Sr. Principal Engineer - IAM : Directory & Authentication Services
Role Summary
The Principal Engineer is thetechnical authority and architectfor enterprise directory and authentication services. This role drivesplatform design, modernization, and deep technical decisionsacross Microsoft Entra ID and hybrid identity while partnering closely with Security Architecture and Platform Engineering.
This is ahands-on, high-impact engineering role, not a people manager.
Key Responsibilities
Identity Architecture & Platform Engineering
- Ownend-to-end architecturefor Entra ID and hybrid Active Directory environments.
- Design and evolveauthentication, authorization, and identity lifecycle architecturesat enterprise scale.
- Lead modernization from legacy identity patterns tocloud-native, Zero Trust-aligned identity models.
Authentication & Conditional Access Strategy
- ArchitectConditional Access frameworksusing risk, device, user, and workload signals.
- Design and optimizepasswordless, MFA, and phishing-resistant authenticationstrategies.
- Define standards for legacy protocol containment and deprecation.
Directory Security & Tier-0 Protection
- DefineTier‑0 identity security architecture, including admin isolation, PAWs, and break-glass models.
- DesignPrivileged Identity Management (PIM)and just-in-time access patterns.
- Reduce identity attack surface through architectural controls and guardrails.
Engineering Excellence & Automation
- DriveInfrastructure-as-Codefor identity (Terraform/Bicep/Graph automation).
- Establishreliability patterns, failure isolation, and service resiliency models.
- Partner with SRE and SecOps on observability, metrics, and alerting strategy.
Technical Leadership
- Act asdesign authorityfor IAM initiatives across applications and platforms.
- Review designs, mentor senior engineers, and raise overall technical bar.
- Influence roadmap decisions and long-term identity strategy.
Required Skills & Experience
- 15+ years in IAM withdeep Microsoft Entra ID & Active Directory expertise
- Proven experience architectinglarge-scale hybrid identity platforms
- Deep expertise in:
- Conditional Access & Identity Protection
- MFA & Passwordless Authentication
- Federation (SAML, OIDC, OAuth)
- Privileged Access Models
- Strong automation and engineering mindset
- Ability to operate atboth whiteboard and code level
What Success Looks Like
- Identity platform designs scale cleanly, securely, and predictably
- Security posture improves without harming user experience
- Clear architectural patterns adopted enterprise-wide
- Reduced dependency on vendor defaults through engineering control
