Temporary Azure Security Engineer Jobs (NOW HIRING)

We are seeking a contractor IAM/RBAC Engineer with deep hands-on experience in Microsoft Entra ID (formerly Azure AD) and Azure Role-Based Access Control (RBAC). The engineer will design, implement, and administer access controls across Azure resources, enforce least-privilege principles, and support secure, auditable access for privileged and non-privileged users. This role focuses on practical, scalable identity solutions, strong authenticator management, and consistent access governance and monitoring.

• Define and maintain an enterprise role taxonomy across Azure resources.
• Map permissions to roles and enforce least-privilege access via security groups and role assignments.
• Prohibit broad, direct privilege assignments; document role-to-permission mappings and changes.

• Implement Just-in-Time (JIT) workflows for elevated access with approvals and time-bound permissions.
• Establish usage restrictions and configuration norms for VPN/jump hosts/privileged sessions.
• Define and oversee emergency access ("break-glass") procedures, incident notification, and review.

• Configure multi-factor authentication (MFA) for privileged roles using strong authenticators (e.g., smartcards or security keys).
• Provision Azure AD administrator roles for services such as SQL where applicable.
• Enforce managed identities for applications (e.g., App Service, Function Apps) and centralize identity control to reduce reliance on local service keys.

• Ensure authorized users safeguard issued authenticators.
• Prevent unencrypted, embedded static credentials in code, images, and configurations; enforce password and memorized secret parameters per enterprise standards.

• Author and maintain policies, standards, and operating procedures for access controls.
• Conduct periodic access reviews and support audit evidence collection.
• Maintain inventories of assets/data and baseline configurations in alignment with enterprise configuration management practices.

• Configure Azure-native monitoring and logging for identity and access events.
• Route alerts to service owners/security teams and support audit readiness across access-related controls.
• Validate use of emergency access through incident workflows and post-event review.

• Advanced knowledge of Microsoft Entra ID (Azure AD), Azure RBAC, security groups, privileged identity management (PIM), and JIT access workflows.
• Hands-on experience with Azure Policy and resource configurations, including enabling managed identities, provisioning Azure AD admin roles for services, and minimizing local service key usage.
• Familiarity with Azure monitoring and logging capabilities, AAA (authentication, authorization, accounting) concepts, and integration with approval workflow tools.
• Strong understanding of least-privilege access design and practical application of access control best practices in Azure.
• Competence in baseline configuration management and maintaining accurate asset/data inventories.

• Demonstrated experience implementing least-privilege design at scale and articulating the rationale for RBAC in Azure.
• Ability to author and maintain IAM policies and procedures, perform access reviews, and support audit evidence and control test preparation.
• Proven capability to implement and govern remote/elevated access, emergency access processes, and related incident handling.
• Strong communication and documentation skills for technical writing and stakeholder coordination.
• Ability to collaborate across engineering, security, and operations teams to drive consistent, compliant access practices.

• Experience integrating identity workflows with enterprise approval systems and ticketing/incident processes.
• Exposure to application identity design patterns and CI/CD controls for secret management.
• Background in supporting audit readiness for access controls in cloud environments.

• Duration: 12 month contract opportunity
• Hybrid Work Model: 4 days onsite required weekly in NYC office
• Rate Range: $90-100/hr. W2 (based on experience)