Digital Workplace Senior IDAM Engineer (Identity & Access Management) / Third Line Support

Arxada is a global leader in innovative solutions that protect our world. Our groundbreaking technologies, in-depth regulatory know-how, manufacturing and process development help our customers to safeguard nutrition, health and infrastructure efficiently through chemistry and biotechnology that enhance sustainability. We offer a broad portfolio of ingredients and services for multiple end-markets that include Human Health & Nutrition, Home & Personal Care, Professional Hygiene, Paints & Coatings and Wood Protection. 

With customers in more than 100 countries, the company achieved sales of CHF 2 billion in 2024. Headquartered in Basel (Switzerland), Arxada employs 3,200 associates across 24 production sites and 14 R&D centers, all committed to our customers’ success. 

Responsible for designing, implementing, and supporting Identity & Access Management (IDAM) services that underpin the digital workplace. Acts as a senior escalation point for complex identity incidents and requests (third line), ensuring secure, resilient, and well-governed access across on-premises and cloud environments (e.g., Active Directory Domain Services and Microsoft Entra ID). This role has a strong focus on privileged access controls including PAM and PIM.

Essential Job Functions:

• Engineer and support IDAM platforms across hybrid environments: Active Directory (AD DS) and Microsoft Entra ID
• Design and implement secure authentication and access controls including SSO, MFA, Conditional Access and RBAC
• Operate and improve privileged access controls (PAM/PIM): just-in-time access, role activation, approvals and break-glass
• Onboard applications to the identity platform using standards such as SAML and OAuth2/OIDC (and provisioning via SCIM where applicable)
• Provide third-line support for complex identity incidents and problems, lead root cause analysis and permanent remediation
• Automate identity operations and controls using PowerShell and Microsoft Graph; maintain runbooks and repeatable processes
• Implement identity governance activities such as access reviews, lifecycle policies and least-privilege access models
• Maintain audit-ready logging and evidence (sign-in/audit logs, AD events, privileged activity) and support investigations
• Collaborate with security, infrastructure and application owners; contribute to standards, documentation and knowledge transfer

Qualifications & Experience:

• Proven senior-level IDAM engineering and third-line support experience in enterprise environments
• Strong hands-on knowledge of Active Directory (AD DS) fundamentals (including DNS/Group Policy concepts) and Microsoft Entra ID
• 4-10 years of experience with authentication/access controls: SSO, MFA, Conditional Access, RBAC and troubleshooting auth flows
• Privileged access experience (PAM/PIM), including JIT access, approvals, break-glass and audit evidence
• Application integration skills using SAML and OAuth2/OIDC (SCIM provisioning desirable)
• Automation capability with PowerShell and Microsoft Graph; ability to produce maintainable runbooks/documentation
• Strong communication and stakeholder management; able to work effectively with security, infrastructure and app teams

Arxada has world class offering in two distinct areas:

Microbial Control Solutions (MCS) focuses on threats posed by microorganisms to people and planet through five distinct business lines including Professional Hygiene, Home & Personal Care, Wood Protection, Paints & Coatings and Material Protection.

Nutrition, Care & Environmental (NCE), meanwhile, provides materials used to manufacture composites for electronics, aerospace and other markets, as well as vitamins and nutritional ingredients, chemicals and performance intermediates, and raw materials for a wide range of high-performance applications.

Arxada is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a qualified individual with disability, protected veteran status, or any other characteristic protected by law.

#LI-BR1