We are seeking an Entra ID Engineer with expertise in Conditional Access, MFA, PIM, and identity integrations. The role focuses on configuring and optimizing Entra ID policies, securing user access, integrating with endpoint and app systems, and providing advanced troubleshooting for identity and authentication issues.
Primary Responsibilities
- Configure and tune Conditional Access (CA) policies per persona, application, and risk level.
- Enable and optimize Identity Protection (user risk, sign-in risk, token risk).
- Build and support Privileged Identity Management (PIM) roles, JIT workflows, approval chains, and access lifecycle processes.
- Integrate device signals from Intune and EDR (Defender for Endpoint or equivalent) with Entra ID.
- Implement emergency break-glass accounts and monitoring controls.
- Support legacy-to-modern authentication migrations for in-scope applications.
- Provide L3 advanced troubleshooting for authentication, MFA, token, device compliance, and CA evaluation issues.
- Partner with application owners for SSO configuration (SAML, OIDC, OAuth).
- Analyze identity logs, token flows, risky sign-ins, and CA failures to ensure secure and smooth access.
Required Skills
- Hands-on experience with Entra ID (Azure AD) Conditional Access, MFA, and PIM.
- Integration knowledge with Intune, EDR, and SSO-enabled applications.
- Expertise in advanced authentication troubleshooting and token flow analysis.
- Strong understanding of identity security, access lifecycle, and risk management.