At Schwab, you’re empowered to make an impact on your career. Here, innovative thought meets creative problem solving, helping us “challenge the status quo” and transform the finance industry together.
We believe in the importance of in-office collaboration and fully intend for the selected candidate for this role to work on site in the specified location(s).
We are seeking a highly experienced Senior IAM Engineer with strong architecture responsibility and deep expertise in Microsoft Entra ID, Active Directory, and modern Identity & Access Management (IAM) principles. This role operates in a large-scale, highly regulated enterprise environment and is responsible for driving enterprise-wide identity architecture, designing zero‑trust–aligned access controls, modernizing hybrid identity environments, and delivering secure, scalable, and compliant identity solutions.
Key ResponsibilitiesIdentity Architecture & StrategyDesign, implement, and maintain end-to-end Identity & Access Management architectures using Microsoft Entra ID and Active Directory.Establish a long‑term identity strategy aligned with business, security, and regulatory requirements.Architect secure hybrid identity models including Entra Connect, cloud sync strategies, and identity lifecycle automation.Drive adoption of Zero Trust identity principles, including continuous evaluation and least-privilege access.Microsoft Entra ID ExpertiseLead design and optimization of Conditional Access policies, authentication flows, MFA, passwordless strategies (FIDO2, Windows Hello Business), and identity protection.Architect, standardize, and provide oversight for Entra ID Governance capabilities—PIM, access reviews, entitlement management, custom roles, and segregation of duties.Oversee configuration of Entra applications, service principals, federations, SCIM provisioning, and SSO integrations (SAML/OIDC/OAuth2).Active Directory (AD) & Hybrid IdentityDesign secure, resilient, and scalable Active Directory forests, domains, GPO structures, and privileged access boundaries.Lead initiatives to modernize AD security posture (tiered administration models, privileged access isolation, delegated administration, and secure baselines).Implement AD hardening, lifecycle management, group governance, and remediation of legacy dependencies.IAM Governance & SecurityDevelop identity standards, patterns, security baselines, and governance frameworks.Ensure compliance with regulatory requirements such as SOX, HIPAA, GDPR, ISO 27001, and internal audit controls.Provide guidance for RBAC/ABAC models, identity lifecycle management, privileged access governance, and application onboarding.Design identity controls that are auditable, measurable, and automatable, supporting internal risk assessments and regulatory compliance.Collaborate with cloud platform and DevSecOps teams to integrate identity controls into cloud landing zones, CI/CD pipelines, and enterprise architectures.Partner with security operations to integrate identity telemetry, threat detection, and incident response workflows.Cross-Functional CollaborationWork closely with Security Engineering, Application Owners, Cloud Platform Engineering & Architecture, and Infrastructure teams.Provide architectural direction during acquisition integration, cloud migrations, and modernization projects.Deliver architecture diagrams, roadmaps, threat models, and solution documentation.Thought LeadershipDrive IAM as a shared enterprise platform, balancing security, user experience, and operational resiliency.Stay current with identity trends, Entra roadmap updates, and emerging threats.Recommend continuous improvement opportunities across authentication, authorization, and identity governance.Mentor engineers and guide best practices on identity design and operations. What you have Required Qualifications8+ years of experience in Identity & Access Management, architecture or engineering.Deep expertise in:Microsoft Entra ID (Azure AD), Conditional Access, Identity Protection, Entra GovernanceActive Directory design, replication, DNS, GPO, PKI, delegation modelsSSO protocols: OAuth2, OIDC, SAML, WS-FedIdentity lifecycle automation and provisioningZero Trust architecture principlesStrong knowledge of MFA, passwordless, risk-based policies, and authentication flows.Experience securing hybrid identity using Entra Connect, federation services, and cloud-only patterns.Expertise building Terraform IaC resources and guardrails for identity services through reusable modules and automated CI/CD pipelines.Proficiency with PowerShell or automation frameworks.Strong understanding of IAM risk management, audit requirements, and regulatory standards.
Preferred QualificationsMicrosoft certifications: SC-300, SC-100, AZ-305, or equivalent.Experience with:Privileged Access Workstations (PAW)Microsoft Identity Manager (MIM) or other ILM solutionsConditional Access advanced configurations and automationEnterprise-scale identity consolidation and domain migration projectsModern IAM stacks (SailPoint, CyberArk, Okta)Background security architecture, threat modeling, or penetration testing related to identity systems. Options Apply for this jobApplyShareRefer a friendRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Share on your newsfeed
What’s in it for you
At Schwab, you’re empowered to shape your future. We champion your growth through meaningful work, continuous learning, and a culture of trust and collaboration—so you can build the skills to make a lasting impact. Our Hybrid Work and Flexibility approach balances our ongoing commitment to workplace flexibility, serving our clients, and our strong belief in the value of being together in person on a regular basis.
We offer a competitive benefits package that takes care of the whole you – both today and in the future:
401(k) with company match and Employee stock purchase plan Paid time for vacation, volunteering, and 28-day sabbatical after every 5 years of service for eligible positions Paid parental leave and family building benefits Tuition reimbursement Health, dental, and vision insurance Application FAQsSoftware Powered by iCIMS
www.icims.com