Microsoft Entra ID Engineer
Role details
Job location
Tech stack
Job description
We are looking for an experienced Active Directory and Microsoft Entra ID engineer to lead the hands-on execution of an on-premises Active Directory to Entra ID migration for a large fintech organization. Working under the direction of a solution architect, you will own the build, configuration, migration, testing, and documentation work throughout the project. This role is well-suited for a deeply technical engineer who is comfortable operating with ambiguity in a complex enterprise environment and who has migrated real AD estates before. Experience in banking, financial services, or other regulated industries is a strong plus., * Execute discovery and assessment of the on-premises Active Directory environment and Microsoft 365 tenant, and document findings and dependencies
- Contribute to migration design and tool selection alongside the architect
- Perform Entra ID configuration, identity synchronization, and authentication setup
- Run test migrations, then migrate and validate users, groups, and service accounts
- Configure identity security controls including MFA, Conditional Access, and self-service password reset
- Support endpoint and device management integration through Microsoft Intune
- Produce as-built documentation and deliver administrator training and operational handoff
Requirements
- 5+ years of hands-on directory services engineering, including extensive experience supporting and troubleshooting on-premises Active Directory (authentication, Client, GPO, LDAP)
- Demonstrated experience executing AD to Entra ID migrations in complex enterprise environments
- Strong working knowledge of Entra Connect and authentication methods (Password Hash Sync, Pass-through Authentication, ADFS)
- Hands-on experience with Microsoft Intune, including device compliance and Entra ID Join and Hybrid Join
- Experience with Conditional Access, MFA, and identity protection in a cloud-first model
- Solid grasp of AD security, common vulnerabilities and safeguards, and Tier-0 security boundaries
- Understanding of modern authentication (OIDC, SAML, Kerberos) and access control models (RBAC, PBAC, ABAC)
- Working familiarity with Azure environments
- Ability to author technical documentation and conduct knowledge transfer sessions, * Experience planning and running phased migration waves with defined pilot cohorts and rollback criteria
- Familiarity with GPO-to-Intune policy migration
- Experience with certificate services and cloud PKI approaches
- Prior work in financial services or other highly regulated industries
- Bachelor's degree in Computer Science or equivalent training, education, and work experience
Contractor Requirements
- Must be based in the United States and authorized to work without sponsorship
- Must be available for occasional on-site travel (expenses covered by the client)
- Must be able to pass a background check