Entra ID / Azure PIM Engineer

We are currently looking for an Entra PIM / Entra ID Engineer to join KeyData’s Delivery Services team! This is a technical-focused role that will provide you the opportunity to work on and lead projects involving some of the latest cutting-edge products and technologies in the IAM space.

If you're passionate about working in an environment where you can experience accelerated growth, development, and a high impact, this role could be for you!

Title: Entra PIM / Entra ID Engineer

Location: India

Work Type: Full Time, permanent

Key Responsibilities: 

Microsoft Entra ID Architecture & Administration:

• Lead the design, implementation, and administration of Microsoft Entra ID with a focus on Security policies, Identity and Access management, privileged access management.
• Oversee Entra PIM (Privileged Identity Management) for Just-In-Time (JIT) role elevation, role-based access controls (RBAC), and access reviews.
• Establish and enforce Conditional Access policies, ensuring adaptive security based on risk factors such as user behavior, device health, and location.
• Manage and optimize authentication strategies, including Passwordless authentication, FIDO2 security keys, Temporary Access Pass (TAP), and risk-based MFA enforcement.

Application identity & Security:

• Implement secure authentication & authorization frameworks for applications using SAML, WS-FED, OAuth 2.0, and OpenID Connect (OIDC).
• Govern Service Principals & Enterprise Applications, ensuring least privilege access and Just-In-Time (JIT) elevation via Entra PIM.
• Secure application credentials, API keys, and cryptographic keys using Azure Key Vault.
• Define and enforce access policies for Key Vault using Conditional Access & Privileged Identity Management (PIM).
• Implement session control policies in Microsoft Defender for Cloud Apps for continuous monitoring of user activity.

Monitoring, Automation & Continuous Improvement:

• Implement automated identity workflows using Microsoft Graph API, PowerShell, Azure Logic Apps, and Azure Functions.
• Monitor Microsoft Defender for Identity & Defender for Cloud Apps, ensuring threat detection, anomaly detection, and risk-based security enforcement.
• Analyze sign-in logs, audit logs, and identity risk events to enhance security and optimize Conditional Access and Identity Protection policies.
• Continuously evaluate new Entra ID capabilities, ensuring alignment with industry best practices and security benchmarks.

Qualifications:

• Bachelor’s/master’s degree in computer science, Information Security, or related field.
• 5-7 years of hands-on experience in Entra ID, PIM, IAM and Privileged Access Management (PAM).
• Expert knowledge of Entra ID, Entra PIM, Conditional Access, and authentication protocols (OAuth, SAML, WS-FED, OpenID Connect).
• Hands-on experience with SCIM-based provisioning, hybrid identity synchronization (PHS, PTA, ADFS), B2B/B2C identity management, and Entra ID Cross-Tenant Sync.
• Strong background in PowerShell, Graph API scripting for identity automation.
• Experience working with identity security frameworks, compliance requirements, and Zero Trust security models.
• Strong troubleshooting and analytical skills with experience in Entra ID audit logging, Defender for Identity, and security analytics tools.

Certifications (Preferred):

• Microsoft Certified: Cybersecurity Architect Expert or Entra ID solution architecture.
• AZ-500 (Azure Security Engineer)

#LI-AS1