IAM Entra ID Specialist (NCS/Job/ 3586)
Job Skills
Job Description
Job Description: IAM / Entra ID Specialist
Role: Senior Consultant / Lead – Identity & Access Management
Role Overview
Seeking a highly skilled IAM professional with deep expertise in Microsoft Entra ID (Azure AD) to lead enterprise identity modernization initiatives. The role will focus on phishing-resistant authentication, unified access governance, and scalable SSO factory implementations across SaaS, legacy, and modern applications.
This role will play a critical part in Zero Trust transformation, ensuring secure, seamless, and governed access across enterprise ecosystems.
Key Responsibilities:
Identity Architecture & Strategy
- Design and implement modern identity architecture using Microsoft Entra ID
- Lead Unified Access & Governance frameworks (RBAC, ABAC, Conditional Access)
- Define identity standards aligned to Zero Trust principles
- Enable federated identity strategies across multi-cloud and SaaS ecosystems
Phishing-Resistant Authentication Implementation
- Deploy phishing-resistant authentication mechanisms, including:
- Passwordless authentication (FIDO2, passkeys)
- Certificate-based authentication (CBA)
- Device-based trust models
- Implement strong Conditional Access policies
- Integrate identity signals for risk-based authentication
SSO Factory Model Execution
- Build and scale an SSO Factory Model to onboard applications efficiently
- Define reusable onboarding templates and patterns
- Drive automation for application integration lifecycle
SSO Integration Standards:
- OIDC (Preferred): For modern applications
- SAML: Fallback for legacy applications
- SCIM: Automated user provisioning (where vendor-supported)
Application Access Tiering & Governance
Design and implement application tiering model:
- Tier 1: Critical business applications (strictest controls, MFA, monitoring)
- Tier 2: Security-sensitive applications (moderate controls)
- Tier 3: Long-tail SaaS applications (standardized onboarding & governance)
Ensure:
- Access certification and review processes
- Least privilege access enforcement
- Lifecycle-based provisioning/deprovisioning
Federated Access & Identity Integration
- Implement federated identity models (B2B, B2C, partner access)
- Integrate enterprise apps with Microsoft Entra ID
- Enable cross-domain authentication and identity brokering
Automation & Provisioning
- Implement SCIM-based provisioning for SaaS apps
- Automate joiner-mover-leaver (JML) lifecycle
- Integrate identity workflows with ITSM tools (e.g., ServiceNow)
Security & Compliance
- Align IAM practices with industry compliance standards (SOC2, HIPAA, GDPR)
- Conduct identity risk assessments and remediation
- Enable logging, monitoring, and audit readiness
Required Skills & Qualifications
Core Technical Skills
- Strong hands-on experience with Microsoft Entra ID
- Expertise in:
- SSO (OIDC, SAML)
- Identity Federation
- Conditional Access
- Identity Governance
- Experience implementing phishing-resistant authentication
- Hands-on with SCIM provisioning
Preferred Skills
- Experience with:
- Azure AD B2B / B2C
- Identity Protection & Risk-based policies
- Privileged Identity Management (PIM)
- Exposure to:
- Zero Trust Architecture
- API-based identity integrations
- Automation using PowerShell / Graph API
Soft Skills
- Strong client-facing and consulting skills
- Ability to drive workshops and identity assessments
- Experience in enterprise-scale IAM transformations
Certifications (Preferred)
- Microsoft Certified: Identity and Access Administrator Associate
- Microsoft Certified: Security Engineer Associate
- CISSP / CISM (optional but valuable)
