Identity Access Management & AI Governance Engineer Sr.

Job Summary

This position is responsible for the development and operation of our hybrid identity infrastructure (Microsoft Entra ID and Active Directory) and the security governance of enterprise AI tools. You will configure authentication, access policies, and data protection standards to ensure that AI applications (such as Microsoft Copilot and custom LLMs) are accessed securely and interact only with authorized data.

Duties and Responsibilities/Essential Functions

• Identity Infrastructure & Access Control
• Core IAM Operations: Manage and maintain Microsoft Entra ID (Azure AD) and on-premise Active Directory, including connect health, schema extensions, and trust relationships.  Development of auditing and reporting to business partners and stakeholders.
• Conditional Access: Design and enforce Conditional Access policies that specifically target high-risk sign-ins and restrict access to AI platforms based on device compliance and user location.
• SSO & Federation: Configure Enterprise Applications and SAML/OIDC integrations, ensuring strict authentication standards for third-party AI tools and SaaS platforms.
• AI Security Governance & Data Protection
• AI Access Governance: Implement entitlement management and access reviews to strictly control which users and groups have access to generative AI tools (e.g., Microsoft Copilot, ChatGPT Enterprise).
• Non-Human Identity Management: Secure and govern Service Principals, Managed Identities, and API tokens used by AI agents and automated workflows to prevent unauthorized privilege escalation.
• Data Labeling (Purview): Configure Microsoft Purview sensitivity labels and Data Loss Prevention (DLP) policies to prevent AI tools from ingesting or surfacing Restricted/Confidential internal data.
• Privileged Access & Monitoring
• Privileged Identity Management (PIM): Enforce Just-In-Time (JIT) access for administrative roles and monitor for unauthorized elevation of privileges related to AI infrastructure.
• Audit & Compliance: Monitor sign-in logs and audit trails for anomalous behavior involving AI applications, ensuring compliance with internal security frameworks.
• Lifecycle Management: Automate provisioning and de-provisioning workflows to ensure immediate revocation of access to AI tools upon employee departure.
• Training and Best practices:
• Coach team members on best practices in identity and access management, fostering a culture of security awareness and compliance

Qualifications

To perform this job successfully, an individual must be able to perform each essential function satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential functions.

• Bachelor’s degree in Computer Science, Information Technology or related field; or equivalent combination of education and experience
• IAM Experience: 4+ years of engineering experience with Microsoft Entra ID, Active Directory Domain Services (AD DS), and Group Policy.
• Data Governance: Hands-on experience with Microsoft Purview (Information Protection, Data Lifecycle Management) and DLP.
• AI Security Knowledge: Understanding of how to secure non-human identities (workload identities) and govern access to Large Language Models (LLMs) within an enterprise.
• Technical Skills: Proficiency in PowerShell scripting for automation and Microsoft Graph API.
• Networking: Solid understanding of DNS, DHCP, and VPN as they relate to authentication flows.

Preferred Qualifications

• Certifications: SC-300 (Identity and Access Administrator), SC-400 (Information Protection Administrator).
• Experience configuring "Entra Verified ID" or decentralized identity standards.
• Previous experience implementing guardrails for Microsoft 365 Copilot.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this position.  Duties, responsibilities and activities may change at any time with or without notice.  Work beyond 40 hours per week may be required. 

Cirrus is dedicated to a drug free work environment promoting equal employment opportunity.  Qualified applicants will receive consideration for employment without regard to race, sex, national origin, color, age, disability, religion, pregnancy, veteran status, marital and family status, sexual orientation, receipt of public assistance, genetic information or any other characteristic protected by applicable law.

Our Benefits: Cirrus provides a range of exciting benefits, including:   

• 401(k) Plan: Dollar-for-dollar match up to 5% after 90 days, with 100% vesting after one year of employment.
• Employer-Paid Coverages: Group term life, short- and long-term disability insurance.
• Comprehensive Health Coverage: Medical, vision, dental, with additional dependent coverage options.
• Free Health Tracking: With rewards for meeting health goals.
• Generous PTO: 120 hours accrued within the first year.
• Employee Referral Bonus: For referring talented candidates.
• Career Development: Tuition reimbursement and professional growth opportunities.
• Exclusive Discounts: Access to partner and marketplace discounts.
• Community & Engagement: Company and employee clubs at various locations.

These benefits are designed to support your well-being, growth, and enjoyment at Cirrus!

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.