Are you ready for what’s next?  

Come explore opportunities within Brunswick, a global marine leader committed to challenging conventions and innovating next-generation technologies that transform experiences on the water and beyond.  Brunswick believes “Next Never Rests™,” and we offer a variety of exciting careers and growth opportunities within united teams defining the future of marine recreation. 

Primary Purpose

We are hiring a Senior Identity and Access Management (IAM) Engineer specializing in Directory Services, with deep engineering expertise in Active Directory, Azure AD (Entra ID), and hybrid identity architectures. This role goes beyond configuration: you will engineer resilient and scalable directory synchronization, federation, and Zero Trust-ready identity infrastructure, including complex coexistence between AD, Azure AD, and Okta, while enabling secure access across cloud ecosystems like AWS and GCP. You will also lead the transition of legacy Oracle directory services into a future state anchored in Azure AD and Okta, driving modernization and integration across the enterprise.

Principal Duties and Responsibilities

Directory Engineering & Coexistence: Architect and manage synchronization between Active Directory, Azure AD, and Okta, including Azure AD Connect, Cloud Sync, and Okta AD Agent. Engineer identity normalization and conflict resolution across directories. Lead integration and deprecation planning for legacy Oracle Directory Services.

Federation & Authentication Infrastructure: Implement and troubleshoot SSO, MFA, and federation across cloud and on-prem systems using SAML, OIDC, OAuth2, Kerberos, and LDAP. Resolve deep protocol-level issues for seamless identity assertions and claims transformation.

Hybrid Identity Architecture: Design solutions for hybrid identity scenarios, including multi-forest AD, tiered trust models, OU filtering, and custom attribute mapping. Develop policies for entitlement inheritance, group scoping, and role-based access control (RBAC). Strategically lead the convergence of on-prem identity sources into Azure AD and Okta as the long-term control plane.

Policy Engineering & Break-Glass Access: Enforce tiered administration, emergency access (break-glass) strategies, and Just-in-Time (JIT) access models. Design policy enforcement frameworks for device trust, geo-based access, and PIM/PAM escalation paths.

Security Hardening & Resilience: Implement domain controller hardening, Kerberos security auditing, FSMO monitoring, and replication health checks. Define resilience engineering plans, including forest recovery, offline access, and AD restore procedures. Migrate legacy directory dependencies to modern, policy-enforced platforms.

Cloud Platform Integration: Extend AD and Azure AD into AWS Managed AD, Simple AD, GCP Cloud Identity, and support enterprise-wide SaaS federation. Architect secure cross-cloud identity federation and dynamic provisioning via SCIM and Graph APIs.

IAM Automation & Tooling: Build scalable automation using PowerShell, Python, and identity-related APIs. Automate provisioning, dynamic group management, access requests, license allocation, and compliance logging. Monitor sync engine health with custom dashboards.

Operational Excellence & Documentation: Lead incident response for identity service outages. Maintain runbooks, architecture diagrams, and escalation playbooks. Provide technical mentorship to IAM engineers and assist in policy governance reviews.

Collaboration with IGA & PAM: Partner with SailPoint, CyberArk, and application owners to ensure holistic identity lifecycle. Design connectors, manage service accounts, and align provisioning logic between systems.

Required Qualifications:

7+ years in engineering enterprise Active Directory, including domain/forest architecture, GPOs, and trust models.

5+ years in Azure AD/Entra ID design, sync, and governance, including Conditional Access and Graph API integration.

Strong experience integrating AD/Azure AD with Okta (UD, AD agent, lifecycle automation, policy mapping).

Experience with Oracle Directory Services (OID/OUD) and decommissioning or integrating legacy identity stores.

Deep knowledge of SAML, OIDC, OAuth 2.0, LDAP, Kerberos authentication flows.

Proficient in PowerShell (required), with experience in Python, REST API scripting, and monitoring/alerting integration.

Experience implementing and reviewing break-glass accounts, offline access, and Zero Trust-ready fallback paths.

Preferred Qualifications:

Certifications: Okta Certified Administrator/Consultant, Microsoft Identity & Access Administrator, or AWS Security.

Hands-on experience with SailPoint IdentityNow, CyberArk Core/EPM, or equivalent.

Familiarity with Zero Trust architecture, passwordless authentication, and risk-adaptive controls.

Exposure to CI/CD pipelines, policy-as-code, and IAM-as-code practices.

Strong communication, documentation, and cross-functional collaboration skills.

Travel Requirements:

Occasional travel may be required for planning sessions, audits, or architecture workshops.

The anticipated pay range for this position is $100,900 - $160,800 annually. The actual base pay offered will vary depending on multiple factors including job- related knowledge/skills, relevant experience, business needs, and geographic location. In addition to base pay, this position is eligible for an annual discretionary bonus.

At Brunswick, it is not typical for an individual to be hired at or near the top end of the salary range for their role. Compensation decisions are dependent upon the specifics of the candidate’s qualifications and the business context.

This position is eligible to participate in Brunswick's comprehensive and high-quality benefits offerings, including medical, dental, vision, paid vacation, 401k (up to 4% match), Health Savings Account (with company contribution), well-being program, product purchase discounts and much more. Details about our benefits can be found here.

Why Brunswick: 

Whatever tomorrow brings, we’ll be at the leading edge.  As the clear leader in the marine industry, we’re committed to our values and supporting our exceptional people. We offer and encourage growth opportunities within and across our many brands. In addition, we’re proud of being recognized for making a splash with numerous awards! 

About Brunswick:  

Brunswick Corporation is a leader in the marine industry, and we’re looking for people just like you to take part in the movement towards better boating for all. We rely on the thoughtful input of people from all backgrounds to create compelling, innovative products for our customers around the globe. As such, diversity, equity, and inclusion are priorities in the enduring culture of our company. As a world leader in emerging recreational products and technologies, when you join our team, you become part of some of the most innovative, forward-looking brands in the marine industry today.   

Next is Now!  

We value growth and development, recognizing that people come with a wealth of experience and talent beyond just the technical requirements of a job. If your experience is close to what you see listed here, please still consider applying.

Brunswick is an Equal Opportunity Employer and considers all qualified applicants for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, protected veteran status or any other characteristic protected by federal, state, or local law.  Diversity of experience and skills combined with passion is key to innovation and inspiration and we encourage individuals from all backgrounds to apply.  If you require accommodation during the application or interview process, please contact hrsharedservices@brunswick.com for support. 

For more information about EEO laws, - click here

Brunswick and Workday Privacy Policies

Brunswick does not accept applications, inquiries or solicitations from unapproved staffing agencies or vendors. For help, please contact our support team at: hrsharedservices@brunswick.com or 866-278-6942.

All job offers will come to you via the candidate portal you create when applying through a posted position through https:///www.brunswick.com/careers.  If you are ever unsure about what is being required of you during the application process or its source, please contact HR Shared Services at 866-278-6942 or HRSharedServices@brunswick.com.

#Brunswick Corporation