Identity and Access Management ("IAM") Engineer

Cooley is seeking an IAM Engineer to join the Security team.

Position summary: Cooley Technology embraces a culture of customer service excellence, and all members of the department are expected to move this agenda forward. To that end, the Technology Identity and Access Management ("IAM") Engineer works independently and serves as a key contributor in designing, implementing, and operating secure, compliant, and scalable identity services. This role supports the firm's IAM program across Entra ID (Azure AD), Privileged Access Management, Active Directory, SSO/MFA/Conditional Access, Identity Governance processes, Cloud Identity (AWS), and Certificate Lifecycle Management. The position partners closely with Cybersecurity, Innovation and Technology teams, HR, as well as business stakeholders to deliver reliable identity capabilities that protect firm data and enable business operations. Specific duties include, but are not limited to, the following:

Position responsibilities:

• Deliver and operate IAM capabilities across provisioning, authentication, authorization, and identity lifecycle processes
• Administer and improve Microsoft Entra ID (Azure AD) and on-prem Active Directory including account lifecycle management, group/role administration, delegations, and directory hygiene
• Implement and support Single Sign-on (SSO), Multi Factor Authentication (MFA), and Conditional Access controls, ensuring authentication standards are applied consistently and exceptions are documented and governed
• Engineer and maintain identity integrations for SaaS and on-prem applications, including federation and enterprise application configurations
• Support the Privileged Access Management (PAM) program by onboarding privileged identities, implementing credential protection and rotation workflows, supporting access approvals and break-glass procedures
• Execute identity governance workflows such as joiner/mover/leaver workflows, access requests, access reviews, exception handling, and remediation activities in coordination with IAM leadership and HR/Technology stakeholders
• Implement cloud identity solutions using secure access patterns for human and workload identities, aligned to firm standards and least privilege
• Contribute to certificate lifecycle management efforts, including inventory support, ownership mapping, issuance/renewal processes, and automation initiatives
• Implement, manage and maintain internal and external certificate platforms
• Automate and standardize IAM operations through scripting or other automation workflows to improve efficiency, consistency, and reliability
• Monitor IAM systems and access posture for issues or anomalies and partner with Cyber Security and other Technology teams to resolve findings
• Develop and maintain clear documentation, procedures, and runbooks for IAM systems and integrations
• Participate in on-call rotation and after-hours support, as required
• All other duties as assigned or required

Skills & experience:

Required:

• After orientation at Cooley LLP, exhibit proficiency in the Microsoft Office suite, iManage and other firm applications
• Ability to work extended and/or weekend hours, as required
• Ability to travel, as required
• 4+ years of progressive IAM/directory/authentication or relevant experience in an enterprise environment. Senior level candidates must have 5+ years' directly applicable experience.
• Hands-on experience with Entra ID (Azure AD) and Active Directory administration, including identity lifecycle management and enterprise account administration
• Hands-on experience implementing and supporting SSO/MFA/Conditional Access controls
• Experience with identity and access protocols such as SAML, OAuth, OpenID Connect, LDAP, and SCIM
• Experience supporting or engineering Privileged Access Management (PAM) workflows
• Experience working with cloud identity services, including roles, policies, and federation for human and workload identities
• Ability to troubleshoot and resolve complex IAM issues and communicate solutions clearly to technical and non-technical stakeholders

Preferred:

• Bachelor's degree in computer science, Information Systems, or related field
• Experience with PAM tooling and privileged identity workflows and/or identity governance
• Familiarity with AWS IAM and broader cloud IAM patterns
• PowerShell scripting (or equivalent) to support automation and operational consistency
• Experience with CrowdStrike Identity Protection
• Experience with Tenable Identity Exposure
• Experience with SIEM solutions
• Prior law firm or professional services experience
• Relevant certifications such as CISSP, Azure, AWS or other IAM-focused certifications

Competencies:

• Entrepreneurial by nature
• Strong analytical and problem-solving skills, with the ability to design, implement and troubleshoot identity and access solutions
• Demonstrates sound technical judgement when implementing authentication, access controls, and security integrations
• Works independently while effectively prioritizing tasks and managing multiple workstreams
• Communicates clearly and professionally with both technical and non-technical stakeholders
• Maintains a high level of accuracy, documentation, and attention to detail in operational work
• Adapts quickly to changing requirements, technologies, and priorities
• Ability to organize, prioritize and coordinate multiple activities often under tight timelines
• Ability to drive projects to completion and achieve goals
• Strong judgment
• Team-player with collaborative spirit

Cooley offers a competitive compensation and excellent benefits package and is committed to fair and equitable employment practices.

EOE.

The expected annual pay range for this position with a full-time schedule is $130,000 - $195,000. Senior level candidates may be considered for this position and would be eligible for a higher salary range based on experience. Please note that final offer amount will be dependent on geographic location, applicable experience and skillset of the candidate.

We offer a full range of elective benefits including medical, health savings account (with applicable medical plan), dental, vision, health and/or dependent care flexible spending accounts, pre-tax commuter benefits, life insurance, AD&D, long-term care coverage, backup care for children and/or adults and other parental support benefits. In addition to elective benefit options, benefited employees receive firm-paid life insurance, AD&D, LTD, short term medical benefits as well as 21 days of Paid Time Off ("PTO") and 10 paid holidays each year. We provide generous parental leave and fertility benefits. New employees will attend a detailed benefit orientation to learn more about our many benefits and resources.