Entra ID Specialist - Systems Integrator

Are you looking for an exciting new opportunity? 
Join a forward-thinking technology solutions provider that goes beyond setting up infrastructure to build the foundations businesses need to evolve and grow. Since 1991, the company has partnered with organizations seeking to enhance their competitiveness by delivering efficient technological solutions and expert, human-centered guidance. With a deep understanding of both the private and public sectors, they transform business challenges into innovative IT solutions that drive real results.

Ready to make a move? Get in touch and apply today!

Responsibilities:

• Lead discovery sessions and translate business and security requirements into Entra ID architecture.
• Design and configure Microsoft Entra External ID (B2B/B2C-style user flows and/or custom policies).
• Manage application registrations, redirect/logout URIs, scopes, roles, token design, and session management (PKCE, cookie policies).
•  Implement Conditional Access baselines and plan phased MFA enablement while maintaining break-glass account policies.
• Automate provisioning, synchronization, and deprovisioning of users via Microsoft Graph API and PowerShell.
• Build monitoring and audit pipelines (e.g., to Sentinel) and implement risk-based alerts for authentication events.
• Deliver architecture documentation, runbooks, and training materials for internal teams.

Skills/Must have:

• 5+ years in Identity & Access Management, 3+ years with Microsoft Entra ID (Azure AD) focusing on External Identities (B2B/B2C).
• Mastery of OpenID Connect and OAuth 2.0 (Authorization Code + PKCE, On-Behalf-Of, Client Credentials) and solid understanding of SAML 2.0 for legacy SPs.
• Advanced knowledge of Conditional Access, MFA enforcement, risk-based access, and RBAC. Experience configuring secure tenant baselines (throttling, lockouts, non-enumeration).
• Proficiency in PowerShell, Azure CLI, and Microsoft Graph API for bulk operations, policy management, and configuration as code (Bicep/Terraform preferred).
• Proven ability to implement automated joiner-mover-leaver workflows, attribute normalization, deprovisioning SLAs, and access reviews.
• Skilled in configuring diagnostic settings, exporting sign-in logs to Microsoft Sentinel, and building custom alerts for suspicious sign-in events.
• Able to manage multi-environment rollouts (dev/test/prod), produce clear documentation, and collaborate with cross-functional teams.

Salary:

• Negotiable