Responsibilities
Identity and Access Management Architecture
- Lead DOM's migration from on-premises Active Directory to Microsoft
Entra ID as the authoritative identity source.
- Architect and maintain Zero Trust-based authentication and
authorization models aligned with CMS MARS-E (or ARCAMPE) requirements.
- Configure and manage SAML, OAuth, and OIDC integrations for
enterprise and line-of-business applications.
- Implement enterprise application provisioning and SCIM-based
integrations within Entra ID.
- Support Access Packages and Access Reviews to strengthen identity
governance.
2. Lifecycle Automation and Integration
- Develop and maintain PowerShell scripts and Logic Apps to automate
identity lifecycle operations (joiners, movers,
- leavers).
- Extend automation for Workday-Entra ID integration to enable seamless
onboarding and offboarding workflows.
- Design and implement ServiceNow integration with Entra ID and
Workday to achieve fully automated access
- provisioning and deprovisioning.
- Establish monitoring, exception handling, and logging for lifecycle
workflows.
3. Device and Endpoint Management
- Align device management with Entra ID Conditional Access and
security posture standards.
4. Governance, Risk, and Compliance
- Align all identity and access functions with HIPAA, MARS-E, and
ARC-AMPE frameworks.
- Support policy creation and implementation for identity governance,
external identity management, and guest access control.
- Advise on least-privilege access models, periodic entitlement
reviews, and compliance documentation.
- Collaborate with DOM's Information Security and Compliance teams to
ensure audit readiness.
5. Cloud Service Modernization and Technical Leadership
- Provide architectural direction for continued migration of email,
file services, and endpoint management to Microsoft 365 / Azure.
- Configure and secure line-of-business applications to leverage
Entra ID for both AuthN and AuthZ.
- Deliver technical workshops and architectural sessions to DOM staff
to ensure skills transfer and sustainability.
- Maintain alignment with Microsoft's latest cloud identity and
security best practices.
Required Skills
- 10+ years of experience designing and implementing Microsoft
identity and security solutions for enterprise or public sector clients.
- Proven ability to deliver and support large, complex migrations to
O365 and Azure services.
- Strong scripting and automation background (PowerShell, Logic Apps,
Graph API).
- Experience with Kusto Query Language (KQL).
- Deep expertise with Workday, ServiceNow, Entra ID, Intune, and
identity governance frameworks.
- Demonstrated ability to engage effectively with both executive
stakeholders and technical teams.
- Experience ensuring compliance with HIPAA, MARS-E (or ARC-AMPE)
standards.
- Experience supporting GCC tenants.
-
Preferred Skill
- Current certifications demonstrating expertise in the
administration of Microsoft Entra, Identity Governance, Azure, M365, and
Security.
- Experience working with state government agencies, particularly
Medicaid.
We are an equal opportunity employer. All aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, national origin, citizenship/ immigration status, veteran status, or any other status protected under federal, state, or local law.