Senior IAM Engineer (80-100%)

Job description

About the role

We are looking for a Senior IAM Engineer to take a lead role in delivering secure, scalable identity and access solutions in our Microsoft-based environment. You will focus on the design and automation of identity services using Microsoft Entra ID, Terraform and the Azure/EntraID stack, supporting both hybrid and cloud infrastructures.

Tasks

• Design and implementation of IAM solutions using Microsoft Entra ID, PIM, conditional access and identity governance tools
• Automation of policies and access workflows using Terraform and integration of changes in CICD pipelines
• Management of life cycle processes (joiners, movers, leavers) and enforcement of least privilege through group and authorization management
• Configuration and support of privileged access workflows with Azure PIM and MFA logs and reporting that meet FINMA and internal audit requirements
• Monitoring of IAM metrics (e.g. provisioning statistics, SLAs, access audit coverage, policy violations) and reporting to senior management
• Collaborate with Security Operations and SOC teams to integrate identity signals into SIEM workflows
• Provide IAM expertise to internal teams (Platform, HR, Risk & Compliance) for secure application and infrastructure access
• Support for application developers with authentication and authorization models (SAML, OIDC/OAuth)
• Provide guidance on Microsoft tenant security, Azure RBAC and Intune/Endpoint policy alignment (advisory)
• Work with the platform team to support secure service identities and permissions in CICD and Azure SRE environments

Requirements

Required

• 5+ years of experience in IT, including 2-3 years of experience in IAM
• Strong hands-on experience with Microsoft Entra ID / Azure AD, Conditional Access, PIM and related tools
• Experience with the automation of IAM policies using Terraform (Infrastructure-as-Code)
• Familiarity with key IAM concepts: RBAC, Least Privilege, Zero Trust, Identity Lifecycle Management
• Experience with the integration of IAM with DevOps or CICD/CD tooling
• Experience in endpoint compliance and device management
• Knowledge of regulatory expectations (e.g. FINMA, ISO27001) and audit support
• Strong communication skills in English

Desirable

• Experience with Azure B2B/B2C, federated login or identity brokering
• Familiarity with AWS IAM and CloudFront logging for access insights
• Exposure to future endpoint compliance and device policy alignment
• Certifications such as Microsoft Identity and Access Administrator, Azure Security Engineer, CISSP or CISM

We offer

• Attractive combination of market salaries and entrepreneurial incentive scheme
• Flexible working hours/work from home