Senior Hybrid Identity and Security Engineer

About The Position

Requirements

• Deep knowledge of Microsoft Entra ID, Azure AD Connect, Conditional Access, PTA/PHS/SSO, federation, authentication methods, and RBAC management in Purview.
• Proficiency in security tools (e.g., Defender for Cloud, Security Center), hybrid identity architectures, and automation (PowerShell, Microsoft Graph).
• Strong understanding of IAM, Zero Trust, DevSecOps, and threat modeling.
• Familiarity with multi-cloud environments and integration with Microsoft 365 services.
• Excellent problem-solving, communication, and collaboration abilities.
• Ability to translate technical requirements into business-aligned solutions.

Nice To Haves

• Microsoft Certified: Security Engineer Associate or equivalent.
• Microsoft Certified: Identity and Access Administrator Associate (SC-300).
• Additional certifications in Entra ID, identity management, or Microsoft Purview are a plus.

Responsibilities

• Create, manage, and deploy provisioning configurations from on-premises Active Directory to Microsoft Entra ID using Cloud Provisioning and Azure AD Connect.
• Configure and troubleshoot pass-through authentication (PTA), password hash synchronization (PHS), seamless single sign-on (SSO), and federation settings.
• Monitor and resolve identity synchronization issues, including logs, while ensuring secure integration.
• Design, implement, and manage Role-Based Access Control (RBAC) policies within Microsoft Purview.
• Ensure appropriate access controls are in place for data governance, compliance, and privacy requirements.
• Collaborate with data owners and compliance teams to maintain least-privilege access and audit RBAC assignments regularly.
• Manage all aspects of Conditional Access policies in Entra ID, including creation, updates, deletions, and configuration of named locations.
• Enforce policies based on user risk, device state, location, and application to enhance access security.
• Update authentication contexts for RBAC and integrate with Microsoft 365 for compliant access.
• View, set, and reset authentication methods (including passwords, MFA, and FIDO2) for all users, including administrators and non-admins.
• Perform sensitive actions such as deleting/restoring users, forcing re-registration of credentials, revoking 'remember MFA on device,' and invalidating refresh tokens to prompt re-authentication.
• Manage service health monitoring, create support tickets in Microsoft 365 admin centers, and configure certificate authorities with PKI-based trust stores.
• Provide guidance on policies, blueprints, monitoring, and governance mechanisms.
• Conduct threat assessments, implement Zero Trust models, and ensure compliance with regulations (e.g., GDPR, HIPAA).
• Collaborate on incident response, vulnerability management, and integration of security into CI/CD pipelines.
• Use tools like Microsoft Sentinel, Microsoft Purview, and Defender suites to monitor posture, triage incidents, and optimize hybrid identity solutions.
• Automate workflows and conduct regular audits to minimize risks in enterprise environments.

Benefits

• Competitive Compensation & Total Rewards Incentives.
• Comprehensive Healthcare Coverage.
• Multiple 401(k) Savings Plan Options.
• Auto Enrollment in Employer-Directed Retirement Account Feature (100% employer-funded!).
• Generous Paid Time Off - Including 12 Paid Holidays, Volunteer Time Off and Paid Family Leave.
• Disability, Life, and Long Term Care Insurance.
• Tuition Reimbursement, Student Loan Repayment and Training & Certification Support.
• Wellness support including gym membership reimbursement and Employee Assistance Program resources (work/life support, financial & legal management).
• Caregiver and Mental Health Support Services.