Identity Security Engineer

AI2IO helps organizations navigate the complex landscape of technology solutions, from foundational IT services and system support to advanced software integration, automation, and cutting-edge AI implementations. Our expertise spans IT infrastructure management, custom software development, seamless system integrations, and optimization of low-code business automation, empowering clients to maximize their existing technology investments.

Join us and be part of a team where your voice matters, your work makes an impact, and your growth is a shared priority.

Position: Identity Security Engineer

Position Location: Remote - work virtually from anywhere in the United States

JOB SUMMARY

The Identity Security Engineer is responsible for protecting the organization’s identity infrastructure by designing, implementing, and operating secure authentication, authorization, and access controls. The Identity Security Engineer focuses on Microsoft Entra ID–centric identity security, including Conditional Access, privileged access, identity lifecycle automation, and identity-driven phishing protection.

The Identity Security Engineer serves as the first responder for identity-based security events and partners closely with Security Engineering and GRC to reduce breach risk while enabling secure business growth.

ESSENTIAL FUNCTIONS

Identity Platform Security

• Design, implement, and maintain secure identity architectures using Microsoft Entra ID
• Manage user, group, device, and service-principal identity lifecycle controls
• Enforce least-privilege access using role-based access control (RBAC)

Authentication & Conditional Access

• Design and operate Conditional Access policies (MFA, device trust, location, risk-based access)
• Implement passwordless and phishing-resistant authentication (FIDO2, TAP)
• Maintain emergency access and break-glass account controls

Privileged Access Management

• Implement and operate Privileged Identity Management (PIM)
• Reduce standing administrative privileges across Entra ID and Azure
• Conduct periodic access and privilege reviews

Identity Automation & Governance

• Automate joiner/mover/leaver processes using PowerShell and Microsoft Graph
• Support access reviews and entitlement management
• Integrate identity controls with HR and IT provisioning systems

Email & Phishing Identity Protection

•   Design and maintain email authentication controls (SPF, DKIM, DMARC)
• Implement and manage Microsoft Defender for Office 365 anti-phishing policies
• • User and domain impersonation protection
  • Protection for high-risk and executive users
• Lead identity-focused response to phishing events:
• • Token revocation and forced sign-out
  • Credential reset and risk remediation
  • Conditional Access enforcement

Monitoring & Incident Response

• Monitor identity-related alerts and risky sign-in activity
• Serve as first responder for identity compromise events
• Support investigations involving credential theft or unauthorized access
• Provide audit evidence related to identity security controls

POSITION REQUIREMENTS (INTERMEDIATE LEVEL FOR ALL THE FOLLOWING EXCEPT AS NOTED)

• Hands-on experience with Microsoft Entra ID (Azure AD)
• Strong understanding of Conditional Access, MFA, and PIM
• Proficiency with PowerShell and identity automation
• Working knowledge of SAML, OAuth, OIDC, and modern authentication flows
• Experience supporting security and compliance requirements
• Experience supporting multi-tenant or multi-subsidiary environments
• Familiarity with Microsoft Intune and Microsoft Defender integrations
• Experience implementing passwordless authentication strategies
• Experience managing Defender for Office 365 phishing protections
• Microsoft security certifications (SC-300, AZ-500) or equivalent

PHYSICAL DEMANDS

The following physical demands must be met by the employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is

• Frequently required to remain in a stationary position
• Frequently moving through office, facility and other environments
• On occasion the employee may move equipment weighing up to 25 pounds

TRAVEL / RELOCATION REQUIREMENTS

• Up to 5%, this may include travel to any or all 50 US states
• Travel is defined as physically leaving home on behalf of business activities including but not limited to client sites, meetings with other employees, meeting for business development purposes, running errands on behalf of the business, attending industry conferences, etc.

EDUCATION / EXPERIENCE

• 3–6+ years of experience in identity, security engineering, or cloud security
• Experience working in a remote environment is preferred

WHAT SUCESS LOOKS LIKE

• Identity controls are standardized, documented, and consistently enforced
• Administrative access is time-bound, auditable, and minimal
• Phishing-related identity compromises are rapidly contained
• Joiner/mover/leaver processes are largely automated
• Identity controls consistently pass audits with minimal remediation effort
• Identity risk is measurably reduced without impacting user productivity

Benefits

DLB Associates offers a very competitive benefits package; highlights include

• Choice of comprehensive medical plans (including two PPO-style plans and a HDHP w/ HSA option)
• Flex spending accounts (FSA)
• Dental and vision plans
• Comprehensive medical, dental and vision benefits extended to spouse / domestic partner and dependent children up to age 26
• 401k with company match and self-directed brokerage account option
• PTO including additional paid time off during the last week of the year
• Company paid life insurance coverage for employees and their eligible dependents
• Short and long-term disability, AD&D coverage
• Professional development opportunities, tuition reimbursement and professional licensing assistance
• Paid parental leave after one year of employment

DLB Associates is an EEO/Affirmative Action Employer and participates in the E-Verify program with the Department of Homeland Security. We encourage diversity in our workforce.

Are you ready to challenge yourself and redefine standards in the AEC industry? Apply now and join our award-winning team!​

​NOTICE TO THIRD PARTY AGENCIES:

DLB does not accept unsolicited resumes from recruiters, employment agencies, or other staffing services. Unsolicited resumes include any resume or hiring document sent to DLB in the absence of a signed Service Agreement where DLB has expressly requested recruitment/staffing services specific to the position at hand. Any unsolicited resumes, including those submitted to hiring managers or other business leaders, will become the property of DLB and DLB will have the right to hire that candidate without reservation – no fee or other compensation will be owed or paid to the recruiter, employment agency, or other staffing service.