Senior IAM Engineer (80-100%)

Job description: Senior IAM Engineer (80-100%)

About the role

We are looking for a Senior IAM Engineer to take a lead role in delivering secure, scalable identity and access solutions in our Microsoft-based environment. Your focus will be on designing and automating identity services using Microsoft Entra ID, Terraform and the Azure/EntraID stack, supporting both hybrid and cloud infrastructures.

Tasks

• Design and implementation of IAM solutions using Microsoft Entra ID, PIM, conditional access and identity governance tools
• Automate policies and access workflows using Terraform and integrate changes into CICD pipelines
• Management of life cycle processes (joiners, movers, leavers) and enforcement of least privilege through group and authorization management
• Configuration and support of privileged access workflows with Azure PIM and MFA logs and reporting customized to FINMA and internal audit requirements
• Monitoring of IAM metrics (e.g. provisioning SLAs, access audit coverage, policy violations) and reporting to senior management
• Collaborate with Security Operations and SOC teams to integrate identity signals into SIEM workflows
• Provide IAM expertise to internal teams (Platform, HR, Risk & Compliance) for secure application and infrastructure access
• Support for application developers with authentication and authorization models (SAML, OIDC/OAuth2)
• Provide guidance on Microsoft tenant security, Azure RBAC and Intune/Endpoint policy alignment (advisory)
• Work with the platform team to ensure secure service identities and permissions in CICD and Azure SRE environments

Requirements

Required:

• 5+ years of experience in IT, including 2-3 years of experience in IAM
• Strong hands-on experience with Microsoft Entra ID / Azure AD, Conditional Access, PIM and related tools
• Experience with the automation of IAM policies using Terraform (Infrastructure-as-Code)
• Familiarity with key IAM concepts: RBAC, Least Privilege, Zero Trust, Identity Lifecycle Management
• Experience with the integration of IAM with DevOps or CICD/CD tooling
• Experience with endpoint compliance and device management
• Knowledge of regulatory expectations (e.g. FINMA, ISO27001) and audit support
• Strong communication skills in English

Desired:

• Experience with Azure B2B/B2C, federated login or identity brokering
• Familiarity with AWS IAM and CloudFront logging for access insights
• Exposure to future endpoint compliance and device policy alignment
• Certifications such as Microsoft Identity and Access Administrator, Azure Security Engineer, CISSP or CISM

We offer

• Participate in a dynamic, global team that builds a trusted interface between traditional and digital asset economies
• Experience a fast-paced, exciting work environment that promotes meritocracy, collaboration and open communication
• Participation in team building activities and annual crypto-related company events such as Bitcoin Pizza Day