IAM Engineer - Global Identity Integration

We are looking for a deep technical IAM specialist with strong hands-on experience in Microsoft Entra ID (Azure AD). The ideal candidate brings expertise across authentication, authorization, multi-tenant architecture, privileged access, Microsoft Graph API, and backend identity service development. This role partners closely with teams in Japan and the US to deliver global identity integration, lifecycle management, and security operations. Can work independently to engineer, configure, automate, and improve enterprise identity solutions., * Conditional Access & Authentication: Engineer, configure, and continuously refine Conditional Access policies, authentication strengths, named locations, and sign-in session controls to enforce adaptive, risk-aware security at scale.

• Entra Application Management: Own Entra application registrations end-to-end: configure OAuth 2.0/OIDC/SAML integrations, manage API permissions and consent, maintain service principals, and govern enterprise SSO applications.
• Multi-Tenant & B2B Guest Management: Configure and maintain multi-Entra tenant environments including cross-tenant access policies, cross-tenant synchronization, and B2B guest identity lifecycle from provisioning through offboarding.
• Cross-Tenant Synchronization: Enhance and maintain user synchronization processes from local tenants to a centralized federated tenant, ensuring identity fidelity and a seamless user experience across environments.
• SCIM & Identity Lifecycle: Implement and maintain SCIM-based provisioning integrations for SaaS and custom applications, troubleshoot provisioning cycles, and ensure accurate attribute mapping for automated identity lifecycle operations. Develop and manage backend services for user provisioning and identity lifecycle operations.
• Microsoft Graph API: Utilize the Microsoft Graph API extensively to query, manage, and automate identity objects, policies, app registrations, group memberships, audit logs, and lifecycle operations across the tenant.
• Backend Identity Services: Design and build server-side services for authentication, token issuance, and policy enforcement across applications and platforms. Build custom APIs, extensions, and self-service portals leveraging Azure AD capabilities.
• PIM, PAM & RBAC: Administer and refine PIM (Privileged Identity Management) role assignments, activation policies, and access reviews; support PAM tooling integrations for privileged session and credential management.
• Strong MFA & Authentication Standards: Enforce and expand phishing-resistant MFA coverage across user and workload identities, including FIDO2, Certificate-Based Authentication (CBA), and Microsoft Authenticator; manage authentication method policies and exception handling.
• Risk-Based & Identity Protection Controls: Tune and operate risk-based Conditional Access policies using Identity Protection signals (sign-in risk, user risk), continuous access evaluation, and adaptive policy triggers to reduce exposure.
• Legacy Modernization: Modernize legacy identity tools with automated, scalable solutions for access control and lifecycle management.
• Automation & Scripting: Automate identity-related processes and tasks using PowerShell, Python, and Microsoft Graph API integrations.
• Global Collaboration: Work closely with teams in Japan and the US to support global identity integration, operations, and transitions. Serve as a cross-functional partner bridging business requirements with IAM technical delivery.
• Documentation & Operational Rigor: Document configurations, write runbooks, build knowledge base articles, and maintain IAM operational guides to ensure repeatability and audit readiness.

• 5+ years of hands-on IAM engineering experience with deep specialization in Microsoft Entra ID (Azure AD) in cloud-native or hybrid enterprise environments.
• Proven experience developing and operating Azure AD / Entra ID at enterprise scale, including cross-tenant synchronization and identity federation
• Advanced knowledge of Conditional Access: policy design, authentication strengths, named locations, filters, sign-in and session controls.
• Deep, hands-on expertise with Microsoft Graph API querying and managing users, groups, applications, policies, audit logs, and lifecycle operations programmatically.
• Strong experience with multi-Entra tenant configurations, cross-tenant access settings, B2B collaboration, and cross-tenant synchronization.
• Solid expertise in SCIM provisioning, OAuth 2.0, OIDC, SAML, and enterprise application management in Entra.
• Hands-on experience with PIM role management, activation policies, access reviews, and Azure-native privileged access governance.
• Deep MFA implementation skills including FIDO2 security keys, CBA, Authenticator app, and authentication method policy management.
• Experience designing and building backend identity services for authentication, token issuance, and policy enforcement across applications and platforms.
• Proficiency in PowerShell and/or scripting languages (Python or JavaScript) for Graph API integrations and IAM tooling.
• Practical experience with Identity Protection risk policies, risk-based Conditional Access, and continuous access evaluation
• Strong technical delivery of complex projects through a proven methodology such as Agile, ITIL, TOGAF, or similar.
• Effective collaboration across cross-functional and global teams.
• Ability to work independently as an individual contributor with strong written documentation habits.
• Bachelor's degree in Computer Science, Engineering, or a related field, or equivalent practical experience., * Microsoft Certified: Identity and Access Administrator Associate (SC-300) or equivalent.
• Experience with Aquera for cross-tenant account provisioning and synchronization.
• Familiarity with identity lifecycle workflows including joiner, mover, and leaver processes within Entra ID.
• Exposure to Azure Logic Apps or similar automation tools for identity workflow orchestration.
• Experience with AI-assisted identity security tools, agentic workflows, or intelligent access review automation.
• Background in zero trust architecture and identity-first security frameworks.