Providence India
Website:
providence.in
Job details:
Job Description – Principal IAM Engineer (Active Directory & BeyondTrust)
Role Overview
The Principal IAM Engineer is a senior, hands-on technical authority responsible for end-to-end engineering ownership, design decisions, and technical governance of enterprise Identity and Access Management (IAM) platforms, with deep expertise in Active Directory (AD) and BeyondTrust (PAM/EPM).
This role acts as the highest-level technical escalation (L4) for IAM engineering, drives architecture standards, and ensures IAM platforms are secure, scalable, resilient, and audit-ready across on-prem, hybrid, and cloud environments.
Key Responsibilities
Active Directory – Principal Engineering Ownership
- Own architecture, design authority, and technical standards for Active Directory.
- Design and govern AD forest/domain architecture, trust models, OU strategies, and delegation.
- Lead Domain Controller lifecycle management including build, hardening, patching, and health.
- Design and approve Group Policy (GPO) strategies aligned with security and compliance.
- Troubleshoot complex replication, DNS, authentication, and Kerberos issues.
- Lead AD modernization and technical debt reduction initiatives.
BeyondTrust – Privileged Access & Endpoint Privilege Engineering
- Act as technical authority for BeyondTrust PAM / EPM platforms.
- Design least-privilege enforcement and endpoint elevation policies.
- Define enterprise privilege use cases, guardrails, and exception handling.
- Ensure auditability and monitoring of privileged access activities.
Architecture, Standards & Governance
- Define IAM engineering standards, reference architectures, and patterns.
- Review and approve high-risk IAM designs and integrations.
- Align IAM platforms to Zero Trust and identity-centric security models.
- Drive roadmap, upgrades, and continuous improvement initiatives.
Operational Excellence
- Serve as L4 escalation point for complex IAM issues.
- Lead root cause analysis for critical incidents.
- Ensure SOPs, runbooks, and design artifacts are maintained.
Mentorship & Technical Leadership
- Mentor IAM engineers and leads through design and technical reviews.
- Act as trusted advisor to security, infrastructure, and application teams.
Required Skills & Experience
- 12+ years of experience in IAM or security engineering.
- Expert-level hands-on experience with Active Directory.
- Strong expertise in BeyondTrust PAM / EPM.
- Advanced PowerShell scripting skills.
- Experience in large, regulated enterprise environments.
Good to Have
- Experience with Microsoft Entra ID / Azure AD.
- Exposure to SailPoint or other IGA platforms.
- Knowledge of ISO 27001, SOX, HITRUST, or SOC 2 environments.
- Zero Trust architecture familiarity.
Role Level Clarification
- Principal-level individual contributor
- Technical authority role (non-people manager)
Click on Apply to know more.