System Administrator III

About The Position

Requirements

• 5+ years of IAM experience, with 3+ years focused on Microsoft Entra ID in a hybrid environment.
• Deep expertise in:
• Microsoft Entra ID and Active Directory
• Conditional Access, MFA, and Zero Trust identity controls
• Privileged Identity Management (PIM)
• Hybrid identity troubleshooting (sync, authentication, federation)
• Hands-on experience with ServiceNow (ITSM, identity workflows).
• Experience working with NetIQ identity governance or directory tools.
• Strong PowerShell and automation skills.
• Proven ability to lead incident response and security-focused identity initiatives.
• Security-first mindset with strong Zero Trust principles
• Advanced troubleshooting and analytical skills
• Strong collaboration with Security, Compliance, and Infrastructure teams
• Clear technical documentation and communication
• Ability to lead initiatives independently and influence identity strategy

Nice To Haves

• Microsoft certifications (preferred):
• SC-300 – Identity and Access Administrator
• SC-200 / SC-100 – Security
• AZ-104, MS-102
• Experience with:
• Entra ID Protection and identity risk management
• Defender for Cloud Apps integration
• Phishing-resistant MFA rollouts (FIDO2 / WHfB)
• ITIL-based operational environments
• Experience supporting regulated or highly audited environments.

Responsibilities

• Act as the Tier 3 escalation point for complex Entra ID, hybrid identity, and authentication incidents.
• Lead resolution of high-severity identity outages and security incidents (authentication failures, MFA bypass attempts, Conditional Access issues).
• Perform detailed root cause analysis (RCA) and implement long-term corrective and preventive actions.
• Drive identity-related Problem Management activities within ServiceNow.
• Provide technical leadership, mentoring, and knowledge transfer to Tier 1–2 support teams.
• Administer and secure Microsoft Entra ID and on‑prem Active Directory in a hybrid configuration.
• Support and troubleshoot Entra Connect / Cloud Sync:
• Attribute flow and sync rule issues
• Duplicate object resolution (soft/hard match)
• UPN, proxyAddress, and source anchor mismatches
• Partner with AD, PKI, networking, and endpoint teams to ensure identity dependencies remain secure and resilient.
• Design, implement, and maintain Conditional Access policies with a security-first approach:
• Risk-based access
• Device and platform restrictions
• Session controls and legacy authentication blocking
• Manage and optimize authentication methods, including:
• MFA (Authenticator, FIDO2, WHfB, OATH, Temporary Access Pass)
• Phishing-resistant authentication strategies
• Administer Privileged Identity Management (PIM):
• Eligible role assignments
• Approval workflows
• Just-in-time access
• Privileged access monitoring and alerts
• Investigate Entra ID Protection risk detections and coordinate remediation for risky users and sign-ins.
• Maintain and protect break-glass and emergency access accounts.
• Lead identity governance initiatives using:
• Access Reviews
• Entitlement Management / Access Packages
• Lifecycle and joiner-mover-leaver processes
• Utilize NetIQ identity tools to support:
• Identity lifecycle management
• Role-based access models
• Attestation and access certification workflows
• Ensure identity controls align with regulatory and audit requirements (SOX, SOC 2, ISO, HIPAA, etc.).
• Provide audit evidence, logging, and reporting for identity-related controls.
• Integrate and secure enterprise and SaaS applications using Entra SSO:
• SAML, OAuth 2.0, OpenID Connect
• SCIM provisioning and deprovisioning
• Secure and manage:
• App registrations and service principals
• API permissions and consent models
• Certificate and secret lifecycle management
• Troubleshoot federation, claims, and token-related issues
• Use ServiceNow for:
• Incident, Problem, and Change Management
• Identity request workflows and approvals
• CMDB and service mapping related to identity services
• Improve operational maturity through:
• Runbooks and SOPs
• Monitoring and alerting enhancements
• Identity-related SLAs and KPIs
• Automate identity operations using:
• PowerShell
• Microsoft Graph
• Azure Automation / Logic Apps
• Reduce manual access administration and improve consistency through automation.
• Maintain version-controlled scripts and documentation.
• Continuously assess and improve identity security posture and architecture.

Benefits

• Competitive salary package, share plan, company performance bonuses, value-based recognition awards, referral bonus
• Career coaching, global career opportunities, non-linear career paths, internal development programmes for management and technical leadership
• Complex projects, rotations, internal tech communities, training, certifications, coaching, online learning platforms subscriptions, pass-it-on sessions, workshops, conferences
• Hybrid work and flexible working hours, employee assistance programme
• Global internal wellbeing programme, access to wellbeing apps
• Global internal tech communities, hobby clubs and interest groups, inclusion and diversity programmes, events and celebrations
• Robust healthcare and benefits including Medical, Dental, vision, Disability coverage, and various other benefit options
• Flexible Spending Accounts (Medical, Transit, and Dependent Care)
• Employer Paid Life Insurance and AD&D Coverages
• Health Savings account paired with our low-cost High Deductible Medical Plan
• 401(k) Safe Harbor Retirement plan with employer match with immediately vest