IAM Systems Engineer

We are seeking an experienced Identity and Access Management (IAM) professional with over 10 years in the field to lead the integration of vendor applications with Entra ID (formerly Azure AD) for secure, efficient authentication using SAML 2.0. The ideal candidate will have deep expertise in IAM solutions, particularly Entra ID, and a comprehensive understanding of Single Sign-On (SSO) principles, along with proven experience in creating and documenting robust IAM architecture and design patterns. This is a hybrid contract assignment based in Bedford, NSKey Responsibilities :

• Lead and oversee the onboarding of vendor applications to use Entra ID authentication via SAML 2.0, establishing secure and reliable Single Sign-On (SSO) across applications.
• Design, implement, and document IAM architecture with a focus on SSO for applications, maintaining alignment with security and compliance standards.
• Configure, manage, and troubleshoot SAML-based authentication flows within Entra ID, including assertion handling, response / request management, and integration with external vendor systems.
• Collaborate with internal teams, vendors, and stakeholders to assess IAM requirements and implement solutions that enhance user experience and security.
• Develop and maintain technical documentation for IAM architecture, including design diagrams, SSO workflows, and data flows tailored for technical and non-technical audiences.Technical Skills : 1. Identity and Access Management (IAM) : o Expertise in IAM concepts, especially in implementing Single Sign-On (SSO) for simplified and secure access management.o Strong knowledge of identity lifecycle management, including provisioning, de-provisioning, and recertification.2. Entra ID (formerly Azure AD) : o Extensive experience in configuring Entra ID, including application registration, SSO configurations, user / group management, and policy administration.o Proficiency in managing SAML 2.0 authentication flows within Entra ID and integrating these with various applications to support seamless SSO.3. Kerberos and Token-Based Authentication : o In-depth understanding of Kerberos authentication mechanisms, including the Ticket-Granting Ticket (TGT) and Service Ticket processes for secure access management.o Expertise in configuring and troubleshooting Kerberos and token-based authentication for applications within enterprise environments.4. Security Protocols and Standards : o Proficiency in SAML 2.0, along with familiarity in OAuth 2.0 and OpenID Connect, for broad expertise in authentication standards.o Knowledge of secure token handling and assertion management practices in support of SSO configurations.