Apply on Employer Site

Cooley LLP · 20 hours ago

Identity and Access Management (“IAM”) Engineer

Chicago

Full-time

Onsite

Mid, Senior Level

$130K/yr - $195K/yr

4+ years exp

Cooley LLP is seeking an IAM Engineer to join their Security team. The IAM Engineer will design, implement, and operate secure identity services, supporting the firm's IAM program across various platforms and working closely with Cybersecurity and Technology teams.

LegalProfessional ServicesDocument Preparation

Comp. & Benefits

H1B Sponsor Likely

Responsibilities

Deliver and operate IAM capabilities across provisioning, authentication, authorization, and identity lifecycle processes

Administer and improve Microsoft Entra ID (Azure AD) and on-prem Active Directory including account lifecycle management, group/role administration, delegations, and directory hygiene

Implement and support Single Sign-on (SSO), Multi Factor Authentication (MFA), and Conditional Access controls, ensuring authentication standards are applied consistently and exceptions are documented and governed

Engineer and maintain identity integrations for SaaS and on-prem applications, including federation and enterprise application configurations

Support the Privileged Access Management (PAM) program by onboarding privileged identities, implementing credential protection and rotation workflows, supporting access approvals and break-glass procedures

Execute identity governance workflows such as joiner/mover/leaver workflows, access requests, access reviews, exception handling, and remediation activities in coordination with IAM leadership and HR/Technology stakeholders

Implement cloud identity solutions using secure access patterns for human and workload identities, aligned to firm standards and least privilege

Contribute to certificate lifecycle management efforts, including inventory support, ownership mapping, issuance/renewal processes, and automation initiatives

Implement, manage and maintain internal and external certificate platforms

Automate and standardize IAM operations through scripting or other automation workflows to improve efficiency, consistency, and reliability

Monitor IAM systems and access posture for issues or anomalies and partner with Cyber Security and other Technology teams to resolve findings

Develop and maintain clear documentation, procedures, and runbooks for IAM systems and integrations

Participate in on-call rotation and after-hours support, as required

All other duties as assigned or required

Qualification

Entra ID (Azure AD)Active DirectorySSO/MFA/Conditional AccessPrivileged Access Management (PAM)Identity governanceCloud identity servicesIdentity access protocolsPowerShell scriptingSIEM solutionsCISSP certificationAWS IAM

Required

After orientation at Cooley LLP, exhibit proficiency in the Microsoft Office suite, iManage and other firm applications

Ability to work extended and/or weekend hours, as required

Ability to travel, as required

4+ years of progressive IAM/directory/authentication or relevant experience in an enterprise environment. Senior level candidates must have 5+ years' directly applicable experience

Hands-on experience with Entra ID (Azure AD) and Active Directory administration, including identity lifecycle management and enterprise account administration

Hands-on experience implementing and supporting SSO/MFA/Conditional Access controls

Experience with identity and access protocols such as SAML, OAuth, OpenID Connect, LDAP, and SCIM

Experience supporting or engineering Privileged Access Management (PAM) workflows

Experience working with cloud identity services, including roles, policies, and federation for human and workload identities

Ability to troubleshoot and resolve complex IAM issues and communicate solutions clearly to technical and non-technical stakeholders

Preferred

Bachelor's degree in computer science, Information Systems, or related field

Experience with PAM tooling and privileged identity workflows and/or identity governance

Familiarity with AWS IAM and broader cloud IAM patterns

PowerShell scripting (or equivalent) to support automation and operational consistency

Experience with CrowdStrike Identity Protection

Experience with Tenable Identity Exposure

Experience with SIEM solutions

Prior law firm or professional services experience

Relevant certifications such as CISSP, Azure, AWS or other IAM-focused certifications

Benefits

Medical

Health savings account (with applicable medical plan)

Dental

Vision

Health and/or dependent care flexible spending accounts

Pre-tax commuter benefits

Life insurance

AD&D

Long-term care coverage

Backup care for children and/or adults

Other parental support benefits

Firm-paid life insurance

AD&D

LTD

Short term medical benefits

21 days of Paid Time Off (“PTO”)

10 paid holidays each year

Generous parental leave

Fertility benefits

Company

Cooley LLP

Glassdoor4.0

Clients partner with Cooley on transformative deals, complex IP and regulatory matters, and high-stakes litigation.

Founded in 1920

Palo Alto, California, USA

1001-5000 employees

http://www.cooley.com

H1B Sponsorship

Cooley LLP has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (28)

2024 (10)

2023 (15)

2022 (18)

2021 (22)

2020 (14)

Funding

Current Stage

Late Stage

Leadership Team

Victor Nunez

Chief Operating Officer

Charley Haley

Partner

Recent News

Law360

Cybersecurity & Privacy Group Of The Year: Cooley

2026-02-02

FinSMEs

Cork Raises $5.5M in Seed Funding

2026-01-23

Coinspeaker

Cork Raises $5.5M via a16z CSX, Road Capital to Build Tokenized Risk Platform

2026-01-22

Company data provided by crunchbase