Company Overview
Group/Division
Job Description/Preferred Qualifications
Key Responsibilities
- Lead the design, implementation, and lifecycle management of AD, Entra ID, Group Policies, Conditional Access, MFA, SSO, and identity federation solutions.
- Architect secure and scalable IAM solutions aligned with Zero Trust principles.
- Define standards, patterns, and automation for identity provisioning, governance, authentication, and authorization.
- Drive modernization initiatives such as cloud identity adoption, passwordless authentication, and the reduction of legacy protocols.
- Lead in providing SOPs and technical knowledge to MSP partners for operating IAM .
- Own incident response and root cause analysis for identity‑related issues.
- Maintain compliance and audit readiness for regulatory and security frameworks (SOX, SOC2, ISO 27001, NIST, etc.).
- Lead and mature Privileged Identity & Access Management (PIM/PAM) programs using enterprise PAM tools.
- Implement least privilege, just‑in‑time access, privileged session recording, and administrative role governance.
- Monitor privileged activity and enforce strong authentication for high‑risk roles.
- Drive automation using PowerShell, APIs, workflows, and identity governance tools.
- Identify opportunities to improve scalability, resilience, and efficiency within IAM services.
- Stay current on emerging security trends, threats, and IAM technologies.
- Manage and mentor a team of IAM engineers and administrators.
- Engage with cross‑functional teams including security, networking, cloud, application owners, and compliance.
- Act as a subject matter expert (SME) and trusted advisor for identity‑related architecture and projects.
Minimum Qualifications
- 10+ years of experience in Identity & Access Management, including 3+ years leading technical teams.
- Deep expertise in:
- Active Directory (domains, trusts, GPOs, DNS, replication, delegation)
- Microsoft Entra ID / Azure AD (Conditional Access, MFA, SSO, SCIM, identity governance)
- PIM/PAM technologies (CyberArk, Entra PIM, etc.)
- Public Key Infrastructure (PKI) and certificate services (ADCS, HSMs, certificate lifecycle management)
- Strong hands-on experience with PowerShell and automation frameworks.
- Solid understanding of Zero Trust, identity lifecycle, RBAC/ABAC, and modern authentication (OAuth, SAML, OIDC).
- Excellent communication skills and ability to partner with both technical and non‑technical stakeholders.
- Certifications in AD, Azure, PIM, Security etc are a plus.
We offer a competitive, family friendly total rewards package. We design our programs to reflect our commitment to an inclusive environment, while ensuring we provide benefits that meet the diverse needs of our employees.
KLA is proud to be an equal opportunity employer
Be aware of potentially fraudulent job postings or suspicious recruiting activity by persons that are currently posing as KLA employees. KLA never asks for any financial compensation to be considered for an interview, to become an employee, or for equipment. Further, KLA does not work with any recruiters or third parties who charge such fees either directly or on behalf of KLA. Please ensure that you have searched KLA’s Careers website for legitimate job postings. KLA follows a recruiting process that involves multiple interviews in person or on video conferencing with our hiring managers. If you are concerned that a communication, an interview, an offer of employment, or that an employee is not legitimate, please send an email to [email protected] to confirm the person you are communicating with is an employee. We take your privacy very seriously and confidentially handle your information.


