Position Title: IDAM Engineer – Directory & Authentication

Location: India (with availability between 1 PM IST to 10 PM IST, including minimum 3 hours overlap with US ET)

Job Type: Full-Time

Reports To: ZICC Directory & Authentication Technology Lead

Dotted Line Reporting: Head of IDAM (US-based) and IDAM Operations & Directory Services Leads

Department: Technology Risk Management (under the Chief Information Security Officer)

Position Responsibilities

• Collaborate with application, infrastructure, and development teams to integrate enterprise and SaaS applications with Active Directory, SSO, Conditional Access, MFA, and other authentication solutions.
• Design and implement custom tools to automate repetitive tasks for operational efficiency.
• Maintain, configure, and operate the Active Directory platform and related integrations, with a focus on hands-on implementation and technical engineering across corporate and OT environments.
• Monitor performance, scalability, and security of in-scope platforms; respond to critical issues and escalations, while managing day-to-day operations.
• Provide Level 2 (L2) and Level 3 (L3) support for directory-related issues, troubleshooting complex problems to ensure a high-quality user experience.
• Participate in a 16x5 operational support rotation and offer off-hours escalation support for high-priority incidents (P1, P2).
• Execute installations, maintenance, and configuration changes across IDAM systems using scripting and automation.
• Lead and mentor a team of L2 and L3 administrators, analysts, and engineers; foster team growth and operational excellence.
• Collaborate with the Service Desk, Site Services, and Security Operations teams to enhance support processes and cross-functional workflows.
• Act as a technical subject matter expert providing detailed coding, configuration, and engineering guidance for IDAM initiatives.
• Ensure compliance with global IDAM policies, processes, and regulatory requirements to secure and streamline system access.

Organizational Relationships

• Direct report to ZICC Directory & Authentication Technology Lead.
• Dotted-line collaboration with US-based Head of IDAM and IDAM Operations & Directory Services Leads.
• Integral part of the global Technology Risk Management organization under the CISO.
• Regular collaboration with ZTD application, infrastructure, and business partner teams.
• Interface with external vendors, partners, and implementation teams for IDAM integrations, including software and API requirements, contract negotiation, and solution deployment.

Education and Experience

Education:

• University Degree in Computer Science or Information Systems (required)
• Desirable certifications or advanced courses in security/identity, such as:
• Certified Information Systems Security Professional (CISSP)

Experience:

• 6+ years of experience in Information Systems
• 6+ years of hands-on experience with IDAM (Active Directory, SSO, PKI, MFA)
• 2+ years in a regulated industry (pharmaceutical or animal health preferred)
• Experience working across global teams and time zones
• Proven history managing medium to large-scale global IT projects
• Experience leading technical teams and end-to-end solution delivery
• Strong track record collaborating with Managed Service Providers (MSPs)

Technical Skills Requirements

This is a highly technical and hands-on role. The ideal candidate should be proficient and a leader in the following areas:

Enterprise & Cloud Directories

• Integration of applications with Microsoft Active Directory and Entra ID (Azure AD)
• Experience with SSO using SAML, OAuth 2.0, and OpenID Connect (OIDC)
• Proficiency in Conditional Access Policies and Modern Authentication
• Advanced troubleshooting with Kerberos and LDAP (including LDAPS)
• Automation using PowerShell (required), Python and Bash (preferred)
• REST API design and integration experience
• Familiarity with Passwordless Authentication (e.g., FIDO2, biometrics)

Multi-Factor Authentication (MFA), PKI & Encryption

• Expertise in MFA platforms (e.g., SafeNet MobilePass)
• Strong knowledge of Microsoft CA/PKI and certificate management
• Familiarity with SSL/TLS, secure key management, and Linux integration with directories

Application Hosting & PAM

• Knowledge of hosting in Azure and hybrid environments
• Experience with PAM tools, including password vaulting and Just-in-Time Access

Support and Operational Expertise

• L2/L3 support experience for authentication and identity issues
• Incident response and root cause analysis
• Collaboration with Service Desk and SOC teams to improve IAM services

Desirable Skills

• Experience with PAM tools such as Delinea Secret Server or Netwrix
• Identity Governance (IGA) knowledge, including SailPoint IdentityIQ
• Power Apps for workflow customization
• Experience with SQL, Alteryx, and data warehousing tools for reporting and troubleshooting

Language & Communication Skills

• Must be fluent in written and spoken English.
• Capable of articulating technical concepts to both technical and non-technical audiences.

Physical Position Requirements

• Must be available to work from 1 PM IST to 10 PM IST, including at least 3 hours overlap with US Eastern Time (ET) daily.