Note: The job is a remote job and is open to candidates in USA. Dianthus Therapeutics, Inc. is focused on developing advanced therapies for severe autoimmune diseases. They are seeking a hands-on Systems Administrator with strong Identity and Access Management expertise to manage their identity platform and access governance program, ensuring secure access for various identities and supporting their SaaS and endpoint environments.
Responsibilities
- Own the full identify lifecycle including automated provisioning/deprovisioning, and timely access revocation
- Govern external identities: Entra External ID / B2B guest access, cross-tenant collaboration, access packages, and routine guest access reviews
- Manage non-human identities: service principles, managed identities workload identities, and service accounts, including credential rotation, secret/certificate lifecycle, federated credentials
- Administer ID platform; conditional access policies, new program rollouts, identity protection, risk-based access controls, and Privileged Identity Management (PIM)
- Design and operate SSO and SCIM provisioning integrations across the SaaS application portfolio
- Lead periodic access reviews and recertification campaigns; maintain least-privilege and role-based access control (RBAC) models across M365, Azure, and SaaS systems
- Manage privileged access: break-glass accounts, admin role assignments, just-in-time (JIT) elevation, and segregation of duties
- Establish and enforce external collaboration governance: which tenants can collaborate with Dianthus, what data can be shared, how guest accounts are sponsored, and how they are decommissioned
- Support IAM audit and compliance evidence collection
- Support the response to identity-related security events in partnership with the cyber team
- Manage the MDM/MAM environment for endpoints: configuration profiles, compliance policies, app deployment, enrollment, and remediation workflows
- Administer the Enterprise tenant including license management, security baselines, and DLP policies
- Provide day-to-day administration of the SaaS application portfolio, including user and license management, configuration changes, integration health monitoring, and vendor escalations
- Deliver escalated technical support to end-users across identity, endpoint, productivity, and SaaS application issues, ensuring a high-quality employee experience
- Support onboarding and offboarding automation, working with internal platforms and HR deliver a seamless, secure experience
- Partner with our managed services provider (MSP) on escalations, projects, and security operations
Skills
- 4+ years of hands-on systems administration experience, with at least 2 years with explicit IAM responsibility
- Strong understanding of IAM principles: identity lifecycle, RBAC, least privilege, separation of duties, access certification, and privileged access management
- Experience administering B2B / guest identities and external collaboration controls
- Working knowledge of non-human identity management: service principals, managed identities, workload identity federation, and secret/certificate rotation
- Experience designing and operating SSO and SCIM provisioning integrations for SaaS applications
- Experience with low-code automation platforms for workflow and integration automation
- Demonstrated experience providing technical support to end-users, with strong customer service orientation and communication skills
- Strong troubleshooting skills and a security-conscious, service-oriented mindset
- Experience in a regulated industry preferred. (biotech, pharma, healthcare, finance) with exposure to IAM audit controls
- Familiarity with GxP / 21 CFR Part 11 requirements for identify and access controls preferred
- Experience implementing or operating an Identity Governance & Administration (IGA) solution preferred
- Experience with secrets management platforms and integrating them into application workflows preferred
- Microsoft certifications: SC-300 (Identity and Access Administrator) strongly preferred; also MS-102, MD-102, or AZ-104
Benefits
- We are open to you working remotely.
Company Overview