Senior Identity and Access Engineer

Morgan, Lewis & Bockius LLP, one of the world’s leading global law firms with offices in strategic hubs of commerce, law, and government across North America, Asia, Europe, and the Middle East, is seeking to hire a Sr. Identity and Access Engineer. Reporting to the Manager of Identity and Access Management, the Sr. Identity and Access Engineer provides mentoring to fellow engineers and contributes great things to the team with respect to knowledge transfer and advanced knowledge of Identity Access Management (IAM) engineering fundamentals.

This position will reside in our Philadelphia office with a hybrid in-office/remote working schedule.

Responsibilities:

• Respond to strategies provided by the Architecture and Engineering team and its management for implementation and oversight and will be called upon to resolve the highest-level technical issues. In addition, this person will partner with applicable teams to ensure secure, scalable, and compliant identity services.

• Develop innovative IAM strategies and take ownership of these through all phases.

• Deliver enterprise-wide IAM, identity governance, and authentication solutions in a hybrid cloud capacity.

• Design and implement lifecycle management automation for joiner, mover and leaver scenarios.

• Implement role-based access control (RBAC) and apply the concept of least-privilege.

• Provide programmatic solutions to include PowerShell, JSON, SQL, LDAP, and object-oriented languages for IAM systems.

• Collaborate with other IAM team members on system design, architecture, and strategies to provide high levels of customer satisfaction.

• Integrate enterprise applications for SSO and set up provisioning/offboarding.

• Lead key meetings including technical, cross-functional, and stakeholder meetings.

• Ensure Enterprise services and servers remain operational and monitor Active Directory, EntraID, and IAM services.

• Provide after-hours support as needed to address incidents, system maintenance.

• Create and maintain architecture and documentation for IAM systems.

• Represents the team during the audit and ISO 27001 certification process.

• Participate in on-call support rotation.

Education and experience:

• A bachelor's degree from a four-year college or university.

• 5 years of hands-on experience in Identity and Access Management / Identity Governance engineering roles.

• 5 years of experience with Cloud technologies (Azure, AWS, GCE) in a hybrid/multi-cloud identity environment.

• Solid understanding of identity federation protocols (SAML, OAuth, OpenID Connect) and access governance concepts.

• Problem-solving and analytical skills; ability to handle complex, time-sensitive incidents.

• Excellent communication skills and ability to collaborate across technical and non-technical stakeholders.

Technical requirements:

• Expertise in MS Active Directory (design, administration, Group Policy, replication, trusts, privileged access).

• Proficiency with MS Entra ID (conditional access, PIM, hybrid identity, SSO/MFA, entitlement management, access reviews).

• Advanced PowerShell scripting skills for automation, reporting, integrating, and administration of AD/Entra ID/SailPoint environments.

• Experience implementing and supporting SailPoint (Identity Now, IdentityIQ, or Identity Security Cloud), including custom workflows, rules, transforms, connectors, certifications, and integrations.

• SailPoint Certified IdentityIQ Engineer / IdentityNow Administrator is preferred.

• Familiarity with security frameworks (NIST, Zero Trust, ISO 27001); compliance requirements (SOX, GDPR, HIPAA, etc.); PAM tools (e.g., CyberArk, Delinea) are a plus.

• Core back-end technologies (Microsoft Windows 2019 Server and above, Varonis, LDAP, Cloud Identity solutions, and related IAM software solutions), ISO 27001 principles.

#LI-Hybrid

Morgan, Lewis & Bockius LLP is committed to equal employment opportunity and providing reasonable accommodations to applicants with physical and/or mental disabilities. We value inclusion and solicit applications from all qualified applicants without regard to race, color, gender, sex, age, religion, creed, national origin, ancestry, citizenship, marital status, sexual orientation, physical or mental disability, medical condition, veteran status, gender identity, genetic information, or any other characteristic protected by federal, state, or local law.

Pursuant to applicable state and municipal Fair Chance Laws and Ordinances, we will consider for employment qualified applicants with arrest and conviction records.

California Applicants : Pursuant to the California Consumer Privacy Act, the following link contains the Firm's California Consumer Privacy Act Privacy Notice for Candidates which explains the categories of personal information that we collect and the purposes for which we use such personal information. CCPA Privacy Notice for Candidates

Morgan, Lewis & Bockius, LLP reasonably accommodates applicants and employees who need them to perform the essential functions of the job because of disability, religious belief, or other reason protected by applicable law. If you believe you need a reasonable accommodation during the application process, please contact Talent Acquisition at 888.534.5003 or talent.acquisition@morganlewis.com

If hired, y our employment relationship with the firm will be on an "at-will" basis, meaning that the firm may modify the terms and conditions of your employment at any time, and that either you or the firm will be free to end the relationship at any time with or without cause and with or without advance notice, although reasonable notice would be expected.