Microsoft Identity and Access Management Engineer

Novanta is seeking a Microsoft Identity and Access Management Engineer to design, implement, and maintain IAM solutions within their Microsoft ecosystem. The role requires 3-5 years of experience, a security mindset, and a focus on enabling secure access in a modern enterprise environment.

Location: Remote (US)

Salary: $101,100–$161,800/yr

Responsibilities

• Design, implement, and maintain Microsoft Azure Active Directory (Azure AD / Entra ID) environments in hybrid and cloud-native configurations.
• Manage user lifecycle processes including provisioning, de-provisioning, and role-based access control (RBAC) assignments.
• Configure and maintain Conditional Access policies, Multi-Factor Authentication (MFA), and Single Sign-On (SSO) solutions.
• Administer Microsoft Privileged Identity Management (PIM) and Privileged Access Management (PAM) solutions to enforce least-privilege principles.
• Integrate SaaS applications and on-premises systems with Azure AD using SAML, OAuth 2.0, and OpenID Connect protocols.
• Monitor identity infrastructure for threats, anomalies, and compliance gaps using Microsoft Defender for Identity and Microsoft Sentinel.
• Support and manage on-premises Active Directory environments, Group Policy, and hybrid identity configurations (Azure AD Connect / Entra Connect).
• Collaborate with security, compliance, and application teams to ensure IAM policies meet regulatory requirements including SOX, HIPAA, and GDPR.
• Develop and maintain documentation, runbooks, and standard operating procedures for IAM systems and processes.
• Troubleshoot identity-related incidents, service requests, and access issues in a timely and structured manner.
• Participate in IAM roadmap planning, architecture reviews, and continuous improvement initiatives.

Requirements

• 3–5 years of experience in identity and access management, with a strong focus on Microsoft technologies.
• Hands-on expertise with Azure Active Directory / Microsoft Entra ID, including tenant management and identity governance.
• Proficiency in managing on-premises Active Directory and hybrid identity environments.
• Experience designing and implementing SSO integrations using SAML, OAuth 2.0, and OpenID Connect.
• Familiarity with Microsoft Privileged Identity Management (PIM) and Conditional Access policy configuration.
• Practical knowledge of MFA solutions, including Microsoft Authenticator and FIDO2 security keys.
• Experience with PowerShell scripting for IAM automation, reporting, and administration tasks.
• Solid understanding of Zero Trust security principles and their practical application to identity and access management.
• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or equivalent professional experience.

Benefits

• Comprehensive health benefits including medical, dental, and vision insurance.
• 401(k) retirement plan with company match.
• Generous paid time off, company holidays, and flexible scheduling.
• Remote or hybrid work flexibility based on role and team needs.
• Ongoing professional development support, including funding for certifications and training.
• Collaborative, inclusive culture driven by innovation and continuous improvement.
• The opportunity to work with cutting-edge technology at a global precision medicine and motion company.