Sr. Principal IAM Engineer

Sr. Principal Engineer – IAM : Directory & Authentication Services

Role Summary

The Principal Engineer is the technical authority and architect for enterprise directory and authentication services. This role drives platform design, modernization, and deep technical decisions across Microsoft Entra ID and hybrid identity while partnering closely with Security Architecture and Platform Engineering.

This is a hands-on, high-impact engineering role, not a people manager.

Key Responsibilities

Identity Architecture & Platform Engineering

• Own end-to-end architecture for Entra ID and hybrid Active Directory environments.
• Design and evolve authentication, authorization, and identity lifecycle architectures at enterprise scale.
• Lead modernization from legacy identity patterns to cloud-native, Zero Trust–aligned identity models.

Authentication & Conditional Access Strategy

• Architect Conditional Access frameworks using risk, device, user, and workload signals.
• Design and optimize passwordless, MFA, and phishing-resistant authentication strategies.
• Define standards for legacy protocol containment and deprecation.

Directory Security & Tier-0 Protection

• Define Tier‑0 identity security architecture, including admin isolation, PAWs, and break-glass models.
• Design Privileged Identity Management (PIM) and just-in-time access patterns.
• Reduce identity attack surface through architectural controls and guardrails.

Engineering Excellence & Automation

• Drive Infrastructure-as-Code for identity (Terraform/Bicep/Graph automation).
• Establish reliability patterns, failure isolation, and service resiliency models.
• Partner with SRE and SecOps on observability, metrics, and alerting strategy.

Technical Leadership

• Act as design authority for IAM initiatives across applications and platforms.
• Review designs, mentor senior engineers, and raise overall technical bar.
• Influence roadmap decisions and long-term identity strategy.

Required Skills & Experience

• 15+ years in IAM with deep Microsoft Entra ID & Active Directory expertise
• Proven experience architecting large-scale hybrid identity platforms
• Deep expertise in:
• Conditional Access & Identity Protection
• MFA & Passwordless Authentication
• Federation (SAML, OIDC, OAuth)
• Privileged Access Models
• Strong automation and engineering mindset
• Ability to operate at both whiteboard and code level

What Success Looks Like

• Identity platform designs scale cleanly, securely, and predictably
• Security posture improves without harming user experience
• Clear architectural patterns adopted enterprise-wide
• Reduced dependency on vendor “defaults” through engineering control