Identity and Access Management (IAM) Engineer

Job Title: Identity and Access Management (IAM) Engineer
Job Type: Full-Time, Contract (W2 Only, not available for C2C, C2H or 1099, and no sponsorship)
Contract Length: July 27, 2026 – July 25, 2027
Schedule: Monday–Friday, Normal Business Hours, 35 hours/week
Work Model: Hybrid (2 days on-site, 3 days remote) at 2 MetroTech Center, Brooklyn, NY 11201

Job Description

Paramint LLC is seeking a highly experienced Identity and Access Management (IAM) Engineer (Specialist 3) to support the Infrastructure Resilience Identity and Access Management team for a major New York City government agency.

This role will provide engineering, administration, and operational support for highly critical systems and infrastructure supporting multiple city agencies, including 24x7 operational environments such as NYC 311. The selected candidate will work across cloud and on-premises identity platforms, ensuring secure, resilient, and scalable access management solutions.

The IAM Engineer will serve as a senior technical resource responsible for Active Directory, Microsoft Entra ID, ManageEngine solutions, IAM operations, and Tier 2/3 support activities.

Key Responsibilities

Identity & Access Management Engineering

• Design, implement, maintain, and optimize enterprise IAM solutions
• Develop and manage role-based access control (RBAC) models
• Translate business and security requirements into IAM technical solutions
• Support enterprise authentication, authorization, and identity governance initiatives

Active Directory Engineering & Administration (30%)

• Administer and maintain Active Directory environments
• Design and implement directory services enhancements
• Troubleshoot complex AD issues and perform root cause analysis
• Support hybrid identity and synchronization solutions

Microsoft Entra ID Engineering & Administration (40%)

• Administer Microsoft Entra ID (formerly Azure Active Directory)
• Manage authentication, federation, conditional access, and identity lifecycle processes
• Support SAML, OAuth, and LDAP integrations
• Implement identity security best practices and governance controls

ManageEngine BSP Engineering & Operations (20%)

• Administer and support ManageEngine identity and security solutions
• Perform configuration, troubleshooting, and operational support activities
• Support ongoing enhancements and maintenance initiatives

IAM Tier 2/3 Support (10%)

• Provide advanced troubleshooting and incident resolution
• Participate in after-hours support activities as required
• Support critical systems requiring high availability and 24x7 operational coverage
• Assist with escalation management and service restoration efforts

Required Qualifications (Mandatory)

Candidates who do not meet the mandatory qualifications will not be considered.

• Minimum 12 years of hands-on experience designing, implementing, and supporting Identity and Access Management (IAM) solutions
• Extensive experience with: Active Directory / Microsoft Entra ID (Azure AD) / LDAP / SAML / OAuth
• Demonstrated experience delivering complex enterprise IAM projects
• Strong knowledge of Role-Based Access Control (RBAC) methodologies
• Exceptional analytical, troubleshooting, and problem-solving skills
• Ability to translate business requirements into secure technical solutions
• Strong written and verbal communication skills
• Experience collaborating with technical and business stakeholders across large organizations

Desirable Skills / Experience

• PowerShell scripting and automation
• Microsoft Azure administration
• Advanced Active Directory architecture and design
• Browser security and browser control technologies
• Experience supporting highly available, mission-critical environments
• Government or public sector experience

Application Process

To be considered, please email the following tohr@paramint.digital:

✔ Updated resume highlighting IAM, Active Directory, and Entra ID experience

✔ Two professional references (name, title, organization, email, phone)

✔ Confirmation of W-2 contract eligibility

✔ Confirmation of ability to work in the required hybrid schedule

✔ Summary of experience with Active Directory, Entra ID, SAML, OAuth, LDAP, and RBAC implementations

Pay: $75.00 - $85.00 per hour

Application Question(s):

• Are you willing to work under a W2 Contract? (This is NOT available for C2C, C2H or 1099, and NO sponsorship)

Location:

• Brooklyn, NY 11201 (Preferred)

Ability to Commute:

• Brooklyn, NY 11201 (Required)

Work Location: In person