Job Title: Identity & Access Management (IAM) Engineer

Location: Hybrid - Dallas

Department: Information Technology

Reports To: Lead Security Engineer

Position Summary

We are seeking a highly skilled Identity & Access Management (IAM) Engineer to design, implement, and manage secure identity solutions across our enterprise environment. This role is responsible for enforcing least-privilege access, strengthening authentication controls, supporting regulatory compliance (CMMC/NIST), and enabling secure digital transformation across cloud and on-premise platforms.

The IAM Engineer will partner with IT Infrastructure, Data, Security, HR, and Application teams to ensure identity governance, lifecycle automation, privileged access management, and zero-trust principles are consistently applied across the organizatio

Key Responsibilities

Identity Architecture & Engineering

• Design and maintain IAM architecture across:
• Microsoft Entra ID (Azure AD)
  •  Active Directory (on-prem)
  • Microsoft 365
  • VPN and network authentication systems
  • Enterprise SaaS platforms (Salesforce, BC, etc.)
• Implement and manage Single Sign-On (SSO) and federation (SAML, OAuth, OIDC)
• Architect Conditional Access policies and Zero Trust controls
• Implement and enforce MFA across all systems

Identity Governance & Lifecycle Management

• Automate Joiner / Mover / Leaver (JML) processes integrated with HRIS
• Build and maintain Role-Based Access Control (RBAC) framework
• Implement access certification and periodic access reviews
• Ensure timely deprovisioning and segregation of duties enforcement
• Support M&A integrations (rapid identity consolidation within 30 days)

Privileged Access Management (PAM)

• Deploy and manage privileged access controls (PIM, just-in-time access)
• Enforce tiered admin model and privileged session monitoring
• Reduce standing privileged access across all systems
• Maintain break-glass account governance and monitoring

Compliance & Risk Management

• Support CMMC, NIST 800-171, and internal audit requirements
• Maintain documentation for identity controls and audit evidence
• Participate in risk assessments and control testing

Monitoring & Incident Response

• Integrate identity logs with SIEM/SOC platform (e.g., Arctic Wolf)
• Investigate anomalous login behavior and identity-based threats
• Implement identity threat detection and response controls

Qualifications and Skills

Education and Experience

• 5+ years of experience in IAM, Identity Engineering, or Security Engineering
• Strong hands-on experience with:
  • Microsoft Entra ID (Azure AD)
  • Active Directory (GPOs, OU design, hybrid identity)
  • MFA and Conditional Access
  • SSO and federation protocols (SAML, OAuth, OIDC)
• Experience with Privileged Identity Management (PIM/PAM)
• Understanding of Zero Trust architecture principles
• Experience supporting compliance frameworks (NIST, CMMC, SOC 2, ISO 27001)
• PowerShell scripting and automation experience
• Experience in hybrid cloud environment

EQUAL OPPORTUNITY EMPLOYER | DRUG-FREE WORKPLACE

Shermco is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or veteran status.  Shermco is a drug-free workplace.

NO AGENCIES PLEASE