Identity and Access Management (IAM) Azure

Ampcus Inc. is a certified global provider of a broad range of Technology and Business consulting services. We are in search of a highly motivated candidate to join our talented Team.

Job Title: Identity and Access Management (IAM) Azure

Location(s): Pittsburgh, PA, Lake Mary, FL, or New York , NY / Remote is NOT an option.

Role Summary
The IAM Architect/Engineer is responsible for hands on design, implementation, and operation of Identity and Access Management capabilities across Microsoft Azure within a highly regulated banking environment. This role is a technical practitioner-not advisory-focused on building, securing, and operating FedRAMP and NIST aligned identity controls supporting cloud, hybrid, and AI enabled workloads.

• Design and implement Azure Entra ID (Azure AD) identity architecture for regulated banking workloads.
• Configure and operate:
  • Azure RBAC and custom roles.
  • Privileged Identity Management (PIM).
  • Conditional Access policies.
  • Identity Protection and risk based access.
• Implement managed identities and service principals for applications, automation, and AI workloads.
• Secure access to Azure IaaS, PaaS, and AI services using least privilege principles.

• Engineer identity controls mapped to NIST SP 800 53 Rev 5 (AC, IA, AU, CM, IR families).
• Support FedRAMP Moderate / High control implementation and continuous monitoring.
• Produce and maintain audit ready evidence:
  • Identity configurations.
  • Access reviews.
  • PIM logs and approval trails.
• Participate directly in ATO readiness, audits, POA&M remediation, and regulator inquiries.

• Integrate Azure IAM with:
  • Active Directory (on prem).
  • LDAP / Kerberos.
  • PKI and certificate based authentication.
• Implement secure federation using SAML, OAuth 2.0, OpenID Connect.
• Support identity flows for core banking, payments, AML, fraud, and data platforms.

• Implement and operate Privileged Access Management (PAM):
  • Azure PIM and CyberArk (or equivalent).
• Enforce Just in Time (JIT) and Just Enough Access (JEA) models.
• Automate joiner/mover/leaver lifecycle using SCIM and IGA tools.
• Conduct and remediate quarterly access reviews and segregation of duties (SoD) violations.

• Integrate identity telemetry with Microsoft Sentinel and enterprise SIEM.
• Build alerts for:
  • Privilege escalation.
  • Risky sign ins.
  • Policy violations.
• Support incident response for identity related security events.

• 8-12+ years in IAM / Identity Security, with hands on Azure delivery.
• Deep practical experience with:
  • Azure Entra ID (Azure AD).
  • Azure RBAC & PIM.
  • Conditional Access.
  • Managed Identities.
• Proven experience implementing NIST 800 53 controls.
• Direct experience supporting FedRAMP Moderate or High environments.
• Strong understanding of Zero Trust Architecture in regulated cloud.

• Strong scripting/automation skills:
  • PowerShell.
  • Azure CLI.
  • Infrastructure as Code (Terraform / Bicep preferred).
• Experience with identity federation protocols:
  • OAuth 2.0.
  • OIDC.
  • SAML.
• Familiarity with Azure logging and monitoring:
  • Azure Monitor.
  • Log Analytics.
  • Microsoft Sentinel.

• Banking or financial services background (FFIEC regulated environments).
• Experience securing AI / ML workloads using managed identities.
• CIEM or identity risk governance exposure.
• Certifications (preferred, not required):
  • SC 300, AZ 500.
  • CISSP / CCSP.
  • FedRAMP or NIST RMF training.

• Reduction in standing privileges and audit findings.
• Successful FedRAMP audits with zero identity related high findings.
• Measurable improvement in identity risk posture.
• Stable, repeatable IAM patterns adopted across Azure platforms.

Ampcus is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veterans or individuals with disabilities.