Project Manager with Life Sciences / Pharmaceutical

Authentication engineer will join the IAM Authentication team to engineer solutions with a strong focus on Azure AD and modern authentication protocols to build secure authentication across the enterprise.

Job Responsibilities

• Architect and engineer identity and access management solutions leveraging Azure AD and modern authentication protocols and frameworks (OAuth 2.0, OIDC, and SAML) to move the strategic roadmap forward.
• Responsible for configuration, management, and support of all Azure AD functions with emphasis on security, reliability, and operational excellence.
• Configure, integrate, and secure applications in Azure AD with application registrations and fine-tuning Conditional Access policies.
• Configure and manage Azure AD Connect for AD AAD Sync with regular upgrades to the Azure AD Connect software.
• Provide escalation support for Azure AD related L2 issues, efficiently troubleshoot/prioritize Azure AD issues, and maintain the culture of root cause analysis for incident management.
• Contribute to Azure AD documentation and workflows.
• Automate and develop Azure AD capabilities with Microsoft Graph API.
• Define security guidelines/standards for modern authentication and authorization security frameworks.
• Partner with teams to assist in defining the modern authentication strategy and roadmap.
• Support multi-factor authentication and manage factor enrollment flows to secure modern application architectures.
• Research, design, and advocate new AuthN technologies, standards, or methodologies that will strengthen our security posture, reduce our risk exposure, and improve our overall user experience.
• Review and update authentication and authorization policies, standards, and procedures to raise the maturity of the Authentication program.
• Actively participate in development and program efforts related to Identity & Access Management through hands-on collaboration and engagement.

Required Azure AD and Directory Services Expertise

• In-depth knowledge of Azure Hybrid Identity, authentication methods (federation, passthrough auth, password hash sync).
• In-depth knowledge of Azure Application management, Azure AD Authentication and Authorization basics, app types, authentication flows.
• Understanding of Azure AD device identity, device trust with Hybrid Azure AD join, and how Primary Refresh Tokens work.
• Understanding of identity governance and identity protection - identity and access lifecycle, configuring risk policies.
• Understanding of Azure Role-Based access patterns - management groups, subscriptions, resource groups.
• Understanding of Azure Reporting and monitoring - analyzing Audit, Sign-in, Azure Monitor logs.
• Fundamental understanding of Active Directory Domain Services (ADDS), Windows Server 2016/2019 Domain Controllers and related services (DNS, DHCP, Group Policy).
• Fundamental understanding of legacy (Kerberos, LDAPs) and modern authentication protocols and frameworks (SAML, OAuth 2.0, OIDC).

Required Modern Authentication Expertise

• Strong understanding of SAML, OAuth/OIDC and other authentication methods; strong understanding and practical experience with one or more cloud multifactor technologies.
• In-depth knowledge of JWT, understanding scope definitions and claims, differences between identity and access token.

Nice to Have

• Experience in deploying infrastructure-as-code using Terraform, DevOps & CI/CD best practices.
• Intermediate knowledge of AWS Managed Microsoft AD.
• Knowledge of Okta Identity Engine, Passwordless solutions like Okta FastPass.