Senior Entra ID SME

Role/Job title Senior Entra ID SME

Work Location Wokingham/Warwick

Role type - Permanent/Fixed Term/ Contracting Contracting

Mode of working – Hybrid /office based Hybrid

If Hybrid, how many days are required in office? Minimum 2 – 3 days

The Role

We are seeking a visionary and highly technical Entra ID SME to lead the BAU and identity enhancement in customer identity environment. While our existing operation team focus on the Identity operations, this role focus on Entra ID expertise to support the operations and enhancements and BAU automations.

The Microsoft Entra SME is responsible for designing, implementing, and governing enterprise identity and access management (IAM) solutions using Microsoft Entra ID (Azure AD). This role ensures secure, scalable, and compliant identity services, supporting both human and non human identities across cloud and hybrid environments.

This role requires a deep IAM hands-on experience of hybrid environment and modern automation paradigms, mentoring teams, and providing technical direction to senior management.

Key Responsibilities

• Identity & Access Management

• Design and manage Microsoft Entra ID architecture

• User lifecycle (Joiner–Mover–Leaver)

• Group management (static, dynamic, role-assignable)

• Role-based access control (RBAC)

This position is distinguished by its strategic focus and technical leadership, empowering BAU teams to deliver robust solutions, elevating technical standards, and shaping CUSTOMER’s identity vision for the future.

Your responsibilities:

• Own the end-to-end IAM operations focusing Entra ID for CUSTOMER, ensuring robust protection across on-premises, cloud, and hybrid environments.

• Authentication & Security

o Multi-Factor Authentication (MFA)

o Conditional Access policies

o Passwordless solutions (FIDO2, Windows Hello)

o Enforce Zero Trust principles

o Monitor and respond to identity-related incidents

• Operations & Support

o Provide support for identity-related issues:

o Authentication failures

o Sync issues

o Group/role assignment issues

• Application & Agent Management

o Enterprise Applications

o App registrations (Service Principals)

o Review and control:

o API permissions

o Admin consent processes

• Identity Governance & Compliance

o Access Packages (Entitlement Management)

o Access Reviews

o Privileged Identity Management (PIM)

• Ensure compliance with:

o CIS, ISO 27001, NIST, internal security policies

o Conduct periodic access and role reviews

• Automation & Integration (Good to Have)

o Design and implement automation using:

o Azure Logic Apps

o Power Automate

o Microsoft Graph API

• Certificate & PKI Integration (Good to Have)

o AD CS (Certificate Authority)

o NDES / SCEP

• Define and maintain:

o Operational runbooks

o Incident and problem management processes

o Define identity standards and enforce best practices

Your Profile

Essential skills/knowledge/experience:

• 10+ years of experience in Identity and Access Management focused on Microsoft Entra ID, with at least 3+ years of BAU experience in IAM.

• Proven ability to see the "big picture" and design holistic solutions that balance performance, security, cost, and identity automation.

• Strong hands-on experience with:

o Microsoft Entra ID (Azure AD)

o Active Directory (AD DS)

o Hybrid identity (Entra Connect / Cloud Sync)

• Expert-Level Technical Knowledge:

o Deep expertise in Entra ID and identity automations

o Advanced knowledge of enterprise Identity operations in hybrid environment

o Strong understanding of Microsoft Entra ID, Active Directory and Certificate Management, PKI(good to have), CI/CD pipelines and scripting.

• Strong Experience with:

o Conditional Access

o PIM & Access Reviews

o App registrations & Enterprise Apps

• Scripting:

o PowerShell

o Microsoft Graph API

• Security & Compliance

o Knowledge of: Zero Trust architecture

o Identity security best practices

• Soft Skills

o Strong stakeholder communication (technical & leadership)

o Analytical and problem-solving mindset

• Deep understanding of ITIL concepts within an Agile, process-driven environment. A "no-blame" mindset focused on continuous improvement and preventing future incidents through architectural automation. Highly self-motivated with a passion for learning.

Desirable skills/knowledge/experience:

Certifications (Preferred)

Microsoft:

o SC-300 – Identity and Access Administrator

o AZ-500 – Azure Security Engineer

• Other:

o IAM / security certifications (CISSP, CISM – optional)