Microsoft Identity and Access Management Engineer

Build a career powered by innovations that matter! At Novanta, our innovations power technology products that are transforming healthcare and advanced manufacturing—improving productivity, enhancing people’s lives and redefining what’s possible. We create for our global customers engineered components and sub-systems that deliver extreme precision and performance for a range of mission-critical applications—from minimally invasive surgery to robotics to 3D metal printing.Novanta is one global team with over 26 offices located in The Americas, Europe and Asia-Pacific. Looking for a great place to work? You have found it with a culture that embraces teamwork, collaboration and empowerment. Come explore Novanta.Position OverviewNovanta is seeking a skilled Microsoft Identity and Access Management (IAM) Engineer to join our Information Technology team. This mid-level role is responsible for designing, implementing, and maintaining identity and access management solutions across the organization’s Microsoft ecosystem. The ideal candidate brings 3–5 years of hands-on experience with Microsoft IAM technologies, a strong security mindset, and a passion for enabling secure, seamless access across a modern enterprise environment.Position Details:Job Title: Microsoft Identity and Access Management EngineerDepartment: Information TechnologyLocation: United States (Remote)Employment Type: Full-TimeExperience Level: Mid-Level (3–5 years)Reports To: VP of ITKey Responsibilities:Design, implement, and maintain Microsoft Azure Active Directory (Azure AD / Entra ID) environments in hybrid and cloud-native configurations.Manage user lifecycle processes including provisioning, de-provisioning, and role-based access control (RBAC) assignments.Configure and maintain Conditional Access policies, Multi-Factor Authentication (MFA), and Single Sign-On (SSO) solutions.Administer Microsoft Privileged Identity Management (PIM) and Privileged Access Management (PAM) solutions to enforce least-privilege principles.Integrate SaaS applications and on-premises systems with Azure AD using SAML, OAuth 2.0, and OpenID Connect protocols.Monitor identity infrastructure for threats, anomalies, and compliance gaps using Microsoft Defender for Identity and Microsoft Sentinel.Support and manage on-premises Active Directory environments, Group Policy, and hybrid identity configurations (Azure AD Connect / Entra Connect).Collaborate with security, compliance, and application teams to ensure IAM policies meet regulatory requirements including SOX, HIPAA, and GDPR.Develop and maintain documentation, runbooks, and standard operating procedures for IAM systems and processes.Troubleshoot identity-related incidents, service requests, and access issues in a timely and structured manner.Participate in IAM roadmap planning, architecture reviews, and continuous improvement initiatives.Required Qualifications:3–5 years of experience in identity and access management, with a strong focus on Microsoft technologies.Hands-on expertise with Azure Active Directory / Microsoft Entra ID, including tenant management and identity governance.Proficiency in managing on-premises Active Directory and hybrid identity environments.Experience designing and implementing SSO integrations using SAML, OAuth 2.0, and OpenID Connect.Familiarity with Microsoft Privileged Identity Management (PIM) and Conditional Access policy configuration.Practical knowledge of MFA solutions, including Microsoft Authenticator and FIDO2 security keys.Experience with PowerShell scripting for IAM automation, reporting, and administration tasks.Solid understanding of Zero Trust security principles and their practical application to identity and access management.Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or equivalent professional experience.Preferred Qualifications:Microsoft certifications such as SC-300 (Microsoft Identity and Access Administrator Associate), AZ-500, or MS-500.Experience with Microsoft Entra Verified ID, Entitlement Management, or Identity Governance features.Familiarity with third-party PAM or IGA tools such as CyberArk, SailPoint, or Saviynt.Experience with SIEM platforms, particularly Microsoft Sentinel, for identity threat detection and response.Knowledge of compliance frameworks including SOX, HIPAA, NIST Cybersecurity Framework, and ISO 27001.Exposure to DevSecOps practices and integration of IAM controls into CI/CD pipelines.Salary:Competitive base salary commensurate with experience, plus annual performance bonus.The salary for this role will range from 101,100 USD to 161,800 USD annual based on full-time employment. Salary offers are based on a wide range of factors including but not limited to location, relevant skills, training, experience, education, etc.Certain roles may be eligible for performance-based incentive compensation and/or long-term incentives. Incentives could be discretionary or non-discretionary depending on the pl