MathWorks logo

MathWorks

Principal IAM/AD Engineer

🇺🇸 Remote - Natick, MA

🕑 Full-Time

💰 TBD

💻 Information Technology

🗓️ October 21st, 2025

CI/CD ISO 27001 OAuth

Edtech.com's Summary

MathWorks is hiring a Principal IAM/AD Engineer. The role involves designing and maintaining secure Active Directory environments at scale, managing Microsoft Entra ID capabilities, automating identity operations, and collaborating with cross-functional teams to enhance identity security and Zero Trust controls.

Highlights
  • Operate and maintain on-premises Active Directory including domain controller health and replication.
  • Manage Microsoft Entra ID features such as Conditional Access, Identity Protection, and PIM.
  • Automate identity and ITDR operations using PowerShell and Graph/Entra APIs.
  • Lead troubleshooting and incident response for identity-related issues.
  • Partner with the SOC to build and tune identity threat detection programs.
  • Produce operational runbooks and mentor team members to align IAM practices with business needs.
  • Requires a bachelor’s degree and 10 years of professional experience, with proficiency in Microsoft Azure and Active Directory.
  • Preferred skills include enterprise AD hardening, experience with hybrid identity environments, Identity Governance, and automation using PowerShell and Python.
  • Knowledge of privileged access models, PKI/certificates, and compliance standards like NIST and ISO is valued.
  • Willingness to support after-hours maintenance and incident response as required.

Principal IAM/AD Engineer Full Description

Principal IAM/AD Engineer


Job Summary
Do you design secure, resilient Active Directory at scale and enjoy automating identity operations? Join our Security Operations IAM team responsible for enterprise identity foundations across on‑prem Active Directory and Microsoft Entra ID. We partner with Security Engineering, IT, and Compliance to deliver hardened directory services, modern authentication, ITDR capabilities and Zero Trust controls that enable the business. 

Responsibilities
  • Operate and maintain on‑premises Active Directory: domain controller health, patching, promotion/demotion, replication, sites/subnets, time services, SYSVOL/GPO health, and capacity monitoring. 
  • Implement and manage Entra ID capabilities: Conditional Access, Identity Protection risk policies, PIM, and app registrations/service principals. 
  • Monitor, troubleshoot, and optimize directory synchronization and identity lifecycle flows. 
  • Partner with our SOC to drive a successfulITDRprogram.Helpbuild and tune detections to identify threats such as DCSync, Golden/Silver Ticket, Kerberoasting, pass‑the‑hash/ticket, risky sign‑ins, and impossible travel. 
  • Harden AD and Entra ID: apply baselines, admin tiering, PAW usage, secure delegation, privileged workflow controls, regular access reviews, and identity threat hunting. 
  • Automate identity operations and ITDR tasks with PowerShell and APIs (Graph/Entra): alert enrichment, response runbooks, access certifications, reporting, and drift remediation. 
  • Lead complex troubleshooting and incident response for identity (Kerberos/NTLM, replication, DCSync/Golden/Silver Ticket detections, Conditional Access failures); drive root cause and preventive actions. 
  • Produce runbooks, standards, and change records; mentor team members and collaborate with stakeholders to align IAM operations with business needs. 

Minimum Qualifications
  • A bachelor's degree and 10 years of professional work experience (or equivalent experience) is required.
  • Experience with Microsoft Azure
  • Experience with active directory

Additional Qualifications
A successful candidate for this role will have a combination of some or all of the following skills/experience:
  • 7+ years in enterprise Active Directory operations and hardening including DC lifecycle management, sites/services, replication, BCDR, and observability. 
  • Hands-on experience with Microsoft Entra ID: Conditional Access, MFA, Identity Protection, PIM, app registration and service principal governance. 
  • Experience operating Azure AD Connect or Cloud Sync in hybrid identity environments. 
  • Identity Governance and Administration experience for provisioning, role/entitlement models, and access certifications. 
  • Proficiency with PowerShell, Python and Microsoft Graph/Entra APIs for automation. 
  • Experience with privileged access models and administrative tiering. 
  • Ability to support after-hours maintenance and incident response as needed. 
  • SSO/Federation: SAML/OIDC/OAuth; SCIM provisioning to SaaS apps. 
  • AD security: trusts, LDAP/LDAPS, constrained delegation, GPO hardening, PAWs. 
  • PKI and certificates: AD CS, CRL/OCSP, auto enrollment, renewal automation for workloads and service principals/certs. 
  • Backup/Recovery: authoritative restore, forest recovery planning and drills. 
  • IaC/automation: DSC, GPO as Code, Git workflows; CI/CD familiarity for scripts/policies. 
  • Compliance familiarity: CMMC, NIST CSF/800‑53/171, ISO 27001