Microsoft Entra ID & Active Directory Engineer
Job Description
Microsoft Entra ID (Advanced Implementation)
- Implement and optimize Conditional Access policies based on approved designs
- Support and operationalize:
- Risk‑based access policies
- Authentication Strengths and phishing‑resistant MFA
- Lead operational implementation of Privileged Identity Management (PIM):
- Role assignments
- Approval workflows
- Just‑in‑Time access configuration
- Secure application and workload identities:
- App registrations and service principals
- OAuth permission governance
On‑Prem Active Directory (Security & Hardening)
- Support and enforce AD security best practices:
- Tiered admin model (Tier 0 / 1 / 2)
- Privileged account separation
- Lead AD hardening activities:
- LAPS
- Protected Users
- Delegation and admin access restrictions
- Troubleshoot complex AD security and authentication issues
Hybrid Identity & Integration
- Support Entra Connect configuration and lifecycle management
- Assist in evaluating authentication models and hybrid trust decisions
- Support integration of identity with:
- Azure subscriptions
- Third‑party SaaS applications
Threat Detection & Operations
- Support CyberDefence team for Identity (MDI) investigations and tuning
- Act as a technical escalation point during identity‑related incidents
Collaboration & Mentoring
- Mentor mid‑level engineers and provide technical guidance
- Participate in design reviews and provide implementation feedback
- Work closely with Identity Architects, Security, and Platform teams
Qualifications
- 8–10 years of experience in identity and access management
- Strong hands‑on experience with:
- Microsoft Entra ID P2
- Conditional Access at scale
- Privileged Identity Management
- Active Directory security
- Experience supporting hybrid AD environments
- Advanced PowerShell scripting and automation
- Strong understanding of identity‑based attack techniques and mitigations
- Solid grasp of Zero Trust principles (implementation‑focused)
