Job Title: Entra ID/Active Directory BPSI Engineer
Location: South St Paul, MN (Hybrid)
Duration: 6 months
Roles/Responsibilities:
Identity Management & Administration:
- Design, implement, and manage hybrid Active Directory (AD) environments and Azure Active Directory (Entra ID)
- Integrate systems and applications with centralized authentication solutions
- Administer identity federation services such as Single Sign On (SSO) and Multifactor Authentication (MFA)
- Manage directory synchronization tools like Azure AD Connect or Okta
Azure B2C / Entra External ID Support
- Design, implement, and manage Azure AD B2C and Entra External ID environments.
- Integrate external-facing applications and services with Azure AD B2C for consumer identity and access management.
- Develop and configure user flows, custom policies, and branding customizations within Azure AD B2C.
- Collaborate with development teams to ensure seamless authentication experiences for external users.
- Monitor and optimize performance, scalability, and availability of Azure AD B2C/Entra External ID solutions.
- Ensure compliance with security standards and regulatory requirements for external identity management.
Security & Compliance:
- Implement security measures to protect AD/Entra ID environments against vulnerabilities
- Ensure compliance with CJIS, PCI, HIPAA, and other relevant regulatory frameworks
- Conduct regular disaster recovery exercises for AD/Entra ID environments
- Develop and enforce security baselines and policies for identity services
Operational Excellence:
- Monitor system performance, capacity planning, and resolve high-severity incidents
- Automate processes using PowerShell scripting or other tools to enhance efficiency
- Conduct regular health checks of identity platforms to ensure operational stability
- Maintain detailed technical documentation and Standard Operating Procedures (SOPs)
Collaboration & Leadership:
- Provide technical leadership to cross-functional teams
- Mentor junior engineers and operational teams on best practices
- Participate in architectural discussions to design scalable, secure solutions
- Collaborate with stakeholders to align identity services with business needs
Knowledge, Skills, and Abilities:
- Advanced knowledge of Active Directory (on-premises) and Azure Active Directory/Entra ID
- Expertise in authentication protocols such as LDAP, Kerberos, SAML, OIDC
- Proficiency in PowerShell scripting for automation tasks
- Experience with disaster recovery planning for directory services
- Familiarity with Group Policy Objects (GPO), AD replication, backup/restoration processes
- Strong understanding of identity security best practices
- Experience implementing privileged access management (PAM) solutions
- Familiarity with regulatory frameworks like CJIS, PCI DSS, HIPAA
- Strong problem-solving abilities under pressure
- Excellent communication skills for collaboration across teams
- High attention to detail with a proactive approach to identifying risks
Mandatory Skills:
- Bachelor’s degree and 5 years of experience
- Associate’s degree and 7 years of experience
- High school diploma or GED and 9 years of experience
- Two plus years’ experience architecting or administering Entra ID environments.
- What education and experience are required for this job (minimum qualifications) Any of the following combinations of education (in Computer Science, Systems Security, or similar) and relevant experience: Experience should include Active Directory/Entra ID engineering and experience managing environments containing sensitive data (CJIS, PCI, HIPAA, etc.).
Desirable Skills:
- Strong understanding of ITIL or IT Service Management frameworks
- Experience should include Active Directory/Entra ID engineering and experience managing environments containing sensitive data (CJIS, PCI, HIPAA, etc.).
- Advanced knowledge of Active Directory (on-premises) and Azure Active Directory/Entra ID
- Proficiency with documentation and content development tools, i.e., Microsoft Word, Visio, PowerPoint, Confluence, SharePoint, etc.
- Communicate complex technical information clearly and concisely to diverse audiences through well-structured documentation, ensuring accuracy, usability, and consistency across all formats
- Ability to work independently and manage multiple priorities in a fast-paced environment. Hybrid telework/onsite office environment.
- Relevant certifications such as Microsoft Certified: Identity and Access Administrator Associate (SC300) or MCSE: Core Infrastructure
- Expertise with Microsoft Azure
- Expertise with Entra ID
- Experience in domain consolidation or migration projects
- Knowledge of modern access control models (RBAC, PBAC)
- Exposure to AI/ML tools for enhancing IT operations