Protect the organization’s identity infrastructure by designing, implementing, and operating secure authentication, authorization, and access controls
Focus on Microsoft Entra ID–centric identity security, including Conditional Access, privileged access, identity lifecycle automation, and identity-driven phishing protection
Serve as the first responder for identity-based security events and partner closely with Security Engineering and GRC to reduce breach risk while enabling secure business growth
Design, implement, and maintain secure identity architectures using Microsoft Entra ID
Manage user, group, device, and service-principal identity lifecycle controls
Enforce least-privilege access using role-based access control (RBAC)
Design and operate Conditional Access policies (MFA, device trust, location, risk-based access)
Implement passwordless and phishing-resistant authentication (FIDO2, TAP)
Maintain emergency access and break-glass account controls
Implement and operate Privileged Identity Management (PIM)
Reduce standing administrative privileges across Entra ID and Azure
Conduct periodic access and privilege reviews
Automate joiner/mover/leaver processes using PowerShell and Microsoft Graph
Support access reviews and entitlement management
Integrate identity controls with HR and IT provisioning systems
Design and maintain email authentication controls (SPF, DKIM, DMARC)
Implement and manage Microsoft Defender for Office 365 anti-phishing policies
Lead identity-focused response to phishing events: Token revocation and forced sign-out
Monitor identity-related alerts and risky sign-in activity
Support investigations involving credential theft or unauthorized access

Requirements

Hands-on experience with Microsoft Entra ID (Azure AD)
Strong understanding of Conditional Access, MFA, and PIM
Proficiency with PowerShell and identity automation
Working knowledge of SAML, OAuth, OIDC, and modern authentication flows
Experience supporting security and compliance requirements
Experience supporting multi-tenant or multi-subsidiary environments
Familiarity with Microsoft Intune and Microsoft Defender integrations
Experience implementing passwordless authentication strategies
Experience managing Defender for Office 365 phishing protections
Microsoft security certifications (SC-300, AZ-500) or equivalent

Benefits

Choice of comprehensive medical plans (including two PPO-style plans and a HDHP w/ HSA option)
Flex spending accounts (FSA)
Dental and vision plans
Comprehensive medical, dental and vision benefits extended to spouse / domestic partner and dependent children up to age 26
401k with company match and self-directed brokerage account option
PTO including additional paid time off during the last week of the year
Company paid life insurance coverage for employees and their eligible dependents
Short and long-term disability, AD&D coverage
Professional development opportunities, tuition reimbursement and professional licensing assistance
Paid parental leave after one year of employment

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Microsoft Entra IDConditional AccessPrivileged Identity Management (PIM)PowerShellSAMLOAuthOIDCpasswordless authenticationidentity automationemail authentication controls

Soft Skills

collaborationproblem-solvingcommunicationleadership

Certifications

SC-300AZ-500