Modern Workplace Identity Platform Engineer

Responsibilities

• Manage and support Microsoft Entra ID identity services.
• Administer users, groups, dynamic groups, administrative units, roles, and directory objects.
• Support authentication methods including MFA, passwordless authentication, and modern authentication.
• Configure and maintain Conditional Access policies.
• Support identity protection, risky users, risky sign-ins, and related remediation processes.
• Maintain identity platform documentation, operational procedures, and troubleshooting guides.
• Support enterprise application integrations using SAML, OAuth 2.0, OIDC, and SCIM.
• Configure and troubleshoot Single Sign-On integrations.
• Manage app registrations, service principals, redirect URIs, API permissions, certificates, and secrets.
• Troubleshoot authentication and authorization issues such as failed sign-ins, token problems, consent issues, redirect loops, and claims mapping problems.
• Work with application teams to define secure identity integration patterns.
• Support joiner, mover, leaver, contractor, guest, and admin identity processes.
• Implement and maintain lifecycle workflows and provisioning logic.
• Support automated user and group provisioning using Microsoft Graph, SCIM, and identity governance tools.
• Identify and clean up stale users, groups, guests, app assignments, and orphaned access.
• Help standardize identity lifecycle processes across platforms and business units.
• Support access reviews, entitlement management, access packages, and approval workflows.
• Assist with privileged access management using Microsoft Entra PIM.
• Monitor and report on privileged roles, standing access, stale assignments, and access drift.
• Produce reports showing who has access to what across users, groups, applications, and roles.
• Support audit and compliance evidence collection.
• Build and maintain PowerShell scripts using Microsoft Graph.
• Automate recurring identity operations, reporting, validation, and remediation tasks.
• Support automation using Azure Automation, Azure Functions, Logic Apps, or pipeline-based workflows.
• Create repeatable scripts for provisioning, cleanup, reporting, access validation, and operational checks.
• Maintain automation code in a structured and documented way.
• Support Entra-joined, hybrid-joined, and registered device identity scenarios.
• Collaborate with endpoint management teams on device compliance signals used by Conditional Access.
• Troubleshoot access issues related to device identity, compliance state, and authentication requirements.
• Ensure device-based access controls align with identity and security policies.

Qualifications

• At least 3 years of professional experience with Microsoft Entra ID.
• Technical education with a Bachelor’s degree is required.
• Master’s degree is good to have.
• Experience with Microsoft Entra ID / Azure AD.
• Good understanding of identity and access management concepts.
• Experience with Conditional Access, MFA, authentication methods, and enterprise applications.
• Experience with SSO using SAML, OAuth 2.0, or OIDC.
• Experience with app registrations, service principals, API permissions, secrets, and certificates.
• PowerShell scripting experience.
• Basic to intermediate Microsoft Graph API knowledge.
• Fluent English.
• Fluent local language.