IAM Engineer

The IAM Engineer will play a critical role in modernizing the organization's identity and directory services as we transition from a traditional, on-premises Active Directory (AD)-centric model to a cloud-first identity architecture. This role will lead and support initiatives to simplify, consolidate, and rationalize AD infrastructure while reducing overall reliance on legacy directory services in favor of modern cloud identity platforms such as Microsoft Entra ID.This position blends hands-on engineering, design, and cross-team collaboration to enable secure, scalable, and resilient identity services aligned with Zero Trust and cloud transformation objectives. Responsibilities:

• Lead the modernization, consolidation, and rationalization of Active Directory environments, including domain/forest design, trust models, and directory hygiene initiatives.
• Design and implement strategies to reduce organizational dependence on Active Directory by shifting authentication, authorization, and identity governance workloads to cloud-native platforms (e.g., Microsoft Entra ID).
• Partner with security, infrastructure, and application teams to enable modern authentication methods (passwordless, phishing-resistant MFA, conditional access) and minimize legacy protocol usage.
• Provide technical leadership during migrations to colocation or cloud-adjacent environments, ensuring directory services remain secure, resilient, and supportable during transition phases.
• Define and document target-state identity architectures, design standards, and migration roadmaps aligned with Zero Trust and cloud security principles.
• Serve as a trusted technical advisor to stakeholders, translating complex identity and directory challenges into actionable solutions and implementation plans.
• Contribute to operational excellence by improving automation, monitoring, and lifecycle management for identity services.

• Strong hands-on experience with Microsoft Active Directory, including domain/forest architecture, Group Policy, DNS integration, trusts, and identity lifecycle management.
• Demonstrated experience designing or operating hybrid identity solutions involving Active Directory and Microsoft Entra ID (Azure AD).
• Practical knowledge of modern cloud identity concepts, including conditional access, identity governance, least-privilege access, and Zero Trust architectures.
• Solid understanding of authentication and authorization protocols (Kerberos, LDAP, SAML, OAuth 2.0, OpenID Connect) and their modern cloud equivalents.
• Experience collaborating across infrastructure, security, and application teams in a complex enterprise environment.
• Strong documentation and communication skills, with the ability to produce clear architecture diagrams, design documents, and implementation guidance.
• Familiarity with enterprise-scale security strategies and governance frameworks.

Stefanini takes pride in hiring top talent and developing relationships with our future employees. Our talent acquisition teams will never make an offer of employment without having a phone conversation with you. Those face-to-face conversations will involve a description of the job for which you have applied. We also speak with you about the process including interviews and job offers. About Stefanini Group: The Stefanini Group is a global provider of offshore, onshore and near shore outsourcing, IT digital consulting, systems integration, application, and strategic staffing services to Fortune 1000 enterprises around the world. Our presence is in countries like the Americas, Europe, Africa, and Asia, and more than four hundred clients across a broad spectrum of markets, including financial services, manufacturing, telecommunications, chemical services, technology, public sector, and utilities. Stefanini is a CMM level 5, IT consulting company with a global presence. We are CMM Level 5 company