System Administrator III

About The Position

Requirements

• 5+ years of IAM experience, with 3+ years focused on Microsoft Entra ID in a hybrid environment .
• Deep expertise in: Microsoft Entra ID and Active Directory Conditional Access, MFA, and Zero Trust identity controls Privileged Identity Management (PIM) Hybrid identity troubleshooting (sync, authentication, federation)
• Hands-on experience with ServiceNow (ITSM, identity workflows).
• Experience working with NetIQ identity governance or directory tools .
• Strong PowerShell and automation skills.
• Proven ability to lead incident response and security-focused identity initiatives.
• Security-first mindset with strong Zero Trust principles
• Advanced troubleshooting and analytical skills
• Strong collaboration with Security, Compliance, and Infrastructure teams
• Clear technical documentation and communication
• Ability to lead initiatives independently and influence identity strategy

Nice To Haves

• Microsoft certifications (preferred): SC-300 – Identity and Access Administrator SC-200 / SC-100 – Security AZ-104, MS-102
• Experience with: Entra ID Protection and identity risk management Defender for Cloud Apps integration Phishing-resistant MFA rollouts (FIDO2 / WHfB)
• ITIL-based operational environments
• Experience supporting regulated or highly audited environments.

Responsibilities

• Act as the Tier 3 escalation point for complex Entra ID, hybrid identity, and authentication incidents.
• Lead resolution of high-severity identity outages and security incidents (authentication failures, MFA bypass attempts, Conditional Access issues).
• Perform detailed root cause analysis (RCA) and implement long-term corrective and preventive actions.
• Drive identity-related Problem Management activities within ServiceNow .
• Provide technical leadership, mentoring, and knowledge transfer to Tier 1–2 support teams.
• Administer and secure Microsoft Entra ID and on‑prem Active Directory in a hybrid configuration.
• Support and troubleshoot Entra Connect / Cloud Sync : Attribute flow and sync rule issues Duplicate object resolution (soft/hard match) UPN, proxyAddress, and source anchor mismatches
• Partner with AD, PKI, networking, and endpoint teams to ensure identity dependencies remain secure and resilient.
• Design, implement, and maintain Conditional Access policies with a security-first approach: Risk-based access Device and platform restrictions Session controls and legacy authentication blocking
• Manage and optimize authentication methods , including: MFA (Authenticator, FIDO2, WHfB, OATH, Temporary Access Pass) Phishing-resistant authentication strategies
• Administer Privileged Identity Management (PIM) : Eligible role assignments Approval workflows Just-in-time access Privileged access monitoring and alerts
• Investigate Entra ID Protection risk detections and coordinate remediation for risky users and sign-ins.
• Maintain and protect break-glass and emergency access accounts .
• Lead identity governance initiatives using: Access Reviews Entitlement Management / Access Packages Lifecycle and joiner-mover-leaver processes
• Utilize NetIQ identity tools to support: Identity lifecycle management Role-based access models Attestation and access certification workflows
• Ensure identity controls align with regulatory and audit requirements (SOX, SOC 2, ISO, HIPAA, etc.).
• Provide audit evidence, logging, and reporting for identity-related controls.
• Integrate and secure enterprise and SaaS applications using Entra SSO: SAML, OAuth 2.0, OpenID Connect SCIM provisioning and deprovisioning
• Secure and manage: App registrations and service principals API permissions and consent models Certificate and secret lifecycle management
• Troubleshoot federation, claims, and token-related issues
• Use ServiceNow for: Incident, Problem, and Change Management Identity request workflows and approvals CMDB and service mapping related to identity services
• Improve operational maturity through: Runbooks and SOPs Monitoring and alerting enhancements Identity-related SLAs and KPIs
• Automate identity operations using: PowerShell Microsoft Graph Azure Automation / Logic Apps
• Reduce manual access administration and improve consistency through automation.
• Maintain version-controlled scripts and documentation.
• Continuously assess and improve identity security posture and architecture.

Benefits

• Competitive salary package, share plan, company performance bonuses, value-based recognition awards, referral bonus
• Career coaching, global career opportunities, non-linear career paths, internal development programmes for management and technical leadership
• Complex projects, rotations, internal tech communities, training, certifications, coaching, online learning platforms subscriptions, pass-it-on sessions, workshops, conferences
• Hybrid work and flexible working hours, employee assistance programme
• Global internal wellbeing programme, access to wellbeing apps
• Global internal tech communities, hobby clubs and interest groups, inclusion and diversity programmes, events and celebrations
• Robust healthcare and benefits including Medical, Dental, vision, Disability coverage, and various other benefit options
• Flexible Spending Accounts (Medical, Transit, and Dependent Care)
• Employer Paid Life Insurance and AD&D Coverages
• Health Savings account paired with our low-cost High Deductible Medical Plan
• 401(k) Safe Harbor Retirement plan with employer match with immediately vest