CAI
Identity & Access Management Contractor
Req number:
R6148
Employment type:
Full time
Worksite flexibility:
Remote
Who we are
CAI is a global technology services firm with over 8,500 associates worldwide and a yearly revenue of $1 billion+. We have over 40 years of excellence in uniting talent and technology to power the possible for our clients, colleagues, and communities. As a privately held company, we have the freedom and focus to do what is right-whatever it takes. Our tailor-made solutions create lasting results across the public and commercial sectors, and we are trailblazers in bringing neurodiversity to the enterprise.
Job Summary
We are looking for a motivated Identity & Access Management (IAM) Contractor ready to take us to the next level! If you have strong hands-on experience with Microsoft Entra ID (formerly Azure AD), including Conditional Access, MFA, SSPR, Authentication Methods, and Identity Governance and are looking for your next career move, apply now.
Job Description
We are looking for an
Identity & Access Management (IAM) Contractor
to support our organization's migration from Okta to Microsoft Entra ID. This position will be
full-time
and
remote.
What You'll Do
Lead and support the migration of SAML/OIDC applications, authentication policies, and identity workflows from Okta to Microsoft Entra ID.
Configure and optimize Conditional Access, Authentication Methods, Self-Service Password Reset (SSPR), and Multi-Factor Authentication (MFA) policies.
Design and implement multi-tenant and B2C identity strategies.
Support hybrid identity scenarios involving Active Directory (AD), Entra Connect, and cloud-first identity models.
Set up and manage test tenants for validation, experimentation, and proof-of-concept work.
Implement delegated administration and role-based access control (RBAC) in Entra and Microsoft 365, following least privilege principles.
Assist with identity lifecycle management, including onboarding/offboarding processes and cleanup.
Collaborate with internal teams to implement Identity Governance, including Access Reviews, Entitlement Management, and Access Packages.
Document configurations, processes, and migration plans.
Provide guidance on best practices for secure remote access, identity lifecycle management, and decommissioning legacy identity systems.
What You'll Need
Required:
Strong hands-on experience with Microsoft Entra ID (formerly Azure AD), including Conditional Access, MFA, SSPR, Authentication Methods, and Identity Governance
Proven experience with Okta and migrating identity services to Microsoft Entra
Experience with test tenant setup and management for validation and experimentation
Familiarity with delegating permissions in Microsoft Entra and Microsoft 365 using least privilege access models
Practical experience with identity lifecycle management, including cleanup of stale or orphaned objects
Experience with hybrid identity environments, including AD, Entra Connect, and cloud-first identity models
Experience with multi-tenant and B2C identity configurations
Experience with PowerShell scripting for identity automation
Experience with Microsoft Graph API and Entra ID custom extensions
Strong Programming and Scripting experience(e.g. Java, Python, C#, Bash)
CJIS Certification (must be obtained prior to or during onboarding)
Identity and Access Administrator Associate (SC-300)
Preferred:
Microsoft certifications (e.g., SC-300, SC-100, AZ-500)
Understanding of Zero Trust principles and secure access design
Ability to work independently and collaboratively in a fast-paced environment
Strong troubleshooting and problem-solving skills
Excellent communication and documentation skills
DevOps Experience
AWS IAM, AWS Managed AD
Experience with HR-as-Master
Privileged Access Management (PAM)
Physical Demands
Ability to safely and successfully perform the essential job functions consistent with the ADA and other federal, state, and local standards
Sedentary work that involves sitting or remaining stationary most of the time with occasional need to move around the office to attend meetings, etc.
Ability to conduct repetitive tasks on a computer, utilizing a mouse, keyboard, and monitor.
The pay range for this position is $55 - $63 per hour (USD). Exact compensation may vary based on several factors, including location, experience, and education. Benefit packages for this role includes medical, dental, and vision insurance, as well as 401k retirement account access. Employees in this role may also be entitled to paid sick leave as provided by applicable law.?
Reasonable accommodation statement
If you require a reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employment selection process, please direct your inquiries to application.accommodations@cai.io or (888) 824 - 8111.
The pay range for this position is listed above. Exact compensation may vary based on several factors, including location, experience, and education. Benefit packages include medical, dental, and vision insurance, as well as 401k retirement account access. Employees in this role receive paid time off and may also be entitled to paid sick leave and/or other paid time off as provided by applicable law.
Req number:
R6148
Employment type:
Full time
Worksite flexibility:
Remote
Who we are
CAI is a global technology services firm with over 8,500 associates worldwide and a yearly revenue of $1 billion+. We have over 40 years of excellence in uniting talent and technology to power the possible for our clients, colleagues, and communities. As a privately held company, we have the freedom and focus to do what is right-whatever it takes. Our tailor-made solutions create lasting results across the public and commercial sectors, and we are trailblazers in bringing neurodiversity to the enterprise.
Job Summary
We are looking for a motivated Identity & Access Management (IAM) Contractor ready to take us to the next level! If you have strong hands-on experience with Microsoft Entra ID (formerly Azure AD), including Conditional Access, MFA, SSPR, Authentication Methods, and Identity Governance and are looking for your next career move, apply now.
Job Description
We are looking for an
Identity & Access Management (IAM) Contractor
to support our organization's migration from Okta to Microsoft Entra ID. This position will be
full-time
and
remote.
What You'll Do
Lead and support the migration of SAML/OIDC applications, authentication policies, and identity workflows from Okta to Microsoft Entra ID.
Configure and optimize Conditional Access, Authentication Methods, Self-Service Password Reset (SSPR), and Multi-Factor Authentication (MFA) policies.
Design and implement multi-tenant and B2C identity strategies.
Support hybrid identity scenarios involving Active Directory (AD), Entra Connect, and cloud-first identity models.
Set up and manage test tenants for validation, experimentation, and proof-of-concept work.
Implement delegated administration and role-based access control (RBAC) in Entra and Microsoft 365, following least privilege principles.
Assist with identity lifecycle management, including onboarding/offboarding processes and cleanup.
Collaborate with internal teams to implement Identity Governance, including Access Reviews, Entitlement Management, and Access Packages.
Document configurations, processes, and migration plans.
Provide guidance on best practices for secure remote access, identity lifecycle management, and decommissioning legacy identity systems.
What You'll Need
Required:
Strong hands-on experience with Microsoft Entra ID (formerly Azure AD), including Conditional Access, MFA, SSPR, Authentication Methods, and Identity Governance
Proven experience with Okta and migrating identity services to Microsoft Entra
Experience with test tenant setup and management for validation and experimentation
Familiarity with delegating permissions in Microsoft Entra and Microsoft 365 using least privilege access models
Practical experience with identity lifecycle management, including cleanup of stale or orphaned objects
Experience with hybrid identity environments, including AD, Entra Connect, and cloud-first identity models
Experience with multi-tenant and B2C identity configurations
Experience with PowerShell scripting for identity automation
Experience with Microsoft Graph API and Entra ID custom extensions
Strong Programming and Scripting experience(e.g. Java, Python, C#, Bash)
CJIS Certification (must be obtained prior to or during onboarding)
Identity and Access Administrator Associate (SC-300)
Preferred:
Microsoft certifications (e.g., SC-300, SC-100, AZ-500)
Understanding of Zero Trust principles and secure access design
Ability to work independently and collaboratively in a fast-paced environment
Strong troubleshooting and problem-solving skills
Excellent communication and documentation skills
DevOps Experience
AWS IAM, AWS Managed AD
Experience with HR-as-Master
Privileged Access Management (PAM)
Physical Demands
Ability to safely and successfully perform the essential job functions consistent with the ADA and other federal, state, and local standards
Sedentary work that involves sitting or remaining stationary most of the time with occasional need to move around the office to attend meetings, etc.
Ability to conduct repetitive tasks on a computer, utilizing a mouse, keyboard, and monitor.
The pay range for this position is $55 - $63 per hour (USD). Exact compensation may vary based on several factors, including location, experience, and education. Benefit packages for this role includes medical, dental, and vision insurance, as well as 401k retirement account access. Employees in this role may also be entitled to paid sick leave as provided by applicable law.?
Reasonable accommodation statement
If you require a reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employment selection process, please direct your inquiries to application.accommodations@cai.io or (888) 824 - 8111.
The pay range for this position is listed above. Exact compensation may vary based on several factors, including location, experience, and education. Benefit packages include medical, dental, and vision insurance, as well as 401k retirement account access. Employees in this role receive paid time off and may also be entitled to paid sick leave and/or other paid time off as provided by applicable law.