Identity & Access Management (IAM) Engineer – Enterprise Technology Infrastructure in Houston, Texas at Hines

When you join Hines, you will embark on a career journey fueled by vision and guided by leaders who set the standards of our industry. Our legacy is rooted in innovation and excellence, earning us a spot on Fast Company’s esteemed annual list of the World’s Most Innovative Companies, as well as recognition as one of U.S. News & World Report’s Best Companies to Work For in 2024. Discover endless opportunities to grow and make your mark at Hines.

As a Identity & Access Management (IAM) Engineer – Enterprise Technology Infrastructure with Hines, you will support, modernize, and continuously improve our enterprise identity and access infrastructure of the firm. This role will focus on Entra ID (Azure AD) and Active Directory, with additional responsibility supporting enterprise messaging platforms including Microsoft 365 (Exchange Online and Hybrid) and secure email gateways.The ideal candidate brings a strong AI-first mindset, proactively leveraging AI tools and automation to enhance operational efficiency, strengthen security posture, and elevate the end-user experience. This role is not just about maintaining identity systems—it’s about rethinking how identity and access are managed through intelligent tooling, automation, and continuous optimization. Responsibilities include, but are not limited to:

Identity & Access Management

• Administer and optimize Entra ID (Azure AD) and on-premises Active Directory
• Design and implement identity solutions including:
• Configure and manage Single Sign-On (SSO) integrations in Entra ID for SaaS and enterprise applications (SAML, OIDC, OAuth)
• Administer and maintain Enterprise Applications in Entra ID, including application onboarding, access assignment, and lifecycle management
• Troubleshoot SSO, federation, and application authentication issues across internal and third-party platforms
• Partner with application owners to design and implement secure, scalable authentication and authorization models
• Multi-Factor Authentication (MFA)
• Conditional Access policies
• Identity Protection and risk-based access controls
• Manage and enforce Privileged Identity Management (PIM), including role activation, just-in-time access, and privileged access governance
• Manage identity lifecycle processes (joiner, mover, leaver)
• Implement and enforce least privilege access and role-based access control (RBAC)
• Troubleshoot complex authentication, federation, and directory-related issues
• Support directory synchronization and hybrid identity configurations

Security & Compliance

• Apply Zero Trust principles across identity and access controls
• Monitor, investigate, and respond to identity-related threats and anomalies
• Support access reviews, certifications, and identity governance initiatives
• Partner with security and compliance teams on audit readiness, risk mitigation, and policy enforcement

Messaging & Email Infrastructure (Supporting Responsibility)

• Support Microsoft 365 (Exchange Online) environments and core messaging functionality
• Assist with troubleshooting mail flow issues and email-related incidents
• Maintain awareness of email security controls and authentication standards (SPF, DKIM, DMARC)

AI-First Operations & Automation

• Apply an AI-first approach to problem solving, leveraging tools such as Microsoft Copilot and AI-assisted scripting to accelerate analysis and resolution
• Design and implement automation solutions to reduce manual effort and improve reliability (PowerShell, workflows, orchestration tools)
• Use AI to enhance troubleshooting, anomaly detection, and root cause analysis
• Identify and lead opportunities to embed AI across identity, messaging, and security operations
• Stay current on emerging AI capabilities within Microsoft 365, Azure, and enterprise IT ecosystems and translate them into practical use cases

Documentation, Diagramming & Knowledge Management

• Create and maintain clear, structured technical documentation for systems, processes, and configurations
• Develop architecture and process diagrams using tools such as Microsoft Visio (or similar) to illustrate identity flows, access models, and integrations
• Ensure documentation reflects current-state and future-state designs to support scalability and knowledge transfer
• Contribute to internal knowledge bases and operational runbooks

Collaboration & Continuous Improvement

• Work cross-functionally with security, infrastructure, and application teams
• Proactively identify opportunities for system optimization, automation, and risk reduction
• Continuously improve identity security posture and user access experience
• Participate in on-call support rotation as needed

Minimum Requirements include:

• Bachelor's degree from an accredited institution

• Five or more years of experience in Identity & Access Management and enterprise IT environments

• Strong expertise in:

  • Entra ID (Azure AD)

  • Active Directory (on-premises)

  • Hands-on experience with Conditional Access, MFA, SSO, and RBAC

  • Experience supporting Microsoft 365 / Exchange environments

  • Familiarity with email security solutions (e.g., Cisco IronPort or similar)

  • Strong PowerShell scripting skills for automation

  • Solid understanding of identity security principles (Zero Trust, least privilege)

  • Proven ability to troubleshoot complex identity and access issues

• Experience with identity governance and access review processes

• Hands-on experience with Privileged Identity Management (PIM) and privileged access strategies

• Familiarity with Microsoft security and compliance tools

• Experience implementing or supporting AI tools in IT operations

• Hands-on experience with Microsoft Copilot or similar AI platforms

• Knowledge of email authentication and security best practices

• Relevant certifications (Microsoft 365, Azure, Security, etc.)

At Hines, we strive for excellence as a leading global real estate investment manager, driven by our by our belief that real estate is fundamentally about people. Our diverse portfolio spans $93.2 billion¹ of assets across such property types as living, office, retail, mixed-use, logistics and life science projects – all designed to enhance value, connection and inspiration. Our strategic approach integrates local expertise with global knowledge, taking calculated risks aligned with our convictions to exceed expectations and tailor solutions to our clients' needs.

While our projects are renowned for enhancing cities and pioneering sustainable practices, we recognize that the true driving force behind Hines' success is our 5,000 dedicated employees in 30 countries who draw on our 65-year history to build the world forward. This is why we prioritize investing in our people, offering comprehensive training, competitive compensation, robust benefits and generous vacation packages. By centering our focus on the growth and wellbeing of our team, we cultivate an inclusive environment where everyone, including our clients, can thrive.

Hines is proud to be named to Fast Company’s prestigious annual list of the World’s Most Innovative Companies for 2024. ¹Includes both the global Hines organization and RIA AUM as of December 31, 2023.

We are an equal opportunity employer and support workforce diversity.

No calls or emails from third parties at this time please.

Closing

Hines is a global real estate investment, development and property manager. The firm was founded by Gerald D. Hines in 1957 and now operates in 28 countries. We manage a $92.3B¹ portfolio of high-performing assets across residential, logistics, retail, office and mixed-use strategies. Our local teams serve 634 properties totaling over 225 million square feet globally. We are committed to a net zero carbon target by 2040 without buying offsets. To learn more about Hines, visit www.hines.com and follow @Hines on social media. ¹Includes both the global Hines organization as well as RIA AUM as of June 30, 2022.

Visit www.hines.com for more information.

We are an equal opportunity employer and support workforce diversity.

No calls or emails from third parties at this time please.