Job Description
The Identity Engineer supports Milliman’s global Identity & Access Management service by engineering, operating, and improving standardized identity capabilities for a decentralized global firm. This role helps provide secure, scalable, and consistent workforce and client identity services while enabling Practice IT teams and product groups to administer resources within defined boundaries.
The role balances hands-on engineering, operational support, automation, and stakeholder guidance across Okta, Microsoft Entra ID, Active Directory, Auth0, and related identity platforms. The Identity Engineer collaborates with colleagues in Infrastructure, Operations, Cloud Services, Information Security, application teams, and Practice IT administrators to reduce risk, improve reliability, simplify user access, and mature Milliman’s global identity operating model. This role reports to the Manager of Infrastructure and Cloud Services.
This is a remote India-based role, preferably aligned to the New Delhi/NCR area, supporting Milliman’s global identity services. The position requires collaboration with distributed teams across time zones, clear written handoffs, and some schedule flexibility for global meetings, planned changes, operational escalations, and occasional identity-related incidents. While the role is primarily remote, occasional in-office participation may be expected for business needs such as U.S. leadership visits, local IT team gatherings, planning sessions, team workshops, or similar collaboration events.
Duties/Responsibilities
Identity Architecture & Engineering
- Engineer and operate Milliman’s centralized workforce identity services, including Okta Workforce Identity, Microsoft Entra ID, Active Directory, MFA, SSO, lifecycle management, and identity integrations.
- Support Milliman’s decentralized IT model by enabling delegated administration for Practice IT teams while maintaining consistent identity standards, guardrails, auditability, and least-privilege access.
- Design, configure, test, and support SSO and federation integrations for SaaS, internal, cloud, and practice-managed applications using SAML, OIDC/OAuth, SCIM, and related protocols.
- Maintain and improve identity lifecycle processes for onboarding, offboarding, leave, name changes, group and role assignment, license assignment, and account reconciliation across HR, Okta, AD, and Entra ID.
- Administer and improve Entra ID capabilities including enterprise applications, app registrations, service principals, managed identities, Conditional Access, privileged roles, and hybrid identity synchronization.
- Operate and modernize Active Directory services, including domain controllers, OU delegation, group policy, DNS dependencies, replication, security groups, privileged access patterns, and migration paths toward cloud-first identity.
Standardized Identity Services & Delegated Administration
- Establish and maintain standards, implementation patterns, runbooks, and support documentation for IAM services used across Milliman practices.
- Enable Practice IT and product teams to manage approved resources through delegated administration models for Okta, Entra ID, Active Directory, and Auth0 where appropriate.
- Clearly define service boundaries between GCS-managed identity platforms and practice-owned application permissions, groups, tenant configuration, and product-specific authorization.
- Support service catalog requests, ticket categorization, operational metrics, and knowledge articles that improve intake, routing, reporting, and transparency for identity work.
- Provide consultative guidance to internal IT teams on identity integration patterns, access control expectations, MFA requirements, account types, and operational readiness.
Security, Reliability & Access Governance
- Implement identity controls aligned to Milliman standards, including unique user identity, MFA, centralized authentication, least privilege, secure service account patterns, and audit readiness.
- Support privileged access improvements, including role governance, emergency access procedures, privileged account lifecycle controls, and future just-in-time access capabilities.
- Monitor, troubleshoot, and remediate identity-related issues such as provisioning failures, sync errors, authentication problems, stale access, misconfigured applications, and account access incidents.
- Enforce least-privilege access principles, just-in-time (JIT) provisioning, and privileged session monitoring across critical enterprise systems.
- Manage Duo Security or equivalent MFA platform including administrator configuration, policies, application enrollments, and IdP integration.
- Contribute to incident reviews, root-cause analysis, operational resilience improvements, and continuity procedures for identity-dependent services.
- Partner with Information Security and audit stakeholders to provide evidence, improve access review practices, and support compliance obligations.
Automation, Modernization & Roadmap Delivery
- Automate repetitive identity tasks using PowerShell, APIs, workflows, and infrastructure-as-code approaches where practical.
- Advance current and anticipated IAM initiatives such as Okta-to-Entra federation, Okta provisioning automation, group and role automation, passwordless authentication, client identity governance, Auth0 enterprise administration, and identity threat visibility.
- Evaluate new identity features and vendor capabilities, document recommendations, and help translate roadmap goals into practical implementation plans.
- Champion Zero Trust identity principles including continuous verification, device trust posture assessment, and risk-based Conditional Access policy design.
Required Skills & Attributes:
- Okta Workforce Identity administration, application integration, MFA, lifecycle management, workflows, and group-based assignment
- Microsoft Entra ID administration, Conditional Access, enterprise applications, app registrations, PIM concepts, B2B, service principals, and hybrid identity
- Active Directory administration in multi-domain or delegated environments, including groups, OUs, GPOs, DNS dependencies, and synchronization
- Auth0 or other client identity platforms, including tenant administration, organizations, enterprise connections, and delegated access models
- Identity protocols and standards including SAML, OIDC/OAuth, SCIM, LDAP, Kerberos, and modern authentication patterns
- Automation using PowerShell, REST APIs, Microsoft Graph, Okta APIs, workflow automation, or similar tooling
- Operational support practices including ticket handling, change enablement, runbooks, incident response, and stakeholder communications
- Clear written and verbal communication for global stakeholders, including documented handoffs, runbooks, status updates, and practical follow-through across time zones
Required Qualifications:
- Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Engineering, or related field; B.Tech/B.E., MCA, M.Sc., or equivalent professional experience also considered.
- 3+ years of experience in identity, infrastructure, cloud, security, or systems engineering roles.
- Hands-on experience administering at least two core identity platforms such as Okta, Microsoft Entra ID, Active Directory, Auth0, or equivalent technologies.
- Strong troubleshooting skills across identity, authentication, directory, network, endpoint, and application integration layers.
- Ability to communicate clearly with technical and non-technical stakeholders, including Practice IT administrators, project teams, security teams, and service owners.
- Ability to work effectively from India with global teams through asynchronous communication, documented procedures, operational handoffs, and reliable follow-through.
- Demonstrated ownership, sound judgment, documentation discipline, and ability to improve operational processes over time.
Preferred Skills and Qualifications:
- Experience in a global professional services, financial services, consulting, or similarly decentralized IT environment.
- Experience supporting shared services, delegated administration, or federated operating models across multiple business units or practices.
- Experience working with colleagues, stakeholders, or customers across India, the U.S., and other global regions.
- Exposure to identity governance, access reviews, privileged access management, passwordless authentication, identity threat detection, or Zero Trust initiatives.
- Experience with ITSM platforms, service catalog design, ticket taxonomy, operational reporting, and continuous improvement.
- Familiarity with cloud platforms such as Azure, AWS, or GCP and their identity integration models.
Relevant Certifications:
- Okta Certified Professional or Okta Certified Administrator
- Microsoft Certified: Identity and Access Administrator Associate (SC-300)
- Microsoft Certified: Azure Administrator Associate (AZ-104)
- Security+, CISSP, or other relevant security certification
- Relevant vendor certifications for PAM, IGA, cloud, or automation platforms
Key Competencies:
The following competencies define the behavioral and professional qualities expected for success in this role:
- Service Mindset — Understands that identity is a shared service supporting all Milliman practices and balances standardization with practical business needs.
- Security Judgment — Applies risk-based thinking to authentication, authorization, privileged access, and operational changes.
- Collaboration — Works effectively across GCS, Information Security, Practice IT, product teams, vendors, and project teams without relying on direct authority.
- Operational Discipline — Documents decisions, follows change practices, improves runbooks, and uses tickets and metrics to make work visible.
- Global Communication — Provides concise written updates, documents handoffs, and keeps work visible for teams operating across India, U.S., and other time zones.
- Automation Orientation — Looks for opportunities to reduce manual work, improve reliability, and create repeatable identity processes.
- Continuous Improvement — Uses incidents, audits, stakeholder feedback, and roadmap goals to mature Milliman’s IAM service over time.