MathWorks · 3 days ago
Principal IAM/AD Engineer
Natick, MA
Full-time
Hybrid
Lead/Staff
$137K/yr - $219K/yr
10+ years expMathWorks has a hybrid work model that allows staff to balance office and home work. They are seeking a Principal IAM/AD Engineer to design secure, resilient Active Directory systems and automate identity operations while collaborating with various teams to enhance enterprise identity foundations.
AnalyticsDatabaseEducationEnterprise SoftwareSoftware
Hiring Manager
Max McConaghy
Responsibilities
Operate and maintain on‑premises Active Directory: domain controller health, patching, promotion/demotion, replication, sites/subnets, time services, SYSVOL/GPO health, and capacity monitoring
Implement and manage Entra ID capabilities: Conditional Access, Identity Protection risk policies, PIM, and app registrations/service principals
Monitor, troubleshoot, and optimize directory synchronization and identity lifecycle flows
Partner with our SOC to drive a successful ITDR program. Help build and tune detections to identify threats such as DCSync, Golden/Silver Ticket, Kerberoasting, pass‑the‑hash/ticket, risky sign‑ins, and impossible travel
Harden AD and Entra ID: apply baselines, admin tiering, PAW usage, secure delegation, privileged workflow controls, regular access reviews, and identity threat hunting
Automate identity operations and ITDR tasks with PowerShell and APIs (Graph/Entra): alert enrichment, response runbooks, access certifications, reporting, and drift remediation
Lead complex troubleshooting and incident response for identity (Kerberos/NTLM, replication, DCSync/Golden/Silver Ticket detections, Conditional Access failures); drive root cause and preventive actions
Produce runbooks, standards, and change records; mentor team members and collaborate with stakeholders to align IAM operations with business needs
Qualification
Required
A bachelor's degree and 10 years of professional work experience (or equivalent experience) is required
Preferred
7+ years in enterprise Active Directory operations and hardening including DC lifecycle management, sites/services, replication, BCDR, and observability
Hands-on experience with Microsoft Entra ID: Conditional Access, MFA, Identity Protection, PIM, app registration and service principal governance
Experience operating Azure AD Connect or Cloud Sync in hybrid identity environments
Identity Governance and Administration experience for provisioning, role/entitlement models, and access certifications
Proficiency with PowerShell, Python and Microsoft Graph/Entra APIs for automation
Experience with privileged access models and administrative tiering
Ability to support after-hours maintenance and incident response as needed
SSO/Federation: SAML/OIDC/OAuth; SCIM provisioning to SaaS apps
AD security: trusts, LDAP/LDAPS, constrained delegation, GPO hardening
PKI and certificates: AD CS, CRL/OCSP, auto enrollment, renewal automation for workloads and service principals/certs
Backup/Recovery: authoritative restore, forest recovery planning and drills
IaC/automation: DSC, GPO as Code, Git workflows; CI/CD familiarity for scripts/policies
Compliance familiarity: CMMC, NIST CSF/800‑53/171, ISO 27001
Company
MathWorks
Mathworks is a producer of MATLAB, a program for data and statistical analysis.
5001-10000 employees
H1B Sponsorship
MathWorks has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (387)
2024 (412)
2023 (381)
2022 (394)
2021 (377)
2020 (457)
Funding
Current Stage
Late StageLeadership Team
J
Jeanne O'Keefe
Chief Financial Officer and Senior Vice President
Marcus Hatfield
Vice President of Corporate Development and Partner Programs
Recent News
Company data provided by crunchbase