AI Identity Governance Engineer

Dice is the leading career destination for tech experts at every stage of their careers. Our client, TriCom Technical Services, is seeking the following. Apply via Dice today!

Our client is seeking an AI Identity Governance Engineer to lead IAM security architecture for our enterprise AI initiatives. This is a pioneering role that bridges traditional Identity and Access Management (IAM) with the emerging world of Generative AI. Your mission is to ensure that both human and non-human identities (AI agents) interact only with authorized data, maintaining strict compliance with aerospace and corporate security standards.

You will be responsible for the development and operation of our hybrid identity infrastructure (Microsoft Entra ID and Active Directory) while specifically designing the security "guardrails" for AI tools like Microsoft Copilot and custom LLMs.

Role

• Implement entitlement management and access reviews to control access to GenAI tools. Use Microsoft Purview sensitivity labels and DLP to prevent AI from ingesting or surfacing restricted internal data.
• Secure and govern Service Principals, Managed Identities, and API tokens used by AI agents and automated workflows to prevent unauthorized privilege escalation.
• Manage the lifecycle of Microsoft Entra ID and on-premise Active Directory, including trust relationships, schema extensions, and health monitoring.
• Design and enforce Conditional Access policies that target high-risk sign-ins and restrict AI platform access based on device compliance and geography.

Looking to advance your IT & Network Engineering career with relocation support? Explore IT & Network Engineering Jobs with Relocation Packages that include comprehensive packages to help you move and settle in your new role.

• Enforce Privileged Identity Management (PIM) for Just-In-Time (JIT) administrative access and monitor for anomalous behavior involving AI applications.
• Leverage PowerShell and Microsoft Graph API to automate identity provisioning and revocation workflows.
  
  

Qualifications

Candidates need to have four or more years of progressive IAM experience in a Microsoft environment.

Required

• Deep expertise in Microsoft Entra ID (Azure AD), Active Directory, and Group Policy.

Discover our full range of relocation jobs with comprehensive support packages to help you relocate and settle in your new location.

• Hands-on experience with Microsoft Purview (Information Protection, Data Lifecycle Management) and DLP.
• Solid understanding of how to secure non-human/workload identities and govern LLM access within an enterprise environment.
• Proficiency in PowerShell scripting and Microsoft Graph API.
• Strong grasp of DNS, DHCP, and VPN as they relate to authentication flows.
  
  

referred

• Microsoft Certifications - Identity and Access Administrator (SC-300) or Information Protection Administrator (SC-401).

Interested in relocating to United State? Check out our comprehensive Relocation Jobs in United State page with detailed relocation packages and benefits.

• Experience configuring security controls for Microsoft 365 Copilot.
• Experience with Entra Verified ID or decentralized identity standards.
  
  

Job Details

Location: 100% On-site in Duluth, MN or Knoxville, TN

Employment Type: Direct Hire (Permanent)

Target Salary: ~$115,000 + Performance-based Bonus

<span style="font-size: 10.

Relocation: Full relocation package available