[Hiring] Entra ID / Azure PIM Engineer @KeyData Cyber

Role Description

As an Entra PIM / Entra ID Engineer, you will play a critical role in strengthening and modernizing enterprise identity security for our clients. You will architect and deliver secure, scalable Microsoft Entra solutions that protect privileged access, enforce Zero Trust principles, and reduce identity-related risk across complex environments.

• Lead the design, implementation, and administration of Microsoft Entra ID with a focus on security policies, Identity and Access Management (IAM), and Privileged Access Management (PAM).
• Oversee Entra PIM (Privileged Identity Management) for Just-In-Time (JIT) role elevation, role-based access controls (RBAC), and access reviews.
• Establish and enforce Conditional Access policies, ensuring adaptive security based on risk factors such as user behavior, device health, and location.
• Manage and optimize authentication strategies, including Passwordless authentication, FIDO2 security keys, Temporary Access Pass (TAP), and risk-based MFA enforcement.
• Implement secure authentication and authorization frameworks for applications using SAML, WS-FED, OAuth 2.0, and OpenID Connect (OIDC).
• Govern Service Principals and Enterprise Applications, ensuring least-privilege access and Just-In-Time (JIT) elevation via Entra PIM.
• Secure application credentials, API keys, and cryptographic keys using Azure Key Vault.
• Define and enforce access policies for Key Vault using Conditional Access and Privileged Identity Management (PIM).
• Implement session control policies in Microsoft Defender for Cloud Apps for continuous monitoring of user activity.
• Implement automated identity workflows using Microsoft Graph API, PowerShell, Azure Logic Apps, and Azure Functions.
• Monitor Microsoft Defender for Identity and Defender for Cloud Apps, ensuring threat detection, anomaly detection, and risk-based security enforcement.
• Analyze sign-in logs, audit logs, and identity risk events to enhance security and optimize Conditional Access and Identity Protection policies.
• Continuously evaluate new Entra ID capabilities, ensuring alignment with industry best practices and security benchmarks.

Qualifications

• 5–7 years of hands-on experience in Entra ID, PIM, IAM, and Privileged Access Management (PAM).
• Strong expertise in Entra ID, Entra PIM, Conditional Access, and authentication protocols (OAuth, SAML, WS-FED, OpenID Connect).
• Hands-on experience with SCIM-based provisioning, hybrid identity synchronization (PHS, PTA, ADFS), B2B/B2C identity management, and Entra ID Cross-Tenant Sync.
• Strong scripting and automation experience using PowerShell and Microsoft Graph API.
• Proven troubleshooting and analytical skills with experience in audit logging, Defender for Identity, and security monitoring tools.

Nice-to-Have Skills

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field.
• Microsoft Certified: Cybersecurity Architect Expert or Entra ID Solution Architecture certification.
• AZ-500 – Microsoft Azure Security Engineer certification.

Benefits

• Extensive opportunities to advance your career through leading digital identity projects across North America.
• Culture built on respect, inclusion, and equal opportunity for everyone.

Accessibility & Accommodations

If you require accommodation due to a disability at any time during the recruitment and/or assessment process, please contact Talent Acquisition, and we will make all reasonable efforts to accommodate your request.

BrightHire technology is used during the preliminary interview stage for recording, transcription, and candidate evaluation as part of our hiring process.