Entra Identity Engineer

On behalf of our Client from the Caribbean region, Mobilunity is looking for an Entra Identity Engineer.
 

Our Client is the largest bank in the Caribbean region that serves 14 countries/territories. The aim is to transform this organization from a traditional bank into a new era of fintech, leveraging the cutting-edge of current fintech offerings.

The Entra Identity Engineer implements, configures, and operates Microsoft Entra ID capabilities for workforce, privileged, application, and hybrid identity scenarios. This is a hands-on engineering role focused on secure, resilient identity operations and integration with cloud and on-prem systems.

Responsibilities:

• Implement and manage Microsoft Entra ID tenants, users, groups, roles, and directory settings
• Configure MFA, Conditional Access, Identity Protection, and RBAC policies with least-privilege and break-glass controls
• Integrate Entra ID with on-prem directories for hybrid identity (Azure AD Connect / Cloud Sync), including sync rules and writeback
• Secure service principals, managed identities, and app registrations (certificates/secrets governance, permissions consent, token lifetimes)
• Support identity components for cloud migrations and modern authentication (deprecate legacy auth, enable device compliance and SSO)
• Troubleshoot authentication, authorization, and token-related issues across apps, devices, and protocols
• Enable and support identity requirements for cloud platforms and applications (Azure, M365, SaaS, custom apps, APIs)
• Automate routine operations with PowerShell and/or GitHub Actions/Azure Automation (policy deployment, user lifecycle, access reviews)
• Implement monitoring, alerting, and incident response using Entra logs, sign-in risk, audit trails, and SIEM integrations
• Partner with security, compliance, and application teams to meet regulatory and audit requirements.

Requirements:

• Microsoft Entra ID (Azure AD) administration and troubleshooting across tenants and enterprise-scale environments
• Conditional Access, MFA, Identity Protection policy design, testing, and safe rollout strategies
• Hybrid identity patterns and tooling (Azure AD Connect / Cloud Sync, Pass-through Authentication, Seamless SSO)
• OAuth2 / OIDC token handling and claims mapping; understanding scopes, consent, and grant types
• PowerShell & automation for identity operations (MSOnline/AzureAD/Microsoft Graph modules)
• Monitoring and log analysis for identity events (sign-ins, audit, risky users/sessions, service principals)
• Privileged Identity Management (PIM) configuration, approval workflows, just-in-time access, and access reviews
• Solid understanding of RBAC, directory roles, admin unit scoping, and least-privilege design
• Working knowledge of device-based access (Intune compliance, device registration/Join, FIDO2/Windows Hello for Business)
• Microsoft Certified: Identity and Access Administrator Associate
• Microsoft Entra ID security and governance training
• Azure security fundamentals (e.g., network basics, Key Vault, Defender for Cloud)
• PowerShell automation training and scripting best practices
• Basic OAuth/OIDC protocol training and token troubleshooting

 Experience required:

• 4–7 years in identity or cloud engineering roles
• Hands-on experience with Entra ID in enterprise or regulated environments
• Experience supporting MFA rollouts and secure application access at scale
• Exposure to cloud migration or hybrid identity deployments
• Operational experience supporting identity platforms in production with on-call participation

Success Measure:

• Reduction in risky sign-ins and identity-related incidents
• On-time, low-friction rollout of Conditional Access and MFA policies
• Mean time to resolution (MTTR) for identity incidents consistently trending down
• Automation coverage for routine identity tasks and policy deployments
• Positive audit outcomes for identity controls and privileged access

In return, we offer:

• The friendliest community of like-minded IT people
• Open knowledge-sharing environment – exclusive access to a rich pool of colleagues willing to share their endless insights into the broadest variety of modern technologies
• Mobilunity Medical Insurance program is designed to meet our team’s needs
• Paid vacations and sick leaves, including 5 paid days per year that don’t require a sick note
• Perfect office location in the city center (900m from Lukyanivska metro station with a green and spacious neighborhood) or remote mode engagement: you can choose a convenient one for you, with a possibility to fit together both
• No open-spaces setup – separate rooms for every team’s comfort, and multiple lounge and gaming zones
• English classes in 1-to-1 & group modes with elements of gamification

• Neverending fun: sports events, tournaments, music band, multiple affinity groups

   

Come on board, and let’s grow together!