Microsoft Identity Engineer (FedRAMP Dayforce), NYC, NY
Nagaraju
Microsoft Identity Engineer (FedRAMP Dayforce), NYC, NY
Overview
Hands on engineer chartered to design, harden, and operate identity for a new FedRAMP Moderate Dayforce environment. You will map NIST 800 53/FedRAMP requirements to concrete Azure/Entra ID controls, run a passwordless, phishingâ resistant program with FIDO2
keys, and automate identity lifecycle and evidence for audits.
Key Responsibilities
Identity Architecture: Design tenant strategy; B2B/B2C patterns; app registrations, service principals, managed identities; RBAC and custom roles to enforce least privilege for SRE/product teams.
Access & Zero Trust: Implement Conditional Access, MFA, device compliance, JIT admin with PIM; govern authentication methods/policies for FIDO2/Windows Hello/Authenticator; integrate Entra ID with Dayforce apps, APIs, CI/CD, and Key Vault.
Compliance & Monitoring: Log privileged activity, role changes, and auth events into Microsoft Sentinel/Defender; automate JML (joiner/mover/leaver), access reviews, and PIM workflows with audit evidence.
FIDO2 Lifecycle Scale: Manage a fleet of 200+ security keys (enrollment, replacement, revocation); enforce model restrictions (AAGUID), attestation, backup/secondary keys, and Temporary Access Pass flows.
Automation & Devices: Heavy PowerShell/Microsoft Graph for onboarding, method checks, key inventory, and policy rollouts; integrate with Intune for Windows signâ€`in via security keys and device policies.
Secure App Mail (Supporting): Configure Proofpoint Secure Email Relay to authenticate and protect app generated email; enable DKIM/DMARC, DLP, and log to Sentinel.
Qualifications
Deep Microsoft Entra ID (Azure AD): auth methods, FIDO2 policy, Conditional Access, PIM, app registrations, managed identities, Key Vault.
Proven work in regulated cloud (FedRAMP/NIST/FISMA), with security automation, IaC, and SIEM/XDR (Sentinel/Defender).
Strong PowerShell and Graph; experience with Delinea PAM and One Identity IAM/IGA preferred; Intune/Windows signâ in integration.