Job Description
Title:
PAM Specialist (Entra ID) Location:
Newark, NJ (Hybrid) Mode:
Hybrid (onsite 2-3 days a week) Responsibilities:
Integrate on-prem and SaaS apps with Microsoft Entra ID using SAML 2.0 and OIDC/OAuth 2.0 (enterprise, gallery, and custom apps) Design and support secure SSO across cloud, hybrid, and federated identity environments Manage Entra ID enterprise apps, app registrations, service principals, API permissions, and consent policies Implement Conditional Access (MFA, risk-based, device-based, step-up authentication) Assess legacy apps for SSO readiness and recommend modernization Troubleshoot authentication/federation issues using Entra logs, audit logs, and token diagnostics Configure and validate secure token settings (claims, redirect URIs, certificates, audience) Collaborate with IAM, SailPoint, CyberArk, cloud, and app teams for identity modernization Align authentication with identity lifecycle (provisioning/deprovisioning) and PAM controls (JIT, secrets, session isolation) Define SSO standards and onboarding guidance for application teams Support large-scale application onboarding and standardize integration processes/documentation Drive identity security initiatives ( passwordless, Zero Trust , SSO expansion, legacy migration) Automate tasks using PowerShell, Python, and Microsoft Graph API Qualifications :
Strong experience integrating applications with Microsoft Entra ID using SAML 2.0, OIDC, and OAuth 2.0 Expertise in SSO , federation, authentication patterns, and enterprise identity architecture Hands-on with Conditional Access, app registrations, service principals, API permissions, and consent models Experience with hybrid identity ( Active Directory, Entra Connect ) and lifecycle management with SailPoint integration Skilled in troubleshooting authentication using Entra ID logs, token analysis, and sign-in diagnostics Knowledge of secure token design, claims mapping, certificates, redirect URIs, and encryption standards Experience with PAM solutions like CyberArk and privileged access integration (ZSP, JIT) Familiar with passwordless authentication ( FIDO2, Windows Hello , certificate-based auth) and Zero Trust principles Basic automation/scripting using PowerShell, Python , and Microsoft Graph API Experience supporting large-scale SSO onboarding (300 600+ apps) and enterprise app discovery Familiar with compliance frameworks ( SOX, NERC CIP, CIS
) Experience migrating from legacy IAM platforms (ADFS, Okta, Ping) to Microsoft Entra ID Strong cross-functional collaboration, documentation, and stakeholder communication skills
