Microsoft Identity and Access Management Engineer

Build a career powered by innovations that matter! At Novanta, our innovations power technology products that are transforming healthcare and advanced manufacturing-improving productivity, enhancing people s lives and redefining what s possible. We create for our global customers engineered components and sub-systems that deliver extreme precision and performance for a range of mission-critical applications-from minimally invasive surgery to robotics to 3D metal printing. Novanta is one global team with over 26 offices located in The Americas, Europe and Asia-Pacific. Looking for a great place to work? You have found it with a culture that embraces teamwork, collaboration and empowerment. Come explore Novanta. Position Overview Novanta is seeking a skilled Microsoft Identity and Access Management (IAM) Engineer to join our Information Technology team. This mid-level role is responsible for designing, implementing, and maintaining identity and access management solutions across the organization s Microsoft ecosystem. The ideal candidate brings 3-5 years of hands-on experience with Microsoft IAM technologies, a strong security mindset, and a passion for enabling secure, seamless access across a modern enterprise environment. Position Details: Job Title: Microsoft Identity and Access Management Engineer Department: Information Technology Location: United States (Remote) Employment Type: Full-Time Experience Level: Mid-Level (3-5 years) Reports To: VP of IT Key Responsibilities: • Design, implement, and maintain Microsoft Azure Active Directory (Azure AD / Entra ID) environments in hybrid and cloud-native configurations. • Manage user lifecycle processes including provisioning, de-provisioning, and role-based access control (RBAC) assignments. • Configure and maintain Conditional Access policies, Multi-Factor Authentication (MFA), and Single Sign-On (SSO) solutions. • Administer Microsoft Privileged Identity Management (PIM) and Privileged Access Management (PAM) solutions to enforce least-privilege principles. • Integrate SaaS applications and on-premises systems with Azure AD using SAML, OAuth 2.0, and OpenID Connect protocols. • Monitor identity infrastructure for threats, anomalies, and compliance gaps using Microsoft Defender for Identity and Microsoft Sentinel. • Support and manage on-premises Active Directory environments, Group Policy, and hybrid identity configurations (Azure AD Connect / Entra Connect). • Collaborate with security, compliance, and application teams to ensure IAM policies meet regulatory requirements including SOX, HIPAA, and GDPR. • Develop and maintain documentation, runbooks, and standard operating procedures for IAM systems and processes. • Troubleshoot identity-related incidents, service requests, and access issues in a timely and structured manner. • Participate in IAM roadmap planning, architecture reviews, and continuous improvement initiatives. Required Qualifications: • 3-5 years of experience in identity and access management, with a strong focus on Microsoft technologies. • Hands-on expertise with Azure Active Directory / Microsoft Entra ID, including tenant management and identity governance. • Proficiency in managing on-premises Active Directory and hybrid identity environments. • Experience designing and implementing SSO integrations using SAML, OAuth 2.0, and OpenID Connect. • Familiarity with Microsoft Privileged Identity Management (PIM) and Conditional Access policy configuration. • Practical knowledge of MFA solutions, including Microsoft Authenticator and FIDO2 security keys. • Experience with PowerShell scripting for IAM automation, reporting, and administration tasks. • Solid understanding of Zero Trust security principles and their practical application to identity and access management. • Bachelor s degree in Computer Science, Information Technology, Cybersecurity, or equivalent professional experience. Preferred Qualifications: • Microsoft certifications such as SC-300 (Microsoft Identity and Access Administrator Associate), AZ-500, or MS-500. • Experience with Microsoft Entra Verified ID, Entitlement Management, or Identity Governance features. • Familiarity with third-party PAM or IGA tools such as CyberArk, SailPoint, or Saviynt. • Experience with SIEM platforms, particularly Microsoft Sentinel, for identity threat detection and response. • Knowledge of compliance frameworks including SOX, HIPAA, NIST Cybersecurity Framework, and ISO 27001. • Exposure to DevSecOps practices and integration of IAM controls into CI/CD pipelines. Salary: • Competitive base salary commensurate with experience, plus annual performance bonus. • The salary for this role will range from 101,100 USD to 161,800 USD annual based on full-time employment. Salary offers are based on a wide range of factors including but not limited to location, relevant skills, training, experience, education, etc. • Certain roles may be eligible for performance...