Senior IAM Engineer

The Senior IAM Engineer owns and operates Enpal's workforce Identity & Access Management in Microsoft Entra ID. You ensure secure and scalable access through Conditional Access, a strong admin model, and reliable identity lifecycle (Joiner/Mover/Leaver) processes. You enable least-privilege access via RBAC, PIM/PAM, and recurring access reviews, while supporting secure collaboration and sharing.

Policy Development and Governance:

• Define and maintain IAM standards and guardrails for Entra ID (authentication, Conditional Access principles, privileged access, external collaboration).
• Establish and maintain the admin model (role design, separation of duties, privileged role assignment approach) and enforce least privilege through RBAC.
• Own processes for access reviews, exceptions, and evidence for audits related to identity controls.

IAM Engineering and Operations:

• Operate and continuously improve Microsoft Entra ID (tenant configuration, role design, groups, identity settings) as the central identity platform.
• Design, implement, and maintain Conditional Access policies (including rollout strategy, exclusions, and safe operations).
• Build and operate Joiner/Mover/Leaver lifecycle processes, ensuring timely provisioning and deprovisioning and reducing manual access handling.
• Own Privileged Access controls:
• Implement and operate PIM/PAM (activation workflows, approval, time-bound access, role eligibility).
• Manage break-glass accounts and emergency access procedures (creation, secure storage, testing cadence).
• Manage and govern identity objects and special cases:
• Guest accounts and external collaboration controls
• Shared mailboxes / mail-enabled objects / Distribution groups
• Service/admin accounts
• Microsoft 365 Groups / Security groups
• Drive operational quality: documentation, runbooks, change planning, and troubleshooting of access/provisioning issues.

Collaboration and Stakeholder Engagement:

• Partner with Corp IT, HR, and app owners to ensure identity data quality and smooth onboarding/offboarding.
• Advise teams on access design: RBAC models, group strategy, and reducing direct user entitlements.
• Coordinate with Security and IT stakeholders to safely deploy IAM changes and minimize business disruption.

Awareness and Training:

• Provide guidance to admins and end users on secure access practices (MFA, Conditional Access behavior, guest collaboration).
• Create and maintain clear internal documentation for access requests, privileged access workflows, and review procedures.

• Strong hands-on experience with Microsoft Entra ID (Azure AD) administration and identity operations.
• Deep practical experience implementing Conditional Access (design, rollout, troubleshooting).
• Experience building and operating Joiner/Mover/Leaver processes and lifecycle automation.
• Strong Experience running access reviews and implementing RBAC (role/group modeling and governance).
• Experience with Privileged Identity Management (PIM) and privileged access patterns (admin model, break-glass).
• Comfortable working with automation and APIs (e.g., PowerShell, Graph API) to scale IAM operations.

Soft Skills:

• Structured, reliable, and detail-oriented with strong operational ownership.
• Clear communicator who can align stakeholders on guardrails and practical solutions.
• Pragmatic problem-solver with a continuous improvement mindset.

Our goal is to have a solar system on every roof, a storage unit in every house, and an electric car in every garage. Enpal makes this possible with an integrated total solution for decentralized energy-from solar systems and battery storage to wall boxes, smart meters, and heat pumps. At the heart of it all is our AI-powered platform Enpal.One+, which intelligently connects thousands of systems and efficiently optimizes electricity procurement and feed-in on the energy market. Are you ready for solutions that are more than just a promise and bring real quality of life to thousands of households every day? What you create at Enpal will deliver clean electricity tomorrow and bring about lasting change in how we use energy., * Work at Germany's first green unicorn - Play an active role in shaping the solar energy transition. * The sun shines all over the world - At Enpal, you'll work with a highly motivated, diverse team of over 65 nationalities. * The ideal setup for your focus - We are convinced that excellent results are achieved when the conditions are right. That's why we rely on a hybrid working concept that gives you the freedom to always work in the way that best suits your tasks. Do you need new inspiration on an international level? With Workflex, we offer you the opportunity to relocate abroad for up to 30 days a year, depending on your responsibilities. * Grown-up business & startup spirit - In our modern office in Berlin-Friedrichshain, you'll find everything your heart desires, from height-adjustable desks and table tennis to stocked beverage fridges and barista coffee. * Your kick-start at Enpal - Onboarding day with a welcome bag, buddy program, and a team that really supports you. * Stay up to date & help shape the future - Transparent all-hands meetings, short decision-making processes, and an open feedback culture - without mistakes, there is no progress. * The energy transition can only be achieved together - At Enpal, you can expect legendary team spirit and unforgettable team events. * Your extra boost - 29 + 2 vacation days, discounted membership at Wellhub, and corporate benefits. Everything you need to help you achieve a good work-life balance. At Enpal, we are proud of the diversity of our team. No decisions are made on the basis of skin colour, religion or religious belief, ethnic or national origin, nationality, gender identity, sexual orientation, disability or age, either during recruitment or employment. Enpal stands for a safe workplace and takes action against discrimination and harassment of any kind.