IAM​/RBAC Engineer

Description: Hybrid 4 days onsite in either New York, NY or Pitt, PA or Lake Mary, FL

Our client seeks an IAM/RBAC Engineer to design, implement, and administer access controls in Microsoft Entra  Azure RBAC. The contractor will enforce least-privilege, govern privileged and remote access, strengthen authenticator management, and maintain audit-ready documentation and monitoring across Azure environments.

This is a contract to hire opportunity. Applicants must be willing and able to work on a w2 basis and convert to FTE following contract duration. For our w2 consultants, we offer a great benefits package that includes Medical, Dental, and Vision benefits, 401k with company matching, and life insurance.

Rate: $82.00 to $92.00/hr. w2

• Define and maintain an enterprise Azure RBAC role taxonomy and document role-to-permission mappings.
• Map permissions to roles and enforce least-privilege via security groups and scoped role assignments.
• Eliminate broad direct privilege assignments and track changes to access models.
• Implement PIM and JIT workflows for elevated access with approvals and time-bound permissions.
• Establish standards for VPN, jump hosts, and privileged session configurations and restrictions.
• Define and manage emergency access procedures with incident notification and post-event review.
• Configure MFA for privileged roles using strong authenticators such as smart cards or security keys.
• Provision Azure AD administrator roles for applicable services, including SQL.
• Enforce managed identities for applications and reduce reliance on local service keys.
• Prevent unencrypted static credentials in code and enforce secret hygiene standards.
• Author and maintain IAM policies, standards, and operating procedures.
• Conduct periodic access reviews and support audit evidence collection.
• Maintain asset and data inventories and baseline configurations aligned with configuration management.
• Configure Azure-native monitoring and logging for identity and access events.
• Route alerts to service owners and security teams and support audit readiness.

• Advanced knowledge of Microsoft Entra , Azure RBAC, security groups, PIM, and JIT access workflows.
• Hands‑on experience with Azure Policy, managed identities, and Azure AD admin role provisioning.
• Familiarity with Azure monitoring and logging and AAA concepts.
• Strong understanding of least‑privilege design and access control best practices in Azure.
• Competence in baseline configuration management and accurate inventory maintenance.
• Experience implementing least‑privilege at scale and articulating Azure RBAC rationale.
• Ability to author IAM policies and procedures, perform access reviews, and support audits.
• Proven capability governing remote and elevated access and emergency access processes.
• Effective communication and documentation skills for technical writing and stakeholder coordination.
• Ability to collaborate with engineering, security, and operations teams for compliant access practices.
• Nice‑to‑have:
  Integration with approval systems and ticketing, application identity patterns and CI/CD secret controls, and audit readiness for cloud access controls.