Responsibilities
- Manage and maintain the technical setup of the Entra ID environment, emphasizing the modernization of authentication as part of a broader identity and access strategy.
- Play an active role in authentication and authorization initiatives, including securing application integrations and hardening system configurations such as conditional access and adaptive multi-factor authentication.
- Develop, deploy, and support a scalable and resilient framework that enables a seamless experience for end users.
- Establish, implement, and maintain Role-Based and Attribute-Based Access Control models across on-premises Active Directory, Entra ID, and AWS platforms.
- Collaborate with Security, Infrastructure, Cloud, and Development teams to standardize access control practices across systems and applications.
- Assist in designing and managing access models for applications, APIs, service accounts, cloud platforms, and workload identities.
- Integrate internal and external applications with corporate identity providers for Single Sign-On using SAML, OAuth, and OIDC.
- Lead workshops and coordination sessions with development teams to facilitate identity integrations.
- Guide developers on secure implementation of authentication and authorization flows, covering tokens, claims, scopes, roles, secrets, certificates, and redirect URIs.
- Work with development teams to integrate IAM best practices into shared libraries, frameworks, SDKs, templates, and reference architectures.
- Help create reusable components for authentication and authorization to be used across company applications.
- Ensure internal libraries follow security principles such as least privilege, secure token validation, session management, claims-based authorization, secretless authentication, and modern federation.
- Serve as an expert in identity and access management, advising teams on appropriate protocols and architectural patterns.
- Support secure user lifecycle management, including provisioning and de-provisioning within the joiner-mover-leaver process.
- Implement, manage, and enforce identity security policies such as MFA, Conditional Access, and least privilege principles.
- Ensure consistent enforcement of policies across users, applications, and platforms while maintaining usability for business operations.
- Provide advanced (Tier 3) support for identity-related issues including authentication failures, authorization errors, SSO problems, federation issues, and access denials.
- Collaborate with infrastructure, security, cloud, and application teams to identify root causes and implement solutions for identity issues.
- Use scripting tools like PowerShell and Python, along with APIs and SCIM, to automate identity lifecycle and access management processes.
- Enhance operational efficiency by minimizing manual work, standardizing procedures, and enabling scalable IAM operations.
- Develop and maintain comprehensive documentation for IAM-as-a-service offerings.
- Define onboarding procedures, integration patterns, and standard operating procedures for IAM services.
- Deliver clear, actionable guidance to application teams on securely and efficiently using IAM services.