EY
GPS – IAM Engineer – Supervising Associate
at
EY
This role is part of EY’s Government & Public Sector (GPS) practice, where we provide consulting and audit services to federal, state, local, and educational clients. The position is based in the U.S. and focuses on supporting, maintaining, and enhancing Identity and Access Management (IAM) services across the GPS business unit.
The Opportunity As a member of the IAM team, you will manage end‑to‑end services such as service engineering, incident and problem resolution, change control, and automation. You will work closely with other EY teams to uphold technology standards and consistency across IT services.
Your Key Responsibilities
Maintain knowledge and support of Azure infrastructure and related services, including:
Azure Cloud services (Bastion, Key Vault, Recovery Services Vault, Storage accounts)
Azure RBAC and network components (VNets, NSGs, private/endpoints, Private DNS)
Microsoft Entra Domain Services (MEDS) and related applications
Power Automate, App Service Plan, Function Apps, Application Insights
Access reviews, reporting, and audit compliance
Deploy MEDS on Azure VMs and install replica Domain Controllers or Forests within an Azure virtual network.
Support servers and networks in Active Directory environments, including:
Single Sign‑On configuration and remediation
Native Microsoft tools (ADSI, ADUC, DNS, Domains & Trusts)
DISA STIG remediation via GPO
Public Key Infrastructure (PKI)
Configure Microsoft Entra Domain Services for IAAS & PAAS application authentication.
Manage Entra services such as application proxy, licensing, and Azure PIM.
Handle application registrations and permissions (OAuth/OpenID, API Permissions, Client ID/Secrets, JWT Tokens, JSON, App Roles).
Administer API Gateways, Enterprise Databases, and SSO/Access Management systems; implement identity federation protocols (SAML, OIDC, OAuth2, LDAP/LDAPS).
Maintain Enterprise Applications (SAML, SCIM Provisioning).
Use Microsoft Graph and PowerShell to manage Entra ID data.
Configure Multi‑Factor Authentication and other Entra ID MFA integration.
Manage entitlement, account, and group administration with SailPoint Identity Security Cloud (ISC) or IdentityIQ (IIQ).
Integrate SailPoint solutions with Entra ID and other identity infrastructure.
Design Entra Conditional Access using Zero‑Trust principles.
Facilitate Entra ID external collaboration (B2B, External ID).
Allocate time to support multiple demands, escalating issues, or accommodate team members in other time zones.
Skills and Attributes for Success
Core understanding of Entra ID tenant deployment and Active Directory management.
Knowledge of aligning Microsoft Entra/Azure services with security governance frameworks (CMMC, FedRamp, NIST SP 800‑53, 800‑63, 800‑171).
Experience with application registration and key management via the Entra ID Admin portal.
Familiarity with Entra ID privileged roles and emergency accounts for granular access policies.
Strong organizational, analytical, and problem‑solving skills.
Excellent teamwork, knowledge sharing, and communication abilities.
Advanced planning, design, and troubleshooting skills for complex cloud environments.
Understanding of cloud security best practices and ITIL framework.
Documentation skills for processes, procedures, and security designs.
Experience with external vendors in the security industry.
Enthusiasm for cloud infrastructure security.
Self‑motivation, rapid learning, and adaptability to ambiguity.
Global mindset and cultural sensitivity.
Requirements – To Qualify
Bachelor’s degree in Computer Science or related discipline, or equivalent work experience.
5‑8+ years of cloud infrastructure experience.
3+ years of hands‑on experience designing and implementing Azure AD, Entra ID, Azure MFA, Entra Conditional Access, Azure B2B, Azure PIM.
Deep expertise in cloud infrastructure.
Experience writing custom scripts (Python, PowerShell) and interacting with APIs and shell scripting.
Excellent interpersonal and presentation skills.
Strong written and verbal English communication.
Good judgment, tact, and decision‑making ability.
Ability to work in a diverse, multicultural environment.
Required to obtain and maintain Top Secret security clearance.
Ideally, You’ll Also Have
A certification in Microsoft Azure Infrastructure Solutions.
Experience in large‑scale IT deployments or cloud infrastructure.
At least one technical certification on Azure platform.
What We Look For Strong business and technical acumen, drive, vision, and a passion for helping clients achieve their goals.
What We Offer You
A comprehensive compensation and benefits package, including a base salary range of $91,100–$170,400 for U.S. locations, with higher ranges in major metros such as NYC, Washington, and California.
Medical, dental, pension, 401(k), and flexible paid time‑off options.
Hybrid model: most client‑serving roles will work in person 40‑60% of the time.
Flexible vacation policy based on personal circumstances.
Are you ready to shape your future with confidence? Apply today. EY accepts applications for this position on an ongoing basis.
EY focuses on high‑ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Health Care Provider
Professional Services
EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.
EY is committed to providing reasonable accommodation to qualified individuals with disabilities, including veterans with disabilities. If you have a disability and require assistance applying online or need to request an accommodation, please call 1‑800‑EY‑HELP3, select Option 2 for candidate queries, then Option 1 for candidate issues, or email TSS at ssc.customersupport@ey.com.
#J-18808-Ljbffr
at
EY
This role is part of EY’s Government & Public Sector (GPS) practice, where we provide consulting and audit services to federal, state, local, and educational clients. The position is based in the U.S. and focuses on supporting, maintaining, and enhancing Identity and Access Management (IAM) services across the GPS business unit.
The Opportunity As a member of the IAM team, you will manage end‑to‑end services such as service engineering, incident and problem resolution, change control, and automation. You will work closely with other EY teams to uphold technology standards and consistency across IT services.
Your Key Responsibilities
Maintain knowledge and support of Azure infrastructure and related services, including:
Azure Cloud services (Bastion, Key Vault, Recovery Services Vault, Storage accounts)
Azure RBAC and network components (VNets, NSGs, private/endpoints, Private DNS)
Microsoft Entra Domain Services (MEDS) and related applications
Power Automate, App Service Plan, Function Apps, Application Insights
Access reviews, reporting, and audit compliance
Deploy MEDS on Azure VMs and install replica Domain Controllers or Forests within an Azure virtual network.
Support servers and networks in Active Directory environments, including:
Single Sign‑On configuration and remediation
Native Microsoft tools (ADSI, ADUC, DNS, Domains & Trusts)
DISA STIG remediation via GPO
Public Key Infrastructure (PKI)
Configure Microsoft Entra Domain Services for IAAS & PAAS application authentication.
Manage Entra services such as application proxy, licensing, and Azure PIM.
Handle application registrations and permissions (OAuth/OpenID, API Permissions, Client ID/Secrets, JWT Tokens, JSON, App Roles).
Administer API Gateways, Enterprise Databases, and SSO/Access Management systems; implement identity federation protocols (SAML, OIDC, OAuth2, LDAP/LDAPS).
Maintain Enterprise Applications (SAML, SCIM Provisioning).
Use Microsoft Graph and PowerShell to manage Entra ID data.
Configure Multi‑Factor Authentication and other Entra ID MFA integration.
Manage entitlement, account, and group administration with SailPoint Identity Security Cloud (ISC) or IdentityIQ (IIQ).
Integrate SailPoint solutions with Entra ID and other identity infrastructure.
Design Entra Conditional Access using Zero‑Trust principles.
Facilitate Entra ID external collaboration (B2B, External ID).
Allocate time to support multiple demands, escalating issues, or accommodate team members in other time zones.
Skills and Attributes for Success
Core understanding of Entra ID tenant deployment and Active Directory management.
Knowledge of aligning Microsoft Entra/Azure services with security governance frameworks (CMMC, FedRamp, NIST SP 800‑53, 800‑63, 800‑171).
Experience with application registration and key management via the Entra ID Admin portal.
Familiarity with Entra ID privileged roles and emergency accounts for granular access policies.
Strong organizational, analytical, and problem‑solving skills.
Excellent teamwork, knowledge sharing, and communication abilities.
Advanced planning, design, and troubleshooting skills for complex cloud environments.
Understanding of cloud security best practices and ITIL framework.
Documentation skills for processes, procedures, and security designs.
Experience with external vendors in the security industry.
Enthusiasm for cloud infrastructure security.
Self‑motivation, rapid learning, and adaptability to ambiguity.
Global mindset and cultural sensitivity.
Requirements – To Qualify
Bachelor’s degree in Computer Science or related discipline, or equivalent work experience.
5‑8+ years of cloud infrastructure experience.
3+ years of hands‑on experience designing and implementing Azure AD, Entra ID, Azure MFA, Entra Conditional Access, Azure B2B, Azure PIM.
Deep expertise in cloud infrastructure.
Experience writing custom scripts (Python, PowerShell) and interacting with APIs and shell scripting.
Excellent interpersonal and presentation skills.
Strong written and verbal English communication.
Good judgment, tact, and decision‑making ability.
Ability to work in a diverse, multicultural environment.
Required to obtain and maintain Top Secret security clearance.
Ideally, You’ll Also Have
A certification in Microsoft Azure Infrastructure Solutions.
Experience in large‑scale IT deployments or cloud infrastructure.
At least one technical certification on Azure platform.
What We Look For Strong business and technical acumen, drive, vision, and a passion for helping clients achieve their goals.
What We Offer You
A comprehensive compensation and benefits package, including a base salary range of $91,100–$170,400 for U.S. locations, with higher ranges in major metros such as NYC, Washington, and California.
Medical, dental, pension, 401(k), and flexible paid time‑off options.
Hybrid model: most client‑serving roles will work in person 40‑60% of the time.
Flexible vacation policy based on personal circumstances.
Are you ready to shape your future with confidence? Apply today. EY accepts applications for this position on an ongoing basis.
EY focuses on high‑ethical standards and integrity among its employees and expects all candidates to demonstrate these qualities.
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Health Care Provider
Professional Services
EY provides equal employment opportunities to applicants and employees without regard to race, color, religion, age, sex, sexual orientation, gender identity/expression, pregnancy, genetic information, national origin, protected veteran status, disability status, or any other legally protected basis, including arrest and conviction records, in accordance with applicable law.
EY is committed to providing reasonable accommodation to qualified individuals with disabilities, including veterans with disabilities. If you have a disability and require assistance applying online or need to request an accommodation, please call 1‑800‑EY‑HELP3, select Option 2 for candidate queries, then Option 1 for candidate issues, or email TSS at ssc.customersupport@ey.com.
#J-18808-Ljbffr