Job Description
Company: Paramint
Location: Brooklyn, US
Job Title: Identity and Access Management (IAM) Engineer
Job Type: Full-Time, Contract (W2 Only, not available for C2C, C2H or 1099, and no sponsorship)
Contract Length: July 27, 2026 – July 25, 2027
Schedule: Monday–Friday, Normal Business Hours, 35 hours/week
Work Model: Hybrid (2 days on-site, 3 days remote) at 2 MetroTech Center, Brooklyn, NY 11201
Job Description
Paramint LLC is seeking a highly experienced Identity and Access Management (IAM) Engineer (Specialist 3) to support the Infrastructure Resilience Identity and Access Management team for a major New York City government agency.
This role will provide engineering, administration, and operational support for highly critical systems and infrastructure supporting multiple city agencies, including 24×7 operational environments such as NYC 311. The selected candidate will work across cloud and on-premises identity platforms, ensuring secure, resilient, and scalable access management solutions.
The IAM Engineer will serve as a senior technical resource responsible for Active Directory, Microsoft Entra ID, ManageEngine solutions, IAM operations, and Tier 2/3 support activities.
Key Responsibilities
Identity & Access Management Engineering
• Design, implement, maintain, and optimize enterprise IAM solutions
• Develop and manage role-based access control (RBAC) models
• Translate business and security requirements into IAM technical solutions
• Support enterprise authentication, authorization, and identity governance initiatives
Active Directory Engineering & Administration (30%)
• Administer and maintain Active Directory environments
• Design and implement directory services enhancements
• Troubleshoot complex AD issues and perform root cause analysis
• Support hybrid identity and synchronization solutions
Microsoft Entra ID Engineering & Administration (40%)
• Administer Microsoft Entra ID (formerly Azure Active Directory)
• Manage authentication, federation, conditional access, and identity lifecycle processes
• Support SAML, OAuth, and LDAP integrations
• Implement identity security best practices and governance controls
ManageEngine BSP Engineering & Operations (20%)
• Administer and support ManageEngine identity and security solutions
• Perform configuration, troubleshooting, and operational support activities
• Support ongoing enhancements and maintenance initiatives
IAM Tier 2/3 Support (10%)
• Provide advanced troubleshooting and incident resolution
• Participate in after-hours support activities as required
• Support critical systems requiring high availability and 24×7 operational coverage
• Assist with escalation management and service restoration efforts
Required Qualifications (Mandatory)
Candidates who do not meet the mandatory qualifications will not be considered.
• Minimum 12 years of hands-on experience designing, implementing, and supporting Identity and Access Management (IAM) solutions
• Extensive experience with: Active Directory / Microsoft Entra ID (Azure AD) / LDAP / SAML / OAuth
• Demonstrated experience delivering complex enterprise IAM projects
• Strong knowledge of Role-Based Access Control (RBAC) methodologies
• Exceptional analytical, troubleshooting, and problem-solving skills
• Ability to translate business requirements into secure technical solutions
• Strong written and verbal communication skills
• Experience collaborating with technical and business stakeholders across large organizations
Desirable Skills / Experience
• PowerShell scripting and automation
• Microsoft Azure administration
• Advanced Active Directory architecture and design
• Browser security and browser control technologies
• Experience supporting highly available, mission-critical environments
• Government or public sector experience
Application Process
To be considered, please email the following tohr@paramint.digital:
✔ Updated resume highlighting IAM, Active Directory, and Entra ID experience
✔ Two professional references (name, title, organization, email, phone)
✔ Confirmation of W-2 contract eligibility
✔ Confirmation of ability to work in the required hybrid schedule
✔ Summary of experience with Active Directory, Entra ID, SAML, OAuth, LDAP, and RBAC implementations
Pay: $75.00 – $85.00 per hour
Application Question(s):
• Are you willing to work under a W2 Contract? (This is NOT available for C2C, C2H or 1099, and NO sponsorship)
Location:
• Brooklyn, NY 11201 (Preferred)
Ability to Commute:
• Brooklyn, NY 11201 (Required)
Work Location: In person
Source: Indeed