Senior Identity Engineer - McLean, Virginia, United States

When you join Sunrise Senior Living, you will be able to use your unique skills to empower residents to live longer, healthier, and happier lives. Not only will you build meaningful relationships with residents, their families, and team members alike, you will also gain joy in se ...

Job description

When you join Sunrise Senior Living, you will be able to use your unique skills to empower residents to live longer, healthier, and happier lives. Not only will you build meaningful relationships with residents, their families, and team members alike, you will also gain joy in serving others and deep fulfillment in your work. Explore how you can follow your passions and shed light on meaningful ways to serve, grow, and shine together.

Sunrise Senior Living was again certified as a Great Place to Work by Activated Insights. This is the 8th time Sunrise has received this top culture and workplace designation, highlighting the special place Sunrise is to be a part of.

COMMUNITY NAME

Community Support Office

Job ID

JOB OVERVIEW

The Senior Identity Engineer is a hands-on technical owner for Sunrise's enterprise Identity & Access Management (IAM) platform across Hybrid Active Directory and Microsoft Entra ID, with a roadmap to fully migrate to Entra and offload legacy authentication mechanisms. The role owns application onboarding to SSO, HRIS-driven identity lifecycle automation, privileged and group access models, Conditional Access policy design, self-service password reset and passwordless authentication, while establishing robust monitoring, documentation and stakeholder training.

RESPONSIBILITIES & QUALIFICATIONS

Essential Duties

As a part of the Sunrise team, supporting our Mission, Principles of Service and Core Values is a fundamental part of this job. Our foundational belief is the sacred value of human life. The unique responsibilities for this role include but are not limited to the essential functions listed as follows:

• Operate and improve hybrid identity (on-prem Active Directory and Entra ID), directory synchronization, and domain/namespace hygiene; plan and execute a staged migration toward an Entra-first model.
• Lead deprecation of legacy authentication schemes (e.g., ADFS where appropriate), migrate applications to modern federation protocols (SAML, OAuth, OIDC), and document cutover and rollback procedures.
• Own intake and integration patterns for single sign-on (SSO) across enterprise and third-party applications; enforce standards for claims, groups, roles, and provisioning, and maintain a service catalog.
• Implement and maintain HR-driven joiner, mover, and leaver (JML) workflows using SCIM, APIs, or ETL processes, including authoritative source mapping, attribute governance, and automated access grants and revocations.
• Design role-based access control (RBAC) models and dynamic group strategies; codify least-privilege access patterns across directories, applications, and data.
• Engineer policies for device and user risk, network and location-based controls, and session management; manage authentication methods such as push notifications, TOTP, FIDO2, passkeys, and certificate-based authentication.
• Define the roadmap for passwordless authentication adoption, implement solutions for targeted populations, and track adoption, support needs, and exceptions.
• Build and maintain automation using Python and PowerShell for provisioning, policy enforcement, reporting, and configuration drift detection; manage scripts and runbooks in source control.
• Publish standards, reference integrations, and training materials for IT, HR, and application teams; provide office hours and targeted workshops.
• Maintain compliance in assigned required training and all training required by state/province or other regulating authorities as applicable to this role to ensure that Sunrise standards are always met.
• Perform other duties as assigned.

Core Competencies

• Excellent written and oral communication skills.
• Strong critical thinking, analytical reasoning, and thought leadership skills.
• Ability to bridge engineering, product, security, and operations teams to align on goals and foster a culture of shared responsibility.
• Project management skills.

Experience and Qualifications

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed throughout this job description are representative of the knowledge, skills, and abilities required.

• Programming experience in Python (or similar) and strong PowerShell skills for directory and application automation.
• Deep experience with Active Directory, Azure Active Directory / Entra ID, and hybrid identity architectures.
• Hands-on experience with SAML, OAuth 2.0, and OpenID Connect (OIDC), including token and claim design, scopes, consent, refresh and PKCE flows, and session management.
• Experience designing, operating, and decommissioning ADFS or similar platforms, including secure migration to modern authentication.
• Proven ability to onboard and maintain large numbers of enterprise applications, standardizing metadata, attribute mappings, and provisioning workflows.
• Experience with HRIS-driven JML processes, SCIM or API-based provisioning and deprovisioning, orphaned account controls, and access recertification support.
• Policy design, testing, rollout, and exception handling experience, including passwordless authentication approaches such as FIDO2 and passkeys.
• Exposure to regulated environments (e.g., HIPAA, SOC 2) and experience supporting audits.
• Experience using REST APIs or Microsoft Graph API for advanced automation and reporting.
• Bachelor's degree in Computer Science, Engineering, or a related field, or equivalent practical experience.

ABOUT SUNRISE

Ready to take the next step and make a bigger impact than you ever imagined? As part of our team, you will help brighten the future for everyone at Sunrise and beyond. That is why we make it a priority to celebrate the unique ways you bring moments of togetherness and joy to everyone you serve. And when combined with the support, benefits, and growth opportunities we offer, the result is a career that PositivelyShines with everything you need to reach your goals – at work and in your life.

We also offer benefits and other compensation that include:

• Medical, Dental, Vision, Life, and Disability Plans
• Retirement Savings Plans
• Employee Assistant Program / Discount Program
• Paid time off (PTO), sick time, and holiday pay
• myFlexPay offered to get paid within hours of a shift 
• Tuition Reimbursement
• In addition to base compensation, Sunrise may offer discretionary and/or non-discretionary bonuses. The eligibility to receive such a bonus will depend on the employee's position, plan/program offered by Sunrise at the time, and required performance pursuant to the plan/program.
• Some benefits have eligibility requirements

Apply today to learn why Sunrise Senior Living is a certified Great Place to Work

PRE-EMPLOYMENT REQUIREMENTS

Sunrise considers the health and safety of its residents, family members, and team members among its highest priorities.  Employment with Sunrise is contingent upon completing and passing a drug test (which does not include marijuana) and Tuberculosis Test, and a physical evaluation and a background check where required.  Covid-19 and Influenza vaccination may be required if mandated by applicable federal, state, and local laws and authorities.

COMPENSATION DISCLAIMER

Selected candidates will be offered competitive compensation based on geographic location of community/office, skills, experience, qualifications, and certifications/licenses (where applicable).