Identity and Access Management

Position Summary

The IAM Engineer will implement, manage, and maintain the identity and access management infrastructure. The role ensures secure, efficient, and scalable access to digital resources while supporting business objectives and maintaining compliance with security standards.

Design, configure, and manage IAM framework using Microsoft Entra  (Azure AD), Active Directory, and SSO technologies. Align IAM policies with business and security requirements.

Administer and maintain AD forests, domains, trusts, and replication. Manage Entra  including MFA, conditional access, and identity protection. Ensure high availability and security of directory services.

Configure and support SSO using SAML, OAuth, and OpenID Connect. Integrate SSO with cloud and on-prem applications.

Enforce RBAC, access policies, and identity governance. Ensure compliance with PCI, NIST, and 201 CMR 17. Conduct risk assessments, security reviews, and audits.

Manage provisioning, de-provisioning, and access reviews. Automate IAM workflows for efficiency and security.

Troubleshoot IAM issues including SSO and directory integration. Collaborate with cybersecurity, IT, and application teams. Provide IAM best practice guidance.

Maintain technical documentation. Report IAM performance and issues to stakeholders.

Must be able to travel to Lottery offices statewide as needed. Ability to provide on-call support during critical IAM events.

• 5+ years of IAM experience with Microsoft Entra  (Azure AD), Active Directory, and SSO.
• Experience with SAML, OAuth, and OpenID Connect.
• Strong understanding of AD architecture (forests, domains, trusts, replication).
• Experience with MFA, conditional access, and identity protection.
• Familiarity with PCI, 201 CMR 17, and NIST compliance.
• Experience in identity lifecycle management.
• Strong troubleshooting skills.

Cloud Hybrid is an equal opportunity employer inclusive of female, minority, disability and veterans, (M/F/D/V). Hiring, promotion, transfer, compensation, benefits, discipline, termination and all other employment decisions are made without regard to race, color, religion, sex, sexual orientation, gender identity, age, disability, national origin, citizenship/immigration status, veteran status or any other protected status. Cloud Hybrid will not make any posting or employment decision that does not comply with applicable laws relating to labor and employment, equal opportunity, employment eligibility requirements or related matters.

Nor will Cloud Hybrid require in a posting or otherwise U.S. citizenship or lawful permanent residency in the U.S. as a condition of employment except as necessary to comply with law, regulation, executive order, or federal, state, or local government contract.