Brunswick Corporation
Sr. Engineer, Directory Services
Brunswick Corporation, Libertyville, Illinois, United States, 60092
Are you ready for what’s next?
Come explore opportunities within Brunswick, a global marine leader (https://youtube.com/watch?v=ksuQ6B2j_mA) committed to challenging conventions and innovating next-generation technologies that transform experiences on the water and beyond. Brunswick believes “Next Never Rests™,” and we offer a variety of exciting careers and growth opportunities within united teams defining the future of marine recreation.
Primary Purpose
We are hiring a
Senior Identity and Access Management (IAM) Engineer
specializing in
Directory Services
, with deep engineering expertise in
Active Directory
,
Azure AD (Entra ID)
, and hybrid identity architectures. This role goes beyond configuration: you will engineer resilient and scalable directory synchronization, federation, and Zero Trust-ready identity infrastructure, including complex coexistence between
AD, Azure AD, and Okta
, while enabling secure access across cloud ecosystems like
AWS and GCP
. You will also lead the transition of legacy Oracle directory services into a future state anchored in Azure AD and Okta, driving modernization and integration across the enterprise.
Principal Duties and Responsibilities
Directory Engineering & Coexistence
: Architect and manage synchronization between
Active Directory
,
Azure AD
, and
Okta
, including
Azure AD Connect
,
Cloud Sync
, and
Okta AD Agent
. Engineer identity normalization and conflict resolution across directories. Lead integration and deprecation planning for legacy
Oracle Directory Services
.
Federation & Authentication Infrastructure
: Implement and troubleshoot
SSO, MFA
, and federation across cloud and on-prem systems using
SAML, OIDC, OAuth2, Kerberos
, and
LDAP
. Resolve deep protocol-level issues for seamless identity assertions and claims transformation.
Hybrid Identity Architecture
: Design solutions for hybrid identity scenarios, including
multi-forest AD
,
tiered trust models
,
OU filtering
, and
custom attribute mapping
. Develop policies for
entitlement inheritance
,
group scoping
, and
role-based access control (RBAC)
. Strategically lead the convergence of on-prem identity sources into
Azure AD and Okta
as the long-term control plane.
Policy Engineering & Break-Glass Access
: Enforce
tiered administration
,
emergency access (break-glass)
strategies, and
Just-in-Time (JIT)
access models. Design policy enforcement frameworks for
device trust
,
geo-based access
, and
PIM/PAM escalation paths
.
Security Hardening & Resilience
: Implement
domain controller hardening
,
Kerberos security auditing
,
FSMO monitoring
, and
replication health checks
. Define
resilience engineering plans
, including
forest recovery
,
offline access
, and
AD restore procedures
. Migrate legacy directory dependencies to modern, policy-enforced platforms.
Cloud Platform Integration
: Extend AD and Azure AD into
AWS Managed AD
,
Simple AD
,
GCP Cloud Identity
, and support enterprise-wide SaaS federation. Architect secure cross-cloud identity federation and dynamic provisioning via
SCIM and Graph APIs
.
IAM Automation & Tooling
: Build scalable automation using
PowerShell
,
Python
, and identity-related APIs. Automate provisioning, dynamic group management, access requests, license allocation, and compliance logging. Monitor sync engine health with custom dashboards.
Operational Excellence & Documentation
: Lead incident response for identity service outages. Maintain runbooks, architecture diagrams, and escalation playbooks. Provide technical mentorship to IAM engineers and assist in policy governance reviews.
Collaboration with IGA & PAM
: Partner with
SailPoint
,
CyberArk
, and application owners to ensure holistic identity lifecycle. Design connectors, manage service accounts, and align provisioning logic between systems.
Required Qualifications:
7+ years in engineering enterprise
Active Directory
, including domain/forest architecture, GPOs, and trust models.
5+ years in
Azure AD/Entra ID
design, sync, and governance, including
Conditional Access
and
Graph API integration
.
Strong experience integrating AD/Azure AD with
Okta
(UD, AD agent, lifecycle automation, policy mapping).
Experience with
Oracle Directory Services
(OID/OUD) and decommissioning or integrating legacy identity stores.
Deep knowledge of
SAML, OIDC, OAuth 2.0, LDAP, Kerberos
authentication flows.
Proficient in
PowerShell
(required), with experience in
Python
,
REST API scripting
, and
monitoring/alerting integration
.
Experience implementing and reviewing
break-glass accounts
,
offline access
, and
Zero Trust-ready fallback paths
.
Preferred Qualifications:
Certifications:
Okta Certified Administrator/Consultant
,
Microsoft Identity & Access Administrator
, or
AWS Security
.
Hands-on experience with
SailPoint IdentityNow
,
CyberArk Core/EPM
, or equivalent.
Familiarity with
Zero Trust architecture
,
passwordless authentication
, and
risk-adaptive controls
.
Exposure to
CI/CD pipelines
,
policy-as-code
, and
IAM-as-code
practices.
Strong communication, documentation, and cross-functional collaboration skills.
Travel Requirements:
Occasional travel may be required for planning sessions, audits, or architecture workshops.
The anticipated pay range for this position is $100,900 - $160,800 annually. The actual base pay offered will vary depending on multiple factors including job- related knowledge/skills, relevant experience, business needs, and geographic location. In addition to base pay, this position is eligible for an annual discretionary bonus.
At Brunswick, it is not typical for an individual to be hired at or near the top end of the salary range for their role. Compensation decisions are dependent upon the specifics of the candidate’s qualifications and the business context.
This position is eligible to participate in Brunswick's comprehensive and high-quality benefits offerings, including medical, dental, vision, paid vacation, 401k (up to 4% match), Health Savings Account (with company contribution), well-being program, product purchase discounts and much more. Details about our benefits can be found here (https://www.brunswick.com/careers/culture-benefits/benefits) .
Why Brunswick:
Whatever tomorrow brings, we’ll be at the leading edge. As the clear leader in the marine industry, we’re committed to our values and supporting our exceptional people. We offer and encourage growth opportunities within and across our many brands. In addition, we’re proud of being recognized for making a splash with numerous awards (https://www.brunswick.com/careers) !
About Brunswick:
Brunswick Corporation is a leader in the marine industry, and we’re looking for people just like you to take part in the movement towards better boating for all. We rely on the thoughtful input of people from all backgrounds to create compelling, innovative products for our customers around the globe. As such, diversity, equity, and inclusion are priorities in the enduring culture of our company. As a world leader in emerging recreational products and technologies, when you join our team, you become part of some of the most innovative, forward-looking brands in the marine industry today.
Next is Now!
We value growth and development, recognizing that people come with a wealth of experience and talent beyond just the technical requirements of a job. If your experience is close to what you see listed here, please still consider applying.
Brunswick is an Equal Opportunity Employer and considers all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other characteristic protected by federal, state, or local law. Diversity of experience and skills combined with passion is key to innovation and inspiration and we encourage individuals from all backgrounds to apply. If you require accommodation during the application or interview process, please contact hrsharedservices@brunswick.com for support.
For more information about EEO laws, - click here (https://www.eeoc.gov/employees-job-applicants)
Brunswick and Workday (https://www.workday.com/en-us/service-privacy.html?&_rda=/company/service_privacy.php) Privacy Policies
Brunswick does not accept applications, inquiries or solicitations from unapproved staffing agencies or vendors. For help, please contact our support team at: hrsharedservices@brunswick.com or 866-278-6942.
All job offers will come to you via the candidate portal you create when applying through a posted position through https:///www.brunswick.com/careers . If you are ever unsure about what is being required of you during the application process or its source, please contact HR Shared Services at 866-278-6942 or HRSharedServices@brunswick.com .
#Brunswick Corporation
Come explore opportunities within Brunswick, a global marine leader (https://youtube.com/watch?v=ksuQ6B2j_mA) committed to challenging conventions and innovating next-generation technologies that transform experiences on the water and beyond. Brunswick believes “Next Never Rests™,” and we offer a variety of exciting careers and growth opportunities within united teams defining the future of marine recreation.
Primary Purpose
We are hiring a
Senior Identity and Access Management (IAM) Engineer
specializing in
Directory Services
, with deep engineering expertise in
Active Directory
,
Azure AD (Entra ID)
, and hybrid identity architectures. This role goes beyond configuration: you will engineer resilient and scalable directory synchronization, federation, and Zero Trust-ready identity infrastructure, including complex coexistence between
AD, Azure AD, and Okta
, while enabling secure access across cloud ecosystems like
AWS and GCP
. You will also lead the transition of legacy Oracle directory services into a future state anchored in Azure AD and Okta, driving modernization and integration across the enterprise.
Principal Duties and Responsibilities
Directory Engineering & Coexistence
: Architect and manage synchronization between
Active Directory
,
Azure AD
, and
Okta
, including
Azure AD Connect
,
Cloud Sync
, and
Okta AD Agent
. Engineer identity normalization and conflict resolution across directories. Lead integration and deprecation planning for legacy
Oracle Directory Services
.
Federation & Authentication Infrastructure
: Implement and troubleshoot
SSO, MFA
, and federation across cloud and on-prem systems using
SAML, OIDC, OAuth2, Kerberos
, and
LDAP
. Resolve deep protocol-level issues for seamless identity assertions and claims transformation.
Hybrid Identity Architecture
: Design solutions for hybrid identity scenarios, including
multi-forest AD
,
tiered trust models
,
OU filtering
, and
custom attribute mapping
. Develop policies for
entitlement inheritance
,
group scoping
, and
role-based access control (RBAC)
. Strategically lead the convergence of on-prem identity sources into
Azure AD and Okta
as the long-term control plane.
Policy Engineering & Break-Glass Access
: Enforce
tiered administration
,
emergency access (break-glass)
strategies, and
Just-in-Time (JIT)
access models. Design policy enforcement frameworks for
device trust
,
geo-based access
, and
PIM/PAM escalation paths
.
Security Hardening & Resilience
: Implement
domain controller hardening
,
Kerberos security auditing
,
FSMO monitoring
, and
replication health checks
. Define
resilience engineering plans
, including
forest recovery
,
offline access
, and
AD restore procedures
. Migrate legacy directory dependencies to modern, policy-enforced platforms.
Cloud Platform Integration
: Extend AD and Azure AD into
AWS Managed AD
,
Simple AD
,
GCP Cloud Identity
, and support enterprise-wide SaaS federation. Architect secure cross-cloud identity federation and dynamic provisioning via
SCIM and Graph APIs
.
IAM Automation & Tooling
: Build scalable automation using
PowerShell
,
Python
, and identity-related APIs. Automate provisioning, dynamic group management, access requests, license allocation, and compliance logging. Monitor sync engine health with custom dashboards.
Operational Excellence & Documentation
: Lead incident response for identity service outages. Maintain runbooks, architecture diagrams, and escalation playbooks. Provide technical mentorship to IAM engineers and assist in policy governance reviews.
Collaboration with IGA & PAM
: Partner with
SailPoint
,
CyberArk
, and application owners to ensure holistic identity lifecycle. Design connectors, manage service accounts, and align provisioning logic between systems.
Required Qualifications:
7+ years in engineering enterprise
Active Directory
, including domain/forest architecture, GPOs, and trust models.
5+ years in
Azure AD/Entra ID
design, sync, and governance, including
Conditional Access
and
Graph API integration
.
Strong experience integrating AD/Azure AD with
Okta
(UD, AD agent, lifecycle automation, policy mapping).
Experience with
Oracle Directory Services
(OID/OUD) and decommissioning or integrating legacy identity stores.
Deep knowledge of
SAML, OIDC, OAuth 2.0, LDAP, Kerberos
authentication flows.
Proficient in
PowerShell
(required), with experience in
Python
,
REST API scripting
, and
monitoring/alerting integration
.
Experience implementing and reviewing
break-glass accounts
,
offline access
, and
Zero Trust-ready fallback paths
.
Preferred Qualifications:
Certifications:
Okta Certified Administrator/Consultant
,
Microsoft Identity & Access Administrator
, or
AWS Security
.
Hands-on experience with
SailPoint IdentityNow
,
CyberArk Core/EPM
, or equivalent.
Familiarity with
Zero Trust architecture
,
passwordless authentication
, and
risk-adaptive controls
.
Exposure to
CI/CD pipelines
,
policy-as-code
, and
IAM-as-code
practices.
Strong communication, documentation, and cross-functional collaboration skills.
Travel Requirements:
Occasional travel may be required for planning sessions, audits, or architecture workshops.
The anticipated pay range for this position is $100,900 - $160,800 annually. The actual base pay offered will vary depending on multiple factors including job- related knowledge/skills, relevant experience, business needs, and geographic location. In addition to base pay, this position is eligible for an annual discretionary bonus.
At Brunswick, it is not typical for an individual to be hired at or near the top end of the salary range for their role. Compensation decisions are dependent upon the specifics of the candidate’s qualifications and the business context.
This position is eligible to participate in Brunswick's comprehensive and high-quality benefits offerings, including medical, dental, vision, paid vacation, 401k (up to 4% match), Health Savings Account (with company contribution), well-being program, product purchase discounts and much more. Details about our benefits can be found here (https://www.brunswick.com/careers/culture-benefits/benefits) .
Why Brunswick:
Whatever tomorrow brings, we’ll be at the leading edge. As the clear leader in the marine industry, we’re committed to our values and supporting our exceptional people. We offer and encourage growth opportunities within and across our many brands. In addition, we’re proud of being recognized for making a splash with numerous awards (https://www.brunswick.com/careers) !
About Brunswick:
Brunswick Corporation is a leader in the marine industry, and we’re looking for people just like you to take part in the movement towards better boating for all. We rely on the thoughtful input of people from all backgrounds to create compelling, innovative products for our customers around the globe. As such, diversity, equity, and inclusion are priorities in the enduring culture of our company. As a world leader in emerging recreational products and technologies, when you join our team, you become part of some of the most innovative, forward-looking brands in the marine industry today.
Next is Now!
We value growth and development, recognizing that people come with a wealth of experience and talent beyond just the technical requirements of a job. If your experience is close to what you see listed here, please still consider applying.
Brunswick is an Equal Opportunity Employer and considers all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other characteristic protected by federal, state, or local law. Diversity of experience and skills combined with passion is key to innovation and inspiration and we encourage individuals from all backgrounds to apply. If you require accommodation during the application or interview process, please contact hrsharedservices@brunswick.com for support.
For more information about EEO laws, - click here (https://www.eeoc.gov/employees-job-applicants)
Brunswick and Workday (https://www.workday.com/en-us/service-privacy.html?&_rda=/company/service_privacy.php) Privacy Policies
Brunswick does not accept applications, inquiries or solicitations from unapproved staffing agencies or vendors. For help, please contact our support team at: hrsharedservices@brunswick.com or 866-278-6942.
All job offers will come to you via the candidate portal you create when applying through a posted position through https:///www.brunswick.com/careers . If you are ever unsure about what is being required of you during the application process or its source, please contact HR Shared Services at 866-278-6942 or HRSharedServices@brunswick.com .
#Brunswick Corporation