Identity and Access Management (IAM) Engineer

June 11, 2026
$75 - $85 / hour

Job Description

Company: Paramint

Location: Brooklyn, US

Job Title: Identity and Access Management (IAM) Engineer

Job Type: Full-Time, Contract (W2 Only, not available for C2C, C2H or 1099, and no sponsorship)

Contract Length: July 27, 2026 – July 25, 2027

Schedule: Monday–Friday, Normal Business Hours, 35 hours/week

Work Model: Hybrid (2 days on-site, 3 days remote) at 2 MetroTech Center, Brooklyn, NY 11201

Job Description

Paramint LLC is seeking a highly experienced Identity and Access Management (IAM) Engineer (Specialist 3) to support the Infrastructure Resilience Identity and Access Management team for a major New York City government agency.

This role will provide engineering, administration, and operational support for highly critical systems and infrastructure supporting multiple city agencies, including 24×7 operational environments such as NYC 311. The selected candidate will work across cloud and on-premises identity platforms, ensuring secure, resilient, and scalable access management solutions.

The IAM Engineer will serve as a senior technical resource responsible for Active Directory, Microsoft Entra ID, ManageEngine solutions, IAM operations, and Tier 2/3 support activities.

Key Responsibilities

Identity & Access Management Engineering

• Design, implement, maintain, and optimize enterprise IAM solutions

• Develop and manage role-based access control (RBAC) models

• Translate business and security requirements into IAM technical solutions

• Support enterprise authentication, authorization, and identity governance initiatives

Active Directory Engineering & Administration (30%)

• Administer and maintain Active Directory environments

• Design and implement directory services enhancements

• Troubleshoot complex AD issues and perform root cause analysis

• Support hybrid identity and synchronization solutions

Microsoft Entra ID Engineering & Administration (40%)

• Administer Microsoft Entra ID (formerly Azure Active Directory)

• Manage authentication, federation, conditional access, and identity lifecycle processes

• Support SAML, OAuth, and LDAP integrations

• Implement identity security best practices and governance controls

ManageEngine BSP Engineering & Operations (20%)

• Administer and support ManageEngine identity and security solutions

• Perform configuration, troubleshooting, and operational support activities

• Support ongoing enhancements and maintenance initiatives

IAM Tier 2/3 Support (10%)

• Provide advanced troubleshooting and incident resolution

• Participate in after-hours support activities as required

• Support critical systems requiring high availability and 24×7 operational coverage

• Assist with escalation management and service restoration efforts

Required Qualifications (Mandatory)

Candidates who do not meet the mandatory qualifications will not be considered.

• Minimum 12 years of hands-on experience designing, implementing, and supporting Identity and Access Management (IAM) solutions

• Extensive experience with: Active Directory / Microsoft Entra ID (Azure AD) / LDAP / SAML / OAuth

• Demonstrated experience delivering complex enterprise IAM projects

• Strong knowledge of Role-Based Access Control (RBAC) methodologies

• Exceptional analytical, troubleshooting, and problem-solving skills

• Ability to translate business requirements into secure technical solutions

• Strong written and verbal communication skills

• Experience collaborating with technical and business stakeholders across large organizations

Desirable Skills / Experience

• PowerShell scripting and automation

• Microsoft Azure administration

• Advanced Active Directory architecture and design

• Browser security and browser control technologies

• Experience supporting highly available, mission-critical environments

• Government or public sector experience

Application Process

To be considered, please email the following tohr@paramint.digital:

✔ Updated resume highlighting IAM, Active Directory, and Entra ID experience

✔ Two professional references (name, title, organization, email, phone)

✔ Confirmation of W-2 contract eligibility

✔ Confirmation of ability to work in the required hybrid schedule

✔ Summary of experience with Active Directory, Entra ID, SAML, OAuth, LDAP, and RBAC implementations

Pay: $75.00 – $85.00 per hour

Application Question(s):

• Are you willing to work under a W2 Contract? (This is NOT available for C2C, C2H or 1099, and NO sponsorship)

Location:

• Brooklyn, NY 11201 (Preferred)

Ability to Commute:

• Brooklyn, NY 11201 (Required)

Work Location: In person

Source: Indeed