• Sr. Engineer, Directory Services

    Brunswick (Mettawa, IL)


    _Are you ready for what’s next?_

     

    _Come explore opportunities within Brunswick, a global marine leader (https://youtube.com/watch?v=ksuQ6B2j\_mA) committed to challenging conventions and innovating next-generation technologies that transform experiences on the water and beyond. Brunswick believes “Next Never Rests™,” and we offer a variety of exciting careers and growth opportunities within united teams defining the future of marine recreation._

     

    Primary Purpose

     

    We are hiring a **Senior Identity and Access Management (IAM) Engineer** specializing in **Directory Services** , with deep engineering expertise in **Active Directory** , **Azure AD (Entra ID)** , and hybrid identity architectures. This role goes beyond configuration: you will engineer resilient and scalable directory synchronization, federation, and Zero Trust-ready identity infrastructure, including complex coexistence between **AD, Azure AD, and Okta** , while enabling secure access across cloud ecosystems like **AWS and GCP** . You will also lead the transition of legacy Oracle directory services into a future state anchored in Azure AD and Okta, driving modernization and integration across the enterprise.

    Principal Duties and Responsibilities

    + **Directory Engineering & Coexistence** : Architect and manage synchronization between **Active Directory** , **Azure AD** , and **Okta** , including **Azure AD Connect** , **Cloud Sync** , and **Okta AD Agent** . Engineer identity normalization and conflict resolution across directories. Lead integration and deprecation planning for legacy **Oracle Directory Services** .

    + **Federation & Authentication Infrastructure** : Implement and troubleshoot **SSO, MFA** , and federation across cloud and on-prem systems using **SAML, OIDC, OAuth2, Kerberos** , and **LDAP** . Resolve deep protocol-level issues for seamless identity assertions and claims transformation.

    + **Hybrid Identity Architecture** : Design solutions for hybrid identity scenarios, including **multi-forest AD** , **tiered trust models** , **OU filtering** , and **custom attribute mapping** . Develop policies for **entitlement inheritance** , **group scoping** , and **role-based access control (RBAC)** . Strategically lead the convergence of on-prem identity sources into **Azure AD and Okta** as the long-term control plane.

    + **Policy Engineering & Break-Glass Access** : Enforce **tiered administration** , **emergency access (break-glass)** strategies, and **Just-in-Time (JIT)** access models. Design policy enforcement frameworks for **device trust** , **geo-based access** , and **PIM/PAM escalation paths** .

    + **Security Hardening & Resilience** : Implement **domain controller hardening** , **Kerberos security auditing** , **FSMO monitoring** , and **replication health checks** . Define **resilience engineering plans** , including **forest recovery** , **offline access** , and **AD restore procedures** . Migrate legacy directory dependencies to modern, policy-enforced platforms.

    + **Cloud Platform Integration** : Extend AD and Azure AD into **AWS Managed AD** , **Simple AD** , **GCP Cloud Identity** , and support enterprise-wide SaaS federation. Architect secure cross-cloud identity federation and dynamic provisioning via **SCIM and Graph APIs** .

    + **IAM Automation & Tooling** : Build scalable automation using **PowerShell** , **Python** , and identity-related APIs. Automate provisioning, dynamic group management, access requests, license allocation, and compliance logging. Monitor sync engine health with custom dashboards.

    + **Operational Excellence & Documentation** : Lead incident response for identity service outages. Maintain runbooks, architecture diagrams, and escalation playbooks. Provide technical mentorship to IAM engineers and assist in policy governance reviews.

    + **Collaboration with IGA & PAM** : Partner with **SailPoint** , **CyberArk** , and application owners to ensure holistic identity lifecycle. Design connectors, manage service accounts, and align provisioning logic between systems.

    Required Qualifications:

    + 7+ years in engineering enterprise **Active Directory** , including domain/forest architecture, GPOs, and trust models.

    + 5+ years in **Azure AD/Entra ID** design, sync, and governance, including **Conditional Access** and **Graph API integration** .

    + Strong experience integrating AD/Azure AD with **Okta** (UD, AD agent, lifecycle automation, policy mapping).

    + Experience with **Oracle Directory Services** (OID/OUD) and decommissioning or integrating legacy identity stores.

    + Deep knowledge of **SAML, OIDC, OAuth 2.0, LDAP, Kerberos** authentication flows.

    + Proficient in **PowerShell** (required), with experience in **Python** , **REST API scripting** , and **monitoring/alerting integration** .

    + Experience implementing and reviewing **break-glass accounts** , **offline access** , and **Zero Trust-ready fallback paths** .

    Preferred Qualifications:

    + Certifications: **Okta Certified Administrator/Consultant** , **Microsoft Identity & Access Administrator** , or **AWS Security** .

    + Hands-on experience with **SailPoint IdentityNow** , **CyberArk Core/EPM** , or equivalent.

    + Familiarity with **Zero Trust architecture** , **passwordless authentication** , and **risk-adaptive controls** .

    + Exposure to **CI/CD pipelines** , **policy-as-code** , and **IAM-as-code** practices.

    + Strong communication, documentation, and cross-functional collaboration skills.

    Travel Requirements:

    Occasional travel may be required for planning sessions, audits, or architecture workshops.

     

    The anticipated pay range for this position is $100,900 - $160,800 annually. The actual base pay offered will vary depending on multiple factors including job- related knowledge/skills, relevant experience, business needs, and geographic location. In addition to base pay, this position is eligible for an annual discretionary bonus.

     

    At Brunswick, it is not typical for an individual to be hired at or near the top end of the salary range for their role. Compensation decisions are dependent upon the specifics of the candidate’s qualifications and the business context.

     

    This position is eligible to participate in Brunswick's comprehensive and high-quality benefits offerings, including medical, dental, vision, paid vacation, 401k (up to 4% match), Health Savings Account (with company contribution), well-being program, product purchase discounts and much more. Details about our benefits can be found here (https://www.brunswick.com/careers/culture-benefits/benefits) .

    Why Brunswick:

    Whatever tomorrow brings, we’ll be at the leading edge. As the clear leader in the marine industry, we’re committed to our values and supporting our exceptional people. We offer and encourage growth opportunities within and across our many brands. In addition, we’re proud of being recognized for making a splash with numerous awards (https://www.brunswick.com/careers) !

    About Brunswick:

    Brunswick Corporation is a leader in the marine industry, and we’re looking for people just like you to take part in the movement towards better boating for all. We rely on the thoughtful input of people from all backgrounds to create compelling, innovative products for our customers around the globe. As such, diversity, equity, and inclusion are priorities in the enduring culture of our company. As a world leader in emerging recreational products and technologies, when you join our team, you become part of some of the most innovative, forward-looking brands in the marine industry today.

     

    _Next is Now!_

     

    _We value growth and development, recognizing that people come with a wealth of experience and talent beyond just the technical requirements of a job. If your experience is close to what you see listed here, please still consider applying._

     

    Brunswick is an Equal Opportunity Employer and considers all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other characteristic protected by federal, state, or local law. Diversity of experience and skills combined with passion is key to innovation and inspiration and we encourage individuals from all backgrounds to apply. If you require accommodation during the application or interview process, please contact [email protected] for support.

     

    For more information about EEO laws, - click here (https://www.eeoc.gov/employees-job-applicants)

     

    Brunswick and Workday (https://www.workday.com/en-us/service-privacy.html?&\_rda=/company/service\_privacy.php) Privacy Policies

     

    Brunswick does not accept applications, inquiries or solicitations from unapproved staffing agencies or vendors. For help, please contact our support team at: [email protected] or 866-278-6942.

     

    All job offers will come to you via the candidate portal you create when applying through a posted position through https:///www.brunswick.com/careers . If you are ever unsure about what is being required of you during the application process or its source, please contact HR Shared Services at 866-278-6942 or [email protected] .

     

    \#Brunswick Corporation