[Hiring] Senior Active Directory / IAM Engineer @City of Hope

Role Description

As a successful candidate, you will:

• Lead the design, implementation, and ongoing management of our hybrid identity infrastructure—including on-premises Active Directory and Entra ID (formerly Azure AD)—to ensure secure, efficient, and scalable access to enterprise systems.
• Collaborate with cross-functional teams and regularly present technical strategies, risks, and performance metrics to executive leadership.
• Play a critical role in advancing City of Hope’s security posture through innovation, standardization, and continuous improvement in identity and access management practices.

IAM Solution Design and Implementation:

• Design, implement, and maintain IAM solutions to manage user identities, access privileges, and authentication mechanisms.
• Collaborate with stakeholders to gather requirements and ensure that IAM solutions align with business needs.

System Integration and Optimization:

• Integrate IAM solutions with existing systems, applications, and directory services.
• Optimize IAM workflows and processes to enhance efficiency and user experience.

Access Control and Authorization:

• Implement and manage role-based access controls (RBAC) to ensure that users have appropriate access permissions.
• Conduct regular access reviews and audits to maintain a secure access environment.

Authentication and Federation:

• Evaluate, implement, and manage authentication mechanisms, including multi-factor authentication (MFA).
• Implement and maintain identity federation solutions for seamless and secure access across systems.

Incident Response and Troubleshooting:

• Participate in incident response activities related to IAM, investigating and resolving security incidents.
• Troubleshoot and resolve IAM-related issues in a timely manner.

• Lead the administration, maintenance, and optimization of Microsoft Active Directory, including Group Policy Objects (GPOs), OU structures, trusts, and replication.
• Design, implement, and manage hybrid identity solutions between on-prem Active Directory and Entra ID (Azure AD).
• Maintain and enhance identity lifecycle processes (provisioning, deprovisioning, role-based access control) for both cloud and on-prem environments.
• Manage synchronization and federation services such as Azure AD Connect, ADFS, or Entra Connect Cloud Sync.
• Enforce identity governance policies including conditional access, MFA, and privileged access management in Entra ID.
• Monitor and troubleshoot authentication and authorization issues across Active Directory and Entra services.
• Develop and maintain automation scripts (e.g., PowerShell) to support IAM tasks and improve operational efficiency.
• Support audits and ensure compliance with security standards such as NIST, HIPAA, or ISO 27001 by maintaining clean identity records and access logs.
• Partner with cybersecurity, infrastructure, and application teams to integrate IAM services with enterprise platforms.

Qualifications

• Bachelor’s degree in related field; 4 additional years of experience plus the minimum experience requirement may substitute for minimum education.
• Seven or more years in a technology related field, with a minimum of 5 years in Identity and Access Management specific experience.
• Hospital/healthcare industry experience is desirable, but not required.
• Working knowledge of Information Security tools, practices, policies and processes in a multi-vendor environment with an emphasis on risk analysis, risk assessment and risk management.
• Management/Computer Information Systems (MIS/CIS), Computer/Electrical Engineering, Computer Science or related field.

Benefits

• City of Hope employees pay is based on the following criteria: work experience, qualifications, and work location.
• Comprehensive benefits available.