Enterprise Directory & Messaging Lead

Salary Range: 117000 to 129000 (Currency: USD) (Pay period: per-year-salary)

Benefits

• Health insurance
• Dental insurance
• Vision insurance
• Life Insurance
• 401(k) Retirement Plan with matching
• Paid Time Off
• Paid Federal Holidays

Required Skills and Qualifications

• 5–7+ years of progressive IT infrastructure, IAM, or security engineering experience, including at least 3 years in a leadership or senior engineering capacity.
• Proven expertise with Microsoft Active Directory and Microsoft Entra ID (Azure AD), including user lifecycle management, conditional access, and on-prem integration.
Experience with cloud IAM platforms:
• AWS IAM (roles, policies, service accounts, resource-level controls).
• Google Cloud IAM / Cloud Identity (policy-based access, service account management, federated identity).
• Familiarity with enterprise SSO/federation platforms such as Okta or Ping Identity, covering MFA, SSO, SaaS app integration, and user provisioning.
• Hands-on experience with open-source/on-prem IAM platforms such as:
• Keycloak (SSO, OAuth2, OIDC, federation, LDAP/AD integration).
• OpenLDAP or FreeIPA (users, groups, schema extensions, Kerberos integration).
• Experience with other platforms such as Gluu, FusionAuth, or Apache Syncope is a plus.
• Strong knowledge of authentication and access control standards (SAML, OAuth2, OIDC, PKI).
• Proven ability to design and enforce RBAC/ABAC policies, just-in-time (JIT) access, and least privilege across hybrid environments.
• Demonstrated success implementing and managing MFA, SSO, and conditional access across diverse systems.
• U.S. Citizenship required (clearance eligibility).
Preferred:
• Experience with FedRAMP, NIST 800-53, DISA STIGs, ISO 27001, HIPAA, SOX compliance frameworks.
• Knowledge of Zero Trust architecture and security best practices.
• Familiarity with Google Workspace IAM and federation with SaaS/enterprise apps.
• Scripting/automation skills (PowerShell, Python, or similar).
• Relevant certifications such as CISSP, CCSP, AWS Security Specialty, or IAM-specific certifications.
KEY RESPONSIBILITIES
Directory & Identity Management
• Oversee Active Directory and Entra ID (Azure AD) provisioning, access controls, group policies, and lifecycle management.
• Manage AWS IAM roles, service accounts, and resource-level access controls.
• Administer Google Cloud IAM/Cloud Identity policies, federated access, and service accounts.
• Configure and manage SSO and federation solutions (Okta, Ping, Keycloak, etc.).
• Enforce RBAC/ABAC access policies, least privilege, MFA, and conditional access controls.
• Implement and drive adoption of Zero Trust principles across IAM and directory solutions.
Messaging & Collaboration Platforms
• Manage Microsoft Exchange, Office 365, and Teams, ensuring performance, security, and availability.
• Enforce email security standards (SPF, DKIM, DMARC), retention, and encryption policies.
• Lead migration and modernization of messaging and collaboration platforms.
• Cloud & Infrastructure Integration
• Drive hybrid and cloud-based migrations (Azure, M365/O365, AWS IAM, Google IAM).
• Ensure scalability, high availability, and disaster recovery readiness.
• Automate IAM/directory processes using scripting (PowerShell, Python, etc.).
Compliance & Governance
• Align IAM and messaging systems with FedRAMP, NIST, DISA STIGs, ISO 27001, HIPAA, SOX.
• Establish and maintain audit-ready documentation and access governance processes.
• Monitor, report, and remediate IAM-related metrics, risks, and compliance adherence.
Leadership & Collaboration
• Supervise technical staff and serve as an escalation point for complex IAM/directory issues.
• Partner with IT, security, and vendors to deliver secure, enterprise-wide IAM solutions.
• Provide technical leadership, updates, and recommendations to senior management.
• Provide updates, recommendations, and technical leadership to senior management.