Lead Systems Engineer – Azure AD & IAM

Location : Downtown Toronto (3 days on-site mandatory)

Job Type : Permanent

Perks : Defined pension plan, generous vacation and PTO, 100% employer-paid health and medical benefits, annual cost of living adjustments

Our client, a prestigious crown corporation based in Ontario, is seeking a Lead Systems Engineer – Azure AD & IAM to join their high-performing IT Platform Services team. This is a key leadership role offering the chance to shape and modernize identity infrastructure across on-prem and cloud environments. This position is based in Downtown Toronto with a hybrid work model (3 days on-site mandatory).

About the Role

As the Technical Lead in Identity and Access Management (IAM), you’ll provide strategic and hands-on leadership to identity projects across Windows, Linux, AIX, Citrix, VMware, NetApp, Commvault, and UCS platforms. You will lead initiatives that support secure access and authentication for SaaS applications and hybrid infrastructure. If you are passionate about Identity to its core and thrive in a modern, transformation-driven environment, this role is for you.

Key Responsibilities

• Provide technical leadership across multiple infrastructure projects, with a deep focus on Identity, Authorization, and Federation .
• Design, implement, and manage secure, scalable IAM solutions across hybrid cloud environments.
• Drive policy creation for identity lifecycle, access provisioning, de-provisioning, RBAC / ABAC models, and federated authentication (SSO / SAML / OIDC).
• Support authorization for SaaS applications , integrating with HR systems, directories (Azure AD / AD), and mission-critical apps.
• Lead Privileged Access Management (PAM) strategies including vaulting, session monitoring, and just-in-time access.
• Work closely with the Platform Services Manager to define technical roadmaps and drive continuous improvement initiatives.
• Champion secure DevOps practices through scripting and automation (PowerShell, Python, Terraform).
• Oversee compliance alignment with PCI, NIST, ISO 27001, CIS , and internal audit requirements.
• Maintain and secure infrastructure components like Microsoft Entra ID (formerly Azure AD) , DNS , PKI , DHCP , and SIEM systems.
• Collaborate cross-functionally with security, infrastructure, and business teams to ensure secure and seamless access.

Must-Have Qualifications

• 10+ years of experience designing and maintaining complex infrastructure platforms.
• 5+ years in a leadership role with proven mentorship and project oversight experience.
• 5–10 years of enterprise-level Identity & Access Management experience.
• Deep hands-on experience with Microsoft Entra ID (Azure AD) , Active Directory, and modern IAM solutions such as Okta, CyberArk, SailPoint, Ping, or ForgeRock.
• Strong knowledge of federated identity protocols (SAML, OAuth, OIDC) and directory services (LDAP, AD).
• Scripting / automation proficiency in PowerShell, Python , or infrastructure as code tools like Terraform .
• Experience supporting hybrid and multi-cloud environments (Azure required; AWS and GCP nice to have).
• A security-first mindset with a drive to balance robust controls and positive user experience.

Nice-to-Haves

• Exposure to DNS, DHCP, PKI , and enterprise SIEM platforms .
• Experience working with platforms such as AIX, Citrix, VMWare, UCS, NetApp, Commvault .
• Familiarity with modern IGA solutions and workflows.

This is a high-impact, high-visibility role for a technologist looking to modernize identity and security in one of Ontario’s most trusted organizations. If you are a passionate identity engineer and a proven leader , apply now to help shape the future of enterprise access and authorization.