 / Enterprise Administrator access, requiring the highest levels of trust, security awareness, and technical expertise. Due to the elevated cyber security risk associated with this role, candidates must be willing to successfully complete an enhanced background check as a condition of assignment.

This is an onsite role based in Houston, TX, supporting a large‑scale enterprise environment and participating in an on‑call rotation for identity and security services.

Responsibilities

• Administer, maintain, and secure Active Directory (AD) environments, including domain controllers, replication, DNS, and security hardening.
• Manage Active Directory Certificate Services (ADCS) and enterprise Public Key Infrastructure (PKI), including certificate lifecycle management.
• Support and maintain Active Directory Federation Services (ADFS) and integrations with internal and external identity providers.
• Implement and manage Azure Information Protection (AIP) to support enterprise data security and classification initiatives.
• Configure and manage Hardware Security Modules (HSMs) for cryptographic key protection and secure operations.
• Design, implement, and enforce Group Policy Objects (GPOs) to meet security, compliance, and operational standards.
• Ensure secure authentication and authorization through deep expertise in Kerberos, Service Principal Names (SPNs), and key tab management.
• Utilize Quest tools (Change Auditor, RMAD, GPO Admin) for auditing, monitoring, disaster recovery, and policy governance.
• Deploy and manage cloud infrastructure in AWS, leveraging Terraform and Infrastructure‑as‑Code (IaC) practices for automation and consistency.
• Develop and maintain PowerShell automation scripts for operational efficiency, reporting, and security controls.
• Partner with cyber security and compliance teams to ensure adherence to enterprise security standards and best practices.
• Participate in an on‑call rotation to support critical identity and security services and resolve high‑severity incidents.
• Work as part of an Agile team, participating in ceremonies and collaborating with application developers, business stakeholders, and infrastructure teams.

Required Qualifications

• Strong experience administering Active Directory in complex, enterprise‑scale environments.
• Hands‑on expertise with ADCS, PKI, and certificate lifecycle management.
• In‑depth knowledge of Kerberos authentication, SPNs, and key tabs.
• Advanced experience managing and troubleshooting Group Policy Objects (GPOs).
• Proficiency in PowerShell scripting for automation, auditing, and reporting.
• Experience with Terraform and Infrastructure‑as‑Code concepts.
• Familiarity with AWS infrastructure and cloud‑based identity integrations.
• Experience using Quest Change Auditor, RMAD, and GPO Admin.
• Solid understanding of enterprise security principles, especially those related to privileged access and identity protection.
• Ability to meet requirements for enhanced background screening due to Tier 0 access.

Preferred Qualifications

• Experience with Azure Information Protection (AIP) or Microsoft security and identity services.
• Knowledge of HSM configuration and cryptographic key management.
• Experience supporting identity platforms in regulated or high‑security environments.
• Prior work in large enterprises or oil & gas–scale environments.

Soft Skills

• Strong analytical and problem‑solving skills.
• Excellent written and verbal communication.
• Ability to work independently while collaborating effectively with cross‑functional teams.
• High attention to detail and sound judgment when handling sensitive systems and access.