IAM Engineer - MS365 / Entra ID / SSO / MFA

Microsoft 365 / Entra ID / SSO / MFA

Role: IAM Engineer

Apply (by clicking the relevant button) after checking through all the related job information below.

Contract: 7+ months initially

IR35: Inside IR35

Day Rate: Up to £765 per day (via umbrella) potential for flex DOE

Location: Hybrid - 2 days/week on-site in Sheffield , remainder remote

Start: ASAP

Summary

An established well known national organisation is seeking a hands-on IAM Engineer to implement and operate identity, authentication, and access controls across Microsoft 365 and Microsoft Entra ID (Azure AD) .

Focus is on SSO , MFA , Conditional Access, identity lifecycle, and privileged access (with CyberArk as a desirable skill). This is a delivery and operations role (not an architect), partnering with Security, Infrastructure, and Service Management to harden controls, reduce risk, and improve user experience.

Responsibilities

  • Entra ID operations & hardening : tenant hygiene, identity security baseline, Conditional Access (CA) design/maintenance, break-glass access.
  • SSO engineering : onboard and support SAML/OIDC apps; configure enterprise app registrations, claims, tokens, and session settings.
  • MFA at scale : method policies (Authenticator, FIDO2, SMS), registration campaigns, CA-based MFA enforcement, resilient admin access patterns.
  • Lifecycle & access controls : group-based access, dynamic groups, PIM (just-in-time admin), RBAC reviews, access reviews, least-privilege enforcement.
  • Microsoft 365 alignment : integrate with Defender for Cloud Apps, govern Exchange/SharePoint/Teams access, improve Secure Score.

Required Skills & Experience

  • Proven, hands-on Microsoft Entra ID administration: app registrations, Conditional Access, Identity Protection, authentication strengths, and policy operations.
  • SSO delivery using SAML 2.0 / OIDC / OAuth 2.0 : enterprise app onboarding, claims mapping, token troubleshooting (SAML traces, Fiddler, browser dev tools).
  • MFA engineering and rollout: CA-based MFA, method policies, break-glass procedures, staged/targeted deployments.
  • Microsoft 365 security controls: Exchange, SharePoint/OneDrive, Teams governance and access configuration. xkybehq

Desirable

  • CyberArk PAM (Core PAS): Safes, platform onboarding, credential rotation, PSM/PSMP, API integration.

If you have the relevant skills and interested in hearing more please apply with your latest CV.

Apply Now
Apply Now

Job Details

Company
Tria Recruitment
Location
Handsworth, West Midlands, UK
Hybrid / Remote Options
Posted