Sr. Identity Engineer

Our client is seeking a Sr. Identity Engineer focused on Entra ID and Cloud identity operations to engineer, operate, and secure Microsoft Entra ID in a global enterprise environment. This role includes engineering a hybrid identity framework across Active Directory and Entra Connect, covering directory health and incident response while serving as the global escalation point for complex identity-related incidents, authentication failures, and access issues. Responsibilities Design, implement, and maintain Conditional Access policies to enforce MFA, device trust, sign-in risk, and Zero Trust principles. Own global enterprise application and service principal onboarding, enforcing least-privilege access models. Implement and govern Microsoft Entra Privileged Identity Management (PIM) for administrative roles. Operate and evolve modern authentication and MFA methods globally including passwordless and FIDO2 approaches. Partner with platform, security, and Azure engineering teams to design secure Azure access models and identity integrations. Requirements Strong hands-on experience with Microsoft Entra ID and Cloud identity operations. Experience with hybrid identity, Entra Connect, and on-prem AD synchronization. Proficiency with app registrations, service principals, and secret/certificate lifecycle management. Knowledge of Conditional Access Policies, MFA, and Zero Trust principles. Experience with Privileged Identity Management (PIM) and Administrative Units. Solid understanding of M365 and its identity integrations with Entra ID. Preferred A security background with operations experience. Experience with Microsoft Graph permission models. Knowledge of B2B, B2C, and cross-tenant identity scenarios. A strong security mindset as a hands-on keyboard engineer (not a policy-setting role). Self-starter with strong communication skills and ability to work independently.