Microsoft Entra ID Engineer
Iris Consulting Corporation
Atlanta, United States of America
2 days ago
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Regular working hours Languages
English Experience level
SeniorJob location
Atlanta, United States of America
Tech stack
Microsoft Windows
Microsoft Active Directory
Active Directory Federation Services
User Authentication
Azure
Kerberos (Protocol)
Lightweight Directory Access Protocols (LDAP)
OpenID
Public Key Infrastructure
Role-Based Access Control
Azure
Security Assertion Markup Language (SAML)
Microsoft InTune
Information Technology
Job description
- Execute discovery and assessment of the on-premises Active Directory environment and Microsoft 365 tenant, and document findings and dependencies
- Contribute to migration design and tool selection alongside the architect
- Perform Entra ID configuration, identity synchronization, and authentication setup
- Run test migrations, then migrate and validate users, groups, and service accounts
- Configure identity security controls including MFA, Conditional Access, and self-service password reset
- Support endpoint and device management integration through Microsoft Intune
- Produce as-built documentation and deliver administrator training and operational handoff
Requirements
- 5+ years of hands-on directory services engineering, including extensive experience supporting and troubleshooting on-premises Active Directory (authentication, Client, GPO, LDAP)
- Demonstrated experience executing AD to Entra ID migrations in complex enterprise environments
- Strong working knowledge of Entra Connect and authentication methods (Password Hash Sync, Pass-through Authentication, ADFS)
- Hands-on experience with Microsoft Intune, including device compliance and Entra ID Join and Hybrid Join
- Experience with Conditional Access, MFA, and identity protection in a cloud-first model
- Solid grasp of AD security, common vulnerabilities and safeguards, and Tier-0 security boundaries
- Understanding of modern authentication (OIDC, SAML, Kerberos) and access control models (RBAC, PBAC, ABAC)
- Working familiarity with Azure environments
- Ability to author technical documentation and conduct knowledge transfer sessions, * Experience planning and running phased migration waves with defined pilot cohorts and rollback criteria
- Familiarity with GPO-to-Intune policy migration
- Experience with certificate services and cloud PKI approaches
- Prior work in financial services or other highly regulated industries
- Bachelor's degree in Computer Science or equivalent training, education, and work experience
Contractor Requirements
- Must be based in the United States and authorized to work without sponsorship
- Must be available for occasional on-site travel (expenses covered by the client)
- Must be able to pass a background check