Sr. Identity Access Management (IAM) & AI Governance Security Engineer

Job Summary

This role is responsible for the development and operation of a hybrid identity infrastructure (Microsoft Entra ID and Active Directory) and the security governance of enterprise AI tools. You will configure authentication, access policies, and data protection standards to ensure AI applications (such as Microsoft Copilot and custom LLMs) are accessed securely and interact only with authorized data.

Key Responsibilities

Identity Infrastructure & Access Control

• Manage and maintain Microsoft Entra ID (Azure AD) and on-premise Active Directory, including connect health, schema extensions, and trust relationships
• Develop auditing and reporting capabilities for business partners and stakeholders
• Design and enforce Conditional Access policies targeting high-risk sign-ins and restricting access based on device compliance and user location
• Configure Single Sign-On (SSO), Enterprise Applications, and SAML/OIDC integrations with strict authentication standards for third-party AI tools and SaaS platforms

AI Security Governance & Data Protection

• Implement entitlement management and access reviews to control user and group access to generative AI tools (e.g., Microsoft Copilot, ChatGPT Enterprise)
• Secure and govern non-human identities, including Service Principals, Managed Identities, and API tokens
• Configure Microsoft Purview sensitivity labels and Data Loss Prevention (DLP) policies to prevent exposure of confidential or restricted data

Privileged Access & Monitoring

• Enforce Privileged Identity Management (PIM) with Just-In-Time (JIT) access for administrative roles
• Monitor sign-in logs and audit trails for anomalous behavior involving AI applications
• Ensure compliance with internal security frameworks and policies
• Automate provisioning and de-provisioning processes to ensure timely access management

Training & Best Practices

• Provide guidance and coaching on identity and access management best practices
• Promote a culture of security awareness and compliance across teams

Qualifications

Required

• Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent experience)
• 4 years of experience with Microsoft Entra ID, Active Directory Domain Services (AD DS), and Group Policy
• Hands-on experience with Microsoft Purview (Information Protection, Data Lifecycle Management) and Data Loss Prevention (DLP)
• Understanding of securing non-human identities and governing access to Large Language Models (LLMs) in an enterprise environment
• Proficiency in PowerShell scripting and Microsoft Graph API
• Solid understanding of networking concepts such as DNS, DHCP, and VPN as they relate to authentication flows

Preferred

• Certifications such as SC-300 (Identity and Access Administrator) or SC-400 (Information Protection Administrator)
• Experience with Entra Verified ID or decentralized identity solutions
• Experience implementing security guardrails for Microsoft 365 Copilot

Core Competencies

• Manages Complexity: Effectively analyzes situations, identifies root causes, and evaluates solutions
• Situational Adaptability: Adjusts approach based on changing circumstances
• Optimizes Work Processes: Designs efficient workflows and continuously improves processes
• Collaboration: Builds strong partnerships and works effectively across teams
• Organizational Savvy: Navigates complex organizational structures and dynamics

Additional Information

• This role may require work beyond standard business hours as needed
• Responsibilities may evolve based on business needs

The projected salary range for this position is $115,000 to $120,000.

ODG is an equal opportunity employer that does not discriminate on the basis of race, color, religion, gender, sexual orientation, age, national origin, disability, or any other characteristic protected by law.