ACCESS ENGINEER JOB DESCRIPTION

An Access Engineer decides who can access which systems, and who cannot. The work sits inside the security and IT infrastructure function, owning the corporate directory forest and the single sign-on service that most employees and contractors authenticate through every working day to reach the systems they need. What makes it demanding is that every access decision must later survive an audit, because internal and external reviewers inspect whether least privilege is actually held across thousands of employee and contractor accounts, and whether deprovisioning happened when people left. A wrong access grant can sit unnoticed for months.

As the Access Engineer, you govern how employees and contractors gain and lose system access, so that only the right people hold the right permissions at any moment. You operate within the security and IT infrastructure team, answering to internal and external auditors who test whether access controls actually hold.

Career Impact: Running identity governance that withstands internal and external audits marks you as a specialist trusted with regulated access decisions.

Business Impact: Tight provisioning and deprovisioning keep departed contractors and over-permissioned accounts from becoming the breach that exposes confidential company data.

Growth Opportunity: Mastering federation protocols and passwordless authentication moves you toward identity architect and IAM lead roles as enterprise zero-trust programs expand.

Company Value: The role sits in a Data Innovation Lab, building discovery and control over data held in on-premise shares and cloud storage.

• Design role-based access policies and least privilege models for the directory infrastructure and business-critical applications.
• Administer the directory forest and authentication services according to documented security policies and the organisational structure.
• Manage the identity lifecycle for employees and contractors, covering provisioning, approval routing, periodic review, and deprovisioning.
• Implement automation tooling for access requests and certification reviews to keep approvals consistent, fast, and auditable.
• Conduct internal access audits and support external auditors who examine identity and directory controls.
• Monitor systems and cloud assets for access anomalies, then escalate emerging security issues to the risk organisation.
• Develop self-service and federated authentication capabilities, including passwordless sign-in, to reduce password-related support load.
• Maintain accurate access records and documentation that withstand regulatory and audit review across the environment.

• Bachelor's degree in computer science, information technology, or a related field, or equivalent professional work experience.
• Four or more years of identity and access management or information security experience, including hands-on tooling implementation.
• Proven experience administering enterprise directory services and supporting centralised, secured user registration and authentication solutions.
• Working knowledge of role-based access control, least privilege modeling, and access governance within regulated environments.
• Experience conducting or supporting internal and external audits that examine identity and access controls.
• Solid grasp of information security fundamentals, including firewalls, vulnerability identification and mitigation, and access risk.
• Ability to maintain accurate access records and documentation that satisfy internal auditors and external regulators.
• Comfortable working out of hours and across remote sites to keep critical access systems available.

• Familiarity with identity federation protocols, including SAML, OIDC, and OAuth, that enable single sign-on across internal and external applications.
• Scripting and automation skills for streamlining access provisioning, certification reviews, and routine identity reporting tasks.
• Experience applying ITIL service management practices while operating within a virtualised infrastructure and storage environment.
• Exposure to penetration testing and network access control techniques that help strengthen overall identity defenses.

• Access review completion rate (%), showing certifications finished on schedule.
• Mean time to deprovision departed users (hours), limiting orphaned account exposure.
• Percentage of accounts meeting least privilege, measuring entitlement creep control.
• Audit findings on access controls (count), reflecting control health.
• Provisioning request turnaround time (hours), gauging access delivery speed.
• Authentication-related support tickets (count), tracking sign-on and password friction.
• Typical tools: enterprise directory and authentication services (commonly Active Directory).

• Base Salary Range: Approximately $110,000 to $155,000 annually for a senior individual contributor in most US metros.
• Bonus: Annual performance bonus, commonly 8 to 15 percent of base salary.
• Equity: Modest restricted stock units at larger enterprises; uncommon at smaller employers.
• Health Benefits: Medical, dental, and vision coverage with meaningful employer premium contributions.
• PTO: Fifteen to twenty-five paid days off, plus recognized US holidays.
• Common Perks: Security certification reimbursement, remote flexibility, and out-of-hours or on-call stipends.

Figures are estimates based on general US market benchmarks and may be outdated. Adjust based on location, company size, and seniority level.

Because this position grants access to confidential systems and data, employment is contingent on completing a background check. All qualified applicants receive consideration without regard to race, color, religion, sex, national origin, age, disability, or any other characteristic protected by federal, state, or local law. Reasonable accommodations are available to applicants and employees with disabilities upon request. Candidates must be authorized to work in the United States.

The Access Engineer builds enterprise IP network architectures and installs physical hardware at customer premises, resolving outages across LAN, WAN, and WIFI platforms. Reporting to the network operations group, the engineer partners with vendors and Sales to identify network needs and keep service provider infrastructure running reliably.

Key Responsibilities

• Configure, provision, and install physical hardware, including at customer premises.
• Undertake client assessments and site surveys, including wireless surveys and physical audits.
• Support and contribute toward new network design architectures, including network upgrades, testing, and validation of enterprise architectures.
• Resolve outage and trouble conditions on network platforms, and engage vendors for support and execution of vendor-identified actions.
• Perform day-to-day services, installations, support requests, troubleshooting, and system maintenance.
• Support new product deployments with installation, integration, testing, documentation, and training.
• Develop methods, standard operating procedures, and detailed network designs for troubleshooting and network applications.
• Design IP network enterprise architectures, and maintain and troubleshoot the WIFI network.
• Work with vendors to ensure equipment operates properly and resolve problems.
• Work with customers, directly or through Sales, to identify network needs and solutions impacting design and support.
• Perform team tasks with other members of the group.
• Define and document production support requirements, escalation procedures, issue tracking, and troubleshooting guidelines.

Required Qualifications

• Bachelor's degree in Engineering, Computer Science, Telecommunications, or a related field, or equivalent work experience in network engineering or operations.
• Cisco certified CCNA/JNCIA, mandatory, and CCNP, desirable, or equivalent experience.
• Experience working for or with service provider networks from an enterprise access perspective.
• Experience with the configuration and administration of Cisco, Juniper, or equivalent routers and switches, and designing and troubleshooting Cisco wireless networks.
• Understanding of firewalls and concepts, including ACLs, NAT, IPSEC, and SSL, and good knowledge of DNS, DHCP, TACACS, Radius, and other commonly used protocols.
• Strong technical expertise in maintaining and troubleshooting enterprise-level complex network infrastructures, including LAN, WAN, data carriers, and firewalls, with strong knowledge of enterprise infrastructure design, dependencies, and documentation.
• Good knowledge of LAN, Ethernet-based products, IPv4, IPv6, QoS, Multicast, MPLS, and IP routing protocols, including ISIS, OSPF, and BGP.
• Basic knowledge of WDM transmission technology, OTN, SDH, Metro Ethernet architecture, Next Generation Packet transport technology, MEF 2.0 standards, and Ethernet switching technologies and protocols.
• Good understanding of fiber optic networks and Ethernet service types, with demonstrated troubleshooting and diagnostic capabilities.
• Exceptional customer relationship management skills.
• Strong verbal and written communication skills, with excellent planning and organisation skills.
• Experienced with services testing, including EtherSam, RFC2544, and Etherbert.

Embedded within the region's first Data Innovation Lab, the Access & Security Engineer leads the implementation of data discovery and control technologies across on-premise file shares, Microsoft Office 365, and Amazon AWS storage environments. Working closely with the risk organization, the engineer builds least privilege models for Active Directory and develops company-wide security best practices that protect critical systems and confidential data.

Core Functions

• Create role-based access policies and risk profiles for associated applications.
• Perform business analysis functions to ensure solutions meet business needs and risk organization requirements.
• Lead the implementation and use of technologies related to discovery, reporting, and control of confidential data in on-premise file shares, Microsoft Office 365, internet file storage facilities, and Amazon AWS storage environments.
• Develop a least privilege model for the primary Active Directory infrastructure and critical applications, and ensure tooling enforces policies and controls.
• Conduct an internal audit around Active Directory controls.
• Monitor cloud assets and networks for security issues.
• Install security measures and operate software to protect systems and infrastructure, including firewalls and data encryption programs.
• Develop company-wide best practices for IT security.
• Research security enhancements and make recommendations to management.
• Stay up-to-date on information technology trends and security standards.

Qualifications & Experience

• Bachelor's degree in computer science or a related field.
• Experience in information security or a related field.
• Experience with Microsoft Identity Management, computer network penetration testing, and techniques.
• Understanding of firewalls, proxies, SIEM, antivirus, and IDPS concepts.
• Ability to identify and mitigate network vulnerabilities, and explain how to avoid them.
• Understanding of patch management, with the ability to deploy patches promptly while understanding business impact.

Reporting to IT infrastructure leadership, the Identity and Access Engineer owns the Active Directory, Single Sign-On, and Network Access Control services and maintains the forest according to security policies. Partnering with infrastructure teams, the engineer delivers a centralised, secured user registration and authentication solution and supports disaster recovery planning across the environment.

Primary Duties

• Maintain Active Directory Forest according to security policies.
• Perform disaster recovery planning.
• Install and operate AD servers and infrastructure, and perform administration.
• Support the provision of a centralised, secured user registration and authentication solution, set up in accordance with the business organisational structure.
• Maintain accurate records and documentation.

Skills & Qualifications

• Experience in Active Directory administration.
• Experience in NAC services, file access management, and disaster recovery planning.
• Experience applying ITIL methodology and working in a virtualised environment.
• Knowledge of Storage Technologies and LAN/WAN Technologies.
• Some experience in application support.
• Able to work as part of a small team.
• Willing to work out of hours and attend remote sites.

Sitting at the intersection of IP access network design and build coordination, the Access Engineer shapes nodal diagrams for access and aggregation switches and produces the methods of procedure for IP network changes. Operating across Fiber, Radio, and IP Core teams, the engineer coordinates access network readiness and keeps physical and logical inventory aligned with the approved architecture.

Technical Responsibilities

• Produce nodal diagrams for all access/aggregation switches.
• Produce and implement the MOP for IP access network and IP network changes.
• Release the network design document to the relevant stakeholders for IP access build requirements.
• Ensure integration of Layer-2 and Layer-3 network elements as per the defined plan.
• Coordinate with the build team for access network readiness to meet enterprise/network requirements.
• Coordinate with Fiber, UBR/Radio, and IP Core teams for troubleshooting of access network devices for escalation cases, and ensure GCT of network devices is aligned with the approved architecture.
• Keep track of access network inventory, physical and logical, and close any gap between plan and build inventory.
• Interlock with cross-functional teams, including Service Delivery and Service Assurance, to resolve technical or operational issues needing planning support.
• Ensure data sanity in systems and the correctness of inventory in master databases.
• Plan ISP equipment and access network in a decent-sized network.

Technical Qualifications

• Experience creating network documents, site layouts, and integration plans.
• Exposure to enterprise access and implementation techniques.
• Good understanding of ISP network.
• Good in data network protocols and access technology, including ERPS, Active Stand By, SNMPV2-V3, IGMP V2-V3, IS-IS, BGP, and other L3 protocols.
• Strong knowledge of Ethernet technology.
• Strong communication and documentation skills, with a good attitude.

A key member of the identity and access management team, the Identity & Access Engineer builds and improves the identity lifecycle for employees and contractors, from provisioning through periodic reviews and deprovisioning. Collaborating across internal and external audit functions, the engineer implements automation tooling and next-generation authentication to keep regulated identity processes consistent and auditable.

Areas of Ownership

• Contribute to shaping the overall IAM strategy, policies, and procedures.
• Manage the identity lifecycle for employees and contractors, including provisioning, approval routing, periodic reviews, and deprovisioning.
• Review, improve, and optimize current identity governance processes.
• Implement specialized tooling to automate access requests and reviews.
• Develop identity self-service capabilities, such as password and credential management.
• Explore and implement next-gen authentication, such as passwordless paradigms.
• Support internal and external audits to ensure strong operational control over regulated identity management processes.

Requirements

• 4+ years of related experience.
• Technically oriented, with hands-on experience implementing IT tools, preferably identity lifecycle management solutions.
• Experience with identity technology platforms, such as Active Directory, Okta, or similar.
• Understanding of identity federation protocols, including SAML, OIDC, and OAuth, is a plus.
• Knowledge of scripting or data manipulation languages, including PowerShell, Python, or similar.
• A keen eye for process automation and process improvement.