IAM/RBAC Engineer

New York, NY


Apply Save

Type: Contract-to-Hire

Category: Engineer

Industry: Financial Services

Reference ID: JN -062026-107581

Date Posted: 06/23/2026

Shortcut: http://careers.eliassen.com/wanedj


Description:

Hybrid 4 days onsite in either New York, NY or Pitt, PA or Lake Mary, FL

 

Our client seeks an IAM/RBAC Engineer to design, implement, and administer access controls in Microsoft Entra ID and Azure RBAC. The contractor will enforce least-privilege, govern privileged and remote access, strengthen authenticator management, and maintain audit-ready documentation and monitoring across Azure environments.

 

This is a contract to hire opportunity. Applicants must be willing and able to work on a w2 basis and convert to FTE following contract duration. For our w2 consultants, we offer a great benefits package that includes Medical, Dental, and Vision benefits, 401k with company matching, and life insurance.

 

Rate: $82.00 to $92.00/hr. w2


Responsibilities:
  • Define and maintain an enterprise Azure RBAC role taxonomy and document role-to-permission mappings.
  • Map permissions to roles and enforce least-privilege via security groups and scoped role assignments.
  • Eliminate broad direct privilege assignments and track changes to access models.
  • Implement PIM and JIT workflows for elevated access with approvals and time-bound permissions.
  • Establish standards for VPN, jump hosts, and privileged session configurations and restrictions.
  • Define and manage emergency access procedures with incident notification and post-event review.
  • Configure MFA for privileged roles using strong authenticators such as smartcards or security keys.
  • Provision Azure AD administrator roles for applicable services, including SQL.
  • Enforce managed identities for applications and reduce reliance on local service keys.
  • Prevent unencrypted static credentials in code and enforce secret hygiene standards.
  • Author and maintain IAM policies, standards, and operating procedures.
  • Conduct periodic access reviews and support audit evidence collection.
  • Maintain asset and data inventories and baseline configurations aligned with configuration management.
  • Configure Azure-native monitoring and logging for identity and access events.
  • Route alerts to service owners and security teams and support audit readiness.

Experience Requirements:
  • Advanced knowledge of Microsoft Entra ID, Azure RBAC, security groups, PIM, and JIT access workflows.
  • Hands-on experience with Azure Policy, managed identities, and Azure AD admin role provisioning.
  • Familiarity with Azure monitoring and logging and AAA concepts.
  • Strong understanding of least-privilege design and access control best practices in Azure.
  • Competence in baseline configuration management and accurate inventory maintenance.
  • Experience implementing least-privilege at scale and articulating Azure RBAC rationale.
  • Ability to author IAM policies and procedures, perform access reviews, and support audits.
  • Proven capability governing remote and elevated access and emergency access processes.
  • Effective communication and documentation skills for technical writing and stakeholder coordination.
  • Ability to collaborate with engineering, security, and operations teams for compliant access practices.
  • Nice-to-have: Integration with approval systems and ticketing, application identity patterns and CI/CD secret controls, and audit readiness for cloud access controls.

Recruitment Transparency Notice
 
Eliassen Group values transparency in our recruitment practices. Please be advised that Eliassen Group utilizes artificial intelligence (AI) tools as part of its initial application screening and hiring process. You may receive email and SMS notifications from the Eliassen Virtual Recruiting Team (noreply@eliassen.com, 781-808-2924) inviting you to complete a brief voice screening as part of your application process. These tools assist our hiring teams in different ways, including but not limited to, assistance in reviewing application materials to help identify candidates whose qualifications most closely match the requirements of the position. All AI-assisted evaluations and responses are reviewed by human recruiters before any hiring decisions are made. The use of AI in our process is intended to support fairness, efficiency, and consistency, and Eliassen Group takes measures to prevent bias or discrimination in connection with its hiring practices. By proceeding, you acknowledge, agree, and consent to Eliassen Group’s use of these tools, including AI tools, as part of the application and hiring process.
 

Skills, experience, and other compensable factors will be considered when determining pay rate. The pay range provided in this posting reflects a W2 hourly rate; other employment options may be available that may result in pay outside of the provided range.

W2 employees of Eliassen Group who are regularly scheduled to work 30 or more hours per week are eligible for the following benefits: medical (choice of 3 plans), dental, vision, pre-tax accounts, other voluntary benefits including life and disability insurance, 401(k) with match, and sick time if required by law in the worked-in state/locality.
If anyone reaches out to you about an open position connected with Eliassen Group, please ensure that you are working directly with us by confirming the following:

· When you work with Eliassen Group, all email communication will come from an Eliassen.com address, never Gmail, Yahoo, etc.

· Eliassen Group will never ask you for personal information (home address, bank account, or check routing number) until you have worked with someone clearly associated with Eliassen Group.

If you have any indication of fraudulent activity, please contact fraud@eliassen.com.

 
About Eliassen Group:
 
Eliassen Group is a strategic consulting firm that helps organizations reach further and achieve more through our technology, business advisory, and life sciences solutions. For nearly 40 years, we have combined exceptional people, deep domain expertise, and intelligent capabilities to expand our clients’ capacity and accelerate meaningful outcomes. We are driven by a purpose to positively impact the lives of our employees, clients, consultants, and the communities we serve.
 
Eliassen is committed to building a diverse and inclusive team from a variety of backgrounds, perspectives, and skills. We are an Equal Opportunity and Affirmative Action Employer and all employment decisions are based on merit, performance, and business needs. Eliassen does not discriminate on the basis of race, color, gender identity or expression, sexual preference or orientation, sex (including pregnancy, childbirth, and related medical conditions), marital status, creed, religion, physical or mental disability, genetic information, military or veteran status, age, ancestry, national origin, citizenship status, prohibited criminal record inquiries of applicants and employees, or any other category protected by federal, state, or local laws.
 
Don’t miss out on our referral program! If we hire a candidate that you refer us to then you can be eligible for a $1,000 referral check!
 

  • Lead Privileged Access Management (PAM) Engineer

     Washington, DC

    Description: Hybrid 2 Days Onsite/3 Days Remote in Washington, DC Our client seeks a Lead Privileged Access Management (PAM) Engineer to design, implement, and operate enterprise PAM solutions across a complex federal hybrid cloud environment. The role...

    Date Posted: 06/02/2026 Recommended

  • Senior Help Desk Technician

     Washington, DC

    Description: On-site 5 days/week in Washington, DC Our client seeks a Senior Help Desk Technician to deliver advanced frontline technical support across enterprise systems. The role supports end users with hardware, software, mobile devices, and cloud ...

    Date Posted: 06/22/2026 Recommended

  • Senior AWS Cloud Engineer (Infrastructure/IaC)

     Anywhere

    Description: Remote Our client is seeking an AWS Cloud Engineer III to operate and secure an enterprise AWS environment across multiple accounts. The role will manage account lifecycle processes, provision and maintain infrastructure with Terraform, en...

    Date Posted: 06/11/2026 Recommended

  • AWS Cloud Architect

     Anywhere

    Description: Remote Our client seeks a cloud architect to design, implement, and govern secure AWS environments across development, testing, and production. The role covers enterprise architecture, AI implementation support, infrastructure as code, Dev...

    Date Posted: 05/31/2026 Recommended

  • Senior AWS Cloud Engineer (IaC/Networking)

     Anywhere

    Description: Remote Our client seeks an experienced AWS Cloud Platform Engineer to support an enterprise AWS environment managing 100+ accounts, 250+ serverless functions, and a robust infrastructure-as-code ecosystem aligned to digital transformation ...

    Date Posted: 06/11/2026 Recommended

  • Associate Network Security Engineer

     Fenton Cary, NC

    Description: Associate Network Security Engineer Cary, NC • Hybrid Our client is seeking an Associate Cybersecurity Engineer for a 12‑month contract, with potential for permanent conversion, to support the Information Security organization. This role f...

    Date Posted: 05/31/2026 Recommended

  • Software Architect III — Security & AI, Web Application Development

     Greenwood Village, CO

    Description: Hybrid 4 onsite / 1 work from home in Greenwood Village, CO Our client seeks a Software Architect III to design and deliver secure, scalable cloud-native web application platforms on AWS. You will own end-to-end architecture from Terraform...

    Date Posted: 06/08/2026 Recommended

  • Salesforce Architect / Senior Developer

     Washington, DC

    Description: Hybrid Primary place of performance is HYBRID. The role involves travel to the client site in Washington, DC. At a minimum, 1-2 days per week, onsite is required. On-site attendance may also be required during system rollout activities. in...

    Date Posted: 05/31/2026 Recommended

  • Cybersecurity Architect

     Orange, CA

    Description:On-site in Orange, CA Our client seeks a Cybersecurity Architect to support the Orange County Sheriff’s Department. This role provides technical leadership for enterprise security architecture, safeguarding assets, systems, and data against...

    Date Posted: 06/22/2026 Recommended

  • Mid Systems Engineer, PAM (CyberArk)

     Washington, DC

    Description: On-site in Washington, DC Step into the role of a Senior-Level CyberArk Engineer supporting our client at the Department of Transportation. You will contribute to deploying and maintaining a Privileged Access Management solution across dev...

    Date Posted: 06/16/2026 Recommended

  • Dynamics CRM Technical Architect

     Anywhere

    Description: Remote Our client seeks a Dynamics CRM Technical Architect to design and govern scalable Dynamics 365 and Power Platform solutions aligned with strategic objectives. The architect will define technical standards, guide developers, lead sol...

    Date Posted: 06/01/2026 Recommended

  • Director, Cloud Infrastructure and Engineering

     Owing Mills, MD

    Description: Hybrid up to three days per week from home in either Owing Mills, MD or Baltimore, MD Our client seeks a Director of Cloud Infrastructure and Engineering to lead a globally distributed team that designs, develops, and deploys cloud infrast...

    Date Posted: 06/03/2026 Recommended

  • Cybersecurity Firewall Analyst

     Charlotte, NC

    Description: Hybrid 3 on in Charlotte, NC Our client seeks a Cybersecurity Firewall Analyst to support next-generation firewall administration, operations, and policy governance across enterprise and regulated environments. The role includes incident r...

    Date Posted: 06/20/2026 Recommended

  • Cloud & Network Infrastructure Engineer

     Washington, DC

    Description: On-site 5 days/week in Washington, DC Our client requires a senior Cloud and Network Infrastructure Engineer to lead cloud and on‑premises network design, implementation, and operations. The role focuses on hybrid connectivity, security, a...

    Date Posted: 06/08/2026 Recommended

  • Lead Cybersecurity Engineer

     Washington, DC

    Description: Hybrid 2 Days Onsite/3 Days Remote in Washington, DC Our client seeks a Lead Cybersecurity Engineer to design and implement enterprise security solutions across a hybrid federal environment. The role will lead engineering initiatives spann...

    Date Posted: 06/04/2026 Recommended

  • Senior Software Engineer - Risk Team

     Los Angeles, CA

    Description: Hybrid in Los Angeles, CA Our client seeks a Senior Software Engineer for the Risk Team to design and deliver scalable, secure, and resilient backend services supporting fraud detection, risk scoring, and compliance automation. The role re...

    Date Posted: 06/10/2026 Recommended

  • SOC Analyst

     Washington, DC

    Description: Hybrid 2 Days Onsite/3 Days Remote in Washington, DC Our client seeks a SOC Analyst to support continuous monitoring, detection, analysis, and response to cybersecurity events across hybrid cloud and on-premises environments. The analyst w...

    Date Posted: 06/02/2026 Recommended

  • System Administrator - Mid

     Cambridge, MA

    Description: Hybrid 2 days/ WK in Cambridge, MA Our client seeks a System Administrator - Mid to support a federal program in Cambridge, MA. The role will manage day-to-day administration of Windows-centric infrastructure across on-prem and cloud envir...

    Date Posted: 06/18/2026 Recommended

  • Senior Cybersecurity Analyst

     Anywhere

    Description: Remote Our client seeks a Senior Cybersecurity Analyst to lead proactive defense, guide security architecture, and drive incident response and risk mitigation. The role manages and configures enterprise security tools while advancing best ...

    Date Posted: 06/09/2026 Recommended

  • Security Analyst/Information Systems Security Officer

     Fort Meade, MD

    Description: Onsite in Fort Meade, MD Our client seeks a Security Analyst serving as an Information Systems Security Officer to lead implementation and enforcement of security policies aligned to NIST frameworks. The role will conduct continuous monito...

    Date Posted: 06/18/2026 Recommended

  • Automation / SOAR Engineer

     Washington, DC

    Description: Hybrid 2 Days Onsite/3 Days Remote in Washington, DC Our client seeks an Automation / SOAR Engineer to design, develop, and implement automation solutions within a federal cybersecurity operations environment. The role focuses on building ...

    Date Posted: 06/02/2026 Recommended

  • Lead Software Engineer BaaS Team

     Anywhere

    Description: Remote Our client seeks a Lead Software Engineer for the BaaS team to support partner onboarding and platform enhancements. The role focuses on building scalable, secure, and high-performance systems that enable embedded financial services...

    Date Posted: 06/11/2026 Recommended

  • Lead Engineer

     Los Angeles, CA

    Description: Hybrid Remote to start that will eventually go hybrid in Los Angeles, CA Our client is seeking a Lead Engineer with deep expertise in .NET, C#, SQL Server, and Azure. You will lead backend-focused initiatives to build scalable, cloud-nativ...

    Date Posted: 06/16/2026 Recommended

  • Platform Architect

     Anywhere

    Description: Remote Our client seeks a ServiceNow Platform Architect to lead architecture, governance, and strategic evolution of the enterprise ServiceNow platform. The role defines platform direction, ensures scalable and secure implementations, and ...

    Date Posted: 06/15/2026 Recommended

  • SIEM Engineer

     Washington, DC

    Description:Hybrid 2 Days Onsite/3 Days Remote in Washington, DC Our client seeks a SIEM Engineer to support enterprise security monitoring, detection engineering, and log management within a federal SOC environment. The role administers SIEM platforms...

    Date Posted: 06/02/2026 Recommended

  • Cloud Solution Architect

     Merrimack, NC

    Description:On-site in Merrimack, NC Our client seeks a Cloud Solution Architect to drive end-to-end solution architecture within Institutional Wealth Management Services. The architect will partner with product sponsors, agile squads, and peer archite...

    Date Posted: 05/26/2026 Recommended

  • NOC Analyst

     Washington, DC

    Description: Hybrid 2 Days Onsite/3 Days Remote in Washington, DC Our client seeks a NOC Analyst to support enterprise network and infrastructure monitoring within a 24x7 federal operations environment. The role encompasses real-time monitoring, event ...

    Date Posted: 06/02/2026 Recommended

  • Sr. Software Engineer II

     Washington dc, DC

    Description:On-site in Washington, DC Our client seeks a Sr. Software Engineer II to design and manage enterprise endpoint security solutions across DoD and IC environments. The role requires deep expertise with Trellix and Windows/Linux systems, leade...

    Date Posted: 06/01/2026 Recommended

  • Manager of the IT Service Desk

     Anaheim, CA

    Description: Hybrid 3 days onsite in Anaheim, CA Our client seeks a Manager of the IT Service Desk to lead end user computing, collaboration, and back office systems across branch, corporate, and remote locations. The role manages help desk operations,...

    Date Posted: 06/08/2026 Recommended

  • Senior Full-Stack Developer

     Lake Mary, FL

    Description: Hybrid 4 days onsite in Lake Mary, FL Our client seeks a Senior Full-Stack Engineer with a backend and database focus to build and support applications for alternative asset servicing and private equity funds. The role emphasizes Java, Spr...

    Date Posted: 06/24/2026 Recommended

Eliassen Group is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status. Eliassen Group’s Affirmative Action Plan (AAP) is available for inspection by any employee or applicant for employment upon request, during normal business hours of Monday through Friday, 8:30am to 5:30pm EST. Interested persons should contact Phaedra Wells at pwells@eliassen.com for assistance. It is unlawful in Massachusetts and Maryland to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Applicants with disabilities that believe they require an accommodation or assistance with a position, please email our HR team at hradmin@eliassen.com. This email inbox is designed exclusively to assist job seekers whose disability prevents them from being able to apply online. Emails sent for other purposes will not receive a response.


Please be advised that a number of fraudulent job postings have been released under the Eliassen Group brand.

Unfortunately, fraudulent job postings can happen. If anyone reaches out to you about an open position connected with Eliassen Group, never provide personal or financial information to anyone who is not clearly associated with Eliassen Group

If anyone seemingly from Eliassen Group has ever requested this personal information in the past or does so in the future, please contact fraud@eliassen.com.

Please ensure that you are working directly with us by confirming the following:

  • When you work with Eliassen Group, all email communication will come from an Eliassen.com address, never Gmail, Yahoo, etc.
  • Eliassen Group will never ask you for personal information (home address, bank account, or check routing number) until you have worked with someone clearly associated with Eliassen Group, as indicated above