IAM Engineer

• Operate Microsoft Entra ID for BaU: manage SSO-enabled enterprise apps, app registrations, and related identity configurations in production.
• Handle incidents/requests through ITSM (ServiceNow/Jira or similar): triage, troubleshoot, resolve, document, and communicate updates to stakeholders.
• Troubleshoot end-to-end authentication flows: SAML and OIDC/OAuth2 sign-in errors, token issues, claims/attributes, redirect URIs, and federation metadata problems.
• Perform SAML certificate renewals and rotation activities: plan/execute changes, coordinate with application owners, validate post-change sign-in, and ensure minimal disruption.
• Rotate OIDC client secrets and/or certificates for app registrations and maintain secure storage/handling procedures and evidence of rotation.
• Monitor Entra ID health and SSO experience using platform logs and dashboards (sign-in logs, audit logs, application logs to identify trends and recurring issues.
• Maintain and follow operational runbooks, SOPs, and knowledge base articles to ensure accurate documentation for common incidents and recurring tasks.
• Support subsequent onboarding of new applications for SSO (primarily SAML/OIDC): gather requirements, configure standard patterns, test with application teams, and hand over to support.
• Apply security best practices during operations (least privilege, break-glass awareness, MFA hygiene, and controlled change execution) aligned to Zero Trust principles.

Good to Have Skills

• Operate Conditional Access policies and authentication methods from an operations lens: policy impact assessment, troubleshooting user impact, and controlled changes following CAB/change processes.
• Experience supporting provisioning and lifecycle integrations (SCIM, inbound/outbound provisioning, group-based assignment) and troubleshooting related failures.
• Hands-on exposure to monitoring/alerting integrations (Microsoft Sentinel, Log Analytics/KQL, Azure Monitor) for identity signals and automated triage.
• Basic automation/scripting to reduce toil: PowerShell and Microsoft Graph (or REST) for reporting, bulk operations, and repeatable runbook steps.
• Experience operating directory sync (Entra Connect / Cloud Sync) from a monitoring and incident-response perspective (health checks, error triage, and escalation).
• Contribute to service improvements: problem management (RCA), trend analysis, and proposing preventative controls for recurring incidents.
• Collaborate effectively in ITIL/ITSM and Agile/Scrum ways of working; participate in on-call/shift rota if required.

• Cyber Security - IAM Professional Services
• Microsoft Entra Identity Management