Identity and Access Management Specialist

Just imagine your future with us…
At Aurecon we see the future through a very different lens. Do you?

Innovation, eminence and digital are at the heart of everything we do. Are you excited about the future?

Are you driven by the opportunity to work on some of the most challenging and complex projects around the world and to learn from the best? We are.

Diversity is at the core of everything we do. We work together to create a culture based on respect, trust and inclusiveness. Our differences are what fuel our creativity.

What will you do?
Identity and Access Management (IDAM)
, is an IT security discipline, framework, and set of solutions for managing digital identities and access to resources. IDAM encompasses the provisioning and de-provisioning of identities, securing and authenticating identities, and authorizing access to resources and/or performing certain actions.

While a person (user) has a singular digital identity, they may have multiple accounts representing them, each with different access controls depending on the resource and context. The overarching goal of IDAM is to ensure that any given identity has access to the right resources (applications, databases, networks, etc.) within the correct context.

The
Identity and Access Management Specialist
is responsible for ensuring that the right people and things have the right access to the right resources at the right time, thereby maintaining security, efficiency, and compliance within the organization.

Here are the key things you will do to 'bring ideas to life'.

• Managing user onboarding, termination, and role changes.
• Managing file share access provisioning and user access provisioning/de-provisioning.
• Administering user authentication using tools such as Multi-Factor Authentication (MFA).
• Managing access to software and systems based on Active Directory.
• Managing admin consent requests in Azure Active Directory.
• Handling manual onboarding, termination, and role changes for privileged accounts.
• Managing RBAC roles to ensure appropriate access control across systems and applications.
• Regularly review and update role assignments to align with organizational needs and security policies.
• Conducting regular account reviews, including those for expired, dormant, and late-terminated accounts.
• Managing access to shared and personal mailboxes, creating shared mailboxes, and handling the creation and administration of distribution lists (DLs).
• Working closely with IT teams and stakeholders to integrate IAM solutions with existing systems and applications
• Implement & Configure enterprise app integrations in Azure AD, ensuring secure authentication and provisioning.
• Translate & Action Designs – Work from approved architectural designs, ensuring secure and efficient implementation.
• Manage Change & Risk – Raise, document, and implement changes while mitigating security risks.
• Optimize & Troubleshoot – Identify and resolve authentication, provisioning, and authorization issues.
• Configure and enforce Conditional Access Policies (CAP) to secure authentication and reduce attack surface.
• Implement risk-based access controls, including MFA enforcement, device compliance, and session controls.

What can you bring to the team?
Skills
Firstly, strong sense of responsibility, flexibility, and adaptability to varying request. Demonstrate excellent time management and organisational skills. And as part of a new team, you will have the opportunity to shape this role and have input into how we evolve it over time to WOW our employees and make an even bigger impact on the world. You will also need the following:

• At least 3 years of working experience in the related field is required for this position
• Has solid understanding of Group Policy and network architecture
• Knowledge and experience in the use of Service Management systems/tools (desirable)
• Experience in Microsoft Active Directory or CyberArk
• Has background with Azure Cloud Active Directory
• Experience in Azure Enterprise Applications, SAML, and SCIM integrations with deep knowledge of identity security best practices
• Expert understanding of Admin Consent workflows and User Delegated Permissions in OAuth/OpenID Connect
• Experience in reading and modifying scripts using PowerShell
• Experience with the concepts of user directories, identity lifecycle management, and identity attestation.
• Experience in Privileged Access Management
• Experience in Microsoft Office 365 platforms
• Experience with the concepts of authentication (e.g., Multi-Factor Authentication or MFA), authorization, Role-Based Access Control (RBAC), Single Sign-On (SSO)
• Proven experience in eliciting requirements and testing is a plus
• Familiar with ITIL v3/v4
• Experience in a global shared services organisation (desirable)

Our
Aurecon Attributes
describe the types of people we bring together for clients. We don't expect you to have all eight of the attributes, but one that is unique to you.

Finally, we value that each of our team members brings something different to Aurecon. We look for people who have had a broad range of experiences throughout their career and can demonstrate how they have worked as part of a team to bring ideas to life. Does that sound like you?

About Us
We've re-imagined engineering.

Aurecon is an engineering and infrastructure advisory company, but not as you know it

For a start, our clients' ideas drive what we do. Drawing on our deep pool of expertise, we co-create innovative solutions with our clients to some of the world's most complex challenges. And through a range of unique creative processes and skills, we work to re-imagine, shape and design a better future.

We listen deeply and intently, which helps us see opportunities, possibilities and potential that others can't. Think engineering. Think again.

Want to know more?
You can learn more about what it's like to work at Aurecon by visiting the careers section of our website.

If you are intrigued or excited by what you have read, then we want to hear from you. Apply now