Position summary: Cooley Technology embraces a culture of customer service excellence, and all members of the department are expected to move this agenda forward. To that end, the Technology Identity and Access Management (“IAM”) Engineer works independently and serves as a key contributor in designing, implementing, and operating secure, compliant, and scalable identity services. This role supports the firm’s IAM program across Entra ID (Azure AD), Privileged Access Management, Active Directory, SSO/MFA/Conditional Access, Identity Governance processes, Cloud Identity (AWS), and Certificate Lifecycle Management. The position partners closely with Cybersecurity, Innovation and Technology teams, HR, as well as business stakeholders to deliver reliable identity capabilities that protect firm data and enable business operations. Specific duties include, but are not limited to, the following:
Position responsibilities:
Deliver and operate IAM capabilities across provisioning, authentication, authorization, and identity lifecycle processes
Administer and improve Microsoft Entra ID (Azure AD) and on-prem Active Directory including account lifecycle management, group/role administration, delegations, and directory hygiene
Implement and support Single Sign-on (SSO), Multi Factor Authentication (MFA), and Conditional Access controls, ensuring authentication standards are applied consistently and exceptions are documented and governed
Engineer and maintain identity integrations for SaaS and on-prem applications, including federation and enterprise application configurations
Support the Privileged Access Management (PAM) program by onboarding privileged identities, implementing credential protection and rotation workflows, supporting access approvals and break-glass procedures
Execute identity governance workflows such as joiner/mover/leaver workflows, access requests, access reviews, exception handling, and remediation activities in coordination with IAM leadership and HR/Technology stakeholders
Implement cloud identity solutions using secure access patterns for human and workload identities, aligned to firm standards and least privilege
Contribute to certificate lifecycle management efforts, including inventory support, ownership mapping, issuance/renewal processes, and automation initiatives
Implement, manage and maintain internal and external certificate platforms
Automate and standardize IAM operations through scripting or other automation workflows to improve efficiency, consistency, and reliability
Monitor IAM systems and access posture for issues or anomalies and partner with Cyber Security and other Technology teams to resolve findings
Develop and maintain clear documentation, procedures, and runbooks for IAM systems and integrations
Participate in on-call rotation and after-hours support, as required
All other duties as assigned or required
Skills & experience:
Required:
After orientation at Cooley LLP, exhibit proficiency in the Microsoft Office suite, iManage and other firm applications
Ability to work extended and/or weekend hours, as required
Ability to travel, as required
4+ years of progressive IAM/directory/authentication or relevant experience in an enterprise environment
Hands-on experience with Entra ID (Azure AD) and Active Directory administration, including identity lifecycle management and enterprise account administration
Hands-on experience implementing and supporting SSO/MFA/Conditional Access controls
Experience with identity and access protocols such as SAML, OAuth, OpenID Connect, LDAP, and SCIM
Experience supporting or engineering Privileged Access Management (PAM) workflows
Experience working with cloud identity services, including roles, policies, and federation for human and workload identities
Ability to troubleshoot and resolve complex IAM issues and communicate solutions clearly to technical and non-technical stakeholders
Fluent in English (speaking and written communication)
Preferred:
Bachelor’s degree in computer science, Information Systems, or related field
Experience with PAM tooling and privileged identity workflows and/or identity governance
Familiarity with AWS IAM and broader cloud IAM patterns
PowerShell scripting (or equivalent) to support automation and operational consistency
Experience with CrowdStrike Identity Protection
Experience with Tenable Identity Exposure
Experience with SIEM solutions
Prior law firm or professional services experience
Relevant certifications such as CISSP, Azure, AWS or other IAM-focused certifications
Competencies:
Entrepreneurial by nature
Strong analytical and problem-solving skills, with the ability to design, implement and troubleshoot identity and access solutions
Demonstrates sound technical judgement when implementing authentication, access controls, and security integrations
Works independently while effectively prioritizing tasks and managing multiple workstreams
Communicates clearly and professionally with both technical and non-technical stakeholders
Maintains a high level of accuracy, documentation, and attention to detail in operational work
Adapts quickly to changing requirements, technologies, and priorities
Ability to organize, prioritize and coordinate multiple activities often under tight timelines
Ability to drive projects to completion and achieve goals
Strong judgment
Team-player with collaborative spirit
Direct Reports: No.