Description

At Insmed, every moment and every patient counts - and so does every person who joins in. As a global biopharmaceutical company dedicated to transforming the lives of patients with serious and rare diseases, you'll be part of a community that prioritizes the human experience, celebrates curiosity, and values every person's contributions to meaningful progress. That commitment has earned us recognition as Science magazine's No. 1 Top Employer for five consecutive years, certification as a Great Place to Work® in the U.S., and a place on The Sunday Times Best Places to Work list in the UK.

For patients, for each other, and for the future of science, we're in. Are you?

About the Role:
The Identity and Access Management (IAM) Engineer II will be responsible for the implementation, administration, and continuous improvement of Insmed's enterprise identity services across Active Directory, Microsoft Entra ID, and federated multi-cloud and SaaS platforms. This role ensures identity systems operate in a secure, resilient, compliant, and audit-ready state while enabling modern authentication, automated lifecycle management, and least-privilege access. The position partners closely with Cybersecurity, Infrastructure & Operations, Enterprise Applications, Computer System Validation (CSV), and Quality Assurance (QA) teams to maintain a validated identity environment that supports regulatory requirements, operational resilience, and enterprise identity modernization initiatives. This role is accountable for centralized identity, authentication, and federation across platforms.

What You'll Do:

In this role, you'll have the opportunity to be involved with identity platform administration, access & authentication services, enterprise identity federation & multi-cloud integration, cybersecurity & identity protection, and automation & continuous improvement. You will also:

• Administer and support Active Directory Domain Services and Microsoft Entra ID, including user, group, and device identity management.
• Manage hybrid identity synchronization using Entra ID Connect / Cloud Sync, including troubleshooting provisioning and synchronization issues.
• Maintain directory health, replication, security configuration, and access governance controls. Implement and maintain SSO integrations using SAML, OIDC, OAuth, and LDAP.
• Configure and manage Conditional Access, Multi-Factor Authentication (MFA), and passwordless authentication policies. Support Privileged Identity Management (PIM) and enforce least-privilege access controls.
• Implement automated Joiner-Mover-Leaver lifecycle processes and identity governance workflows.
• Maintain federation between Active Directory, Microsoft Entra ID, AWS, GCP, and enterprise SaaS platforms. Troubleshoot authentication, federation, and provisioning issues across hybrid environments.
• Support identity integrations with enterprise platforms such as Workday, ServiceNow, AWS, Microsoft 365, and regulated applications.
• Partner with Cybersecurity to codify rules & investigate identity-related alerts around suspicious authentication activity, and access anomalies. Participate in incident response activities related to credential compromise or privileged access misuse. Implement identity security controls aligned with Zero Trust principles and enterprise security standards.
• Develop, maintain, and test identity platform disaster recovery (DR) and business continuity procedures. Validate backup, restore, and failover capabilities for directory services.
• Develop and maintain automation using PowerShell, Microsoft Graph, or scripting to reduce manual provisioning and touchpoints.

Who You Are:

You have a minimum of Bachelor's degree in Information Technology, Computer Science, or related discipline as well as 5+ years of experience supporting enterprise Identity & Access Management or Directory Services.

You are or you have:

• Strong hands-on experience with Active Directory (users, groups, GPOs, trusts, replication, and security administration).
• Hands-on experience with Microsoft Entra ID administration and hybrid identity design.
• Experience implementing SSO, MFA, Conditional Access, and identity lifecycle automation.
• Working knowledge of authentication and federation protocols (SAML, OAuth, OIDC, LDAP).
• Experience maintaining hybrid identity environments using Entra Connect or Cloud Sync.
• Hands-on experience supporting identity federation across AD, Entra ID, AWS, and GCP.
• Experience supporting identity security operations, incident response, or resilience planning.

Nice to have (but not required)

• Experience across Okta and Microsoft Entra ID.
• Experience in Life Sciences, Pharmaceutical, or other GxP-regulated environments.
• Familiarity with Microsoft 365 security and compliance capabilities.
• Experience automating identity workflows using PowerShell or Microsoft Graph API.
• Microsoft certifications such as: Identity and Access Administrator Associate, Azure Administrator Associate, and/or Windows Server / Active Directory.

Where You'll Work

This is a hybrid role based out of our Bridgewater, NJ office. You'll have the option to work remotely most of the time, with in-person collaboration when it matters most.

Travel Requirements

• Minimal travel expected.

#LI-EG1

#hybrid

Pay Range:

Life at Insmed

At Insmed, you'll find a culture as human as our mission-intentionally designed for the people behind it. You deserve a workplace that reflects the same care you bring to your work each day, with support for how you work, how you grow, and how you show up for patients, your team, and yourself.

Highlights of our U.S. offerings include:

• Comprehensive medical, dental, and vision coverage and mental health support, annual wellbeing reimbursement, and access to our Employee Assistance Program (EAP)
• Generous paid time off policies, fertility and family-forming benefits, caregiver support, and flexible work schedules with purposeful in-person collaboration
• 401(k) plan with a competitive company match, annual equity awards, and participation in our Employee Stock Purchase Plan (ESPP), and company-paid life and disability insurance
• Company Learning Institute providing access to LinkedIn Learning, skill building workshops, leadership programs, mentorship connections, and networking opportunities
• Employee resource groups, service and recognition programs, and meaningful opportunities to connect, volunteer, and give back

Eligibility for specific programs may vary and is subject to the terms and conditions of each plan.

Current Insmed Employees: Please apply via the Jobs Hub in Workday.

Insmed Incorporated is an Equal Opportunity employer. We do not discriminate in hiring on the basis of physical or mental disability, protected veteran status, or any other characteristic protected by federal, state, or local law. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Unsolicited resumes from agencies should not be forwarded to Insmed. Insmed will not be responsible for any fees arising from the use of resumes through this source. Insmed will only pay a fee to agencies if a formal agreement between Insmed and the agency has been established. The Human Resources department is responsible for all recruitment activities; please contact us directly to be considered for a formal agreement.

Insmed is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, please contact us by email at TotalRewards@insmed.com and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.

Applications are accepted for 5 calendar days from the date posted or until the position is filled.

For New York City Residents:

To assist in identifying candidates with qualifications matching those required and/or preferred for this role, Insmed uses an Automated Employment Decision Tool ("AEDT") that employs artificial intelligence to analyze and score information provided in resumes and application materials including, but not limited to, skills, work experience, education, and job-related qualifications. The AEDT does not make final hiring decisions and all final hiring decisions are subject to human oversight and/or review.

If you are an applicant for this role and a New York City resident, you have the right to request:

• A reasonable accommodation, if one is available under applicable law, by emailing TotalRewards@insmed.com; and/or
• An alternative selection process by emailing Privacy@insmed.com.
• Information about the type of data collected, the source of that data, and data retention practices related to the AEDT by emailing us at Privacy@insmed.com.