Entra ID Engineer
Company: S3
Location: Detroit
Posted on: April 2, 2026
|
|
|
Job Description:
Job Description Entra ID Engineer Location: Detroit, MI (Hybrid)
Duration: 12 Month Contract Role Overview: The Entra ID Engineer
will design, implement, and manage a secure, scalable identity
infrastructure using Microsoft Entra ID (formerly Azure AD). This
position ensures seamless authentication, identity governance, and
compliance in hybrid and cloud-native environments. Key
Responsibilities: Identity Infrastructure Configuration &
Maintenance: Maintain multiple Entra ID tenants, managing user,
group, and application configurations. Authentication & Access
Control: Implement SSO, MFA, Conditional Access policies, and
Privileged Identity Management (PIM). Application Integration:
Integrate SaaS and on-prem systems via SAML, OIDC, OAuth2, manage
service principals, connector setups and Application proxy
configuration. Role-Based Access Control (RBAC): Design and enforce
Azure RBAC for least-privilege access across subscriptions,
resource groups, and services. Key Vault Access Policies: Configure
and manage Azure Key Vault access policies and RBAC assignments to
secure secrets, certificates, and keys. Automation & Scripting:
Automate identity tasks using Microsoft Graph API, PowerShell,
Azure Policy, or ARM templates. Monitoring & Auditing: Track
sign-in activity, audit logs, resolve identity-related incidents,
and maintain compliance. Hybrid Identity Support: Implement and
manage Azure AD Connect and hybrid identity solutions. Directory &
Disaster Recovery: Support Active Directory, tier?0 security
hardening, and disaster recovery planning. Key Accountabilities:
Technical Leadership & Training: Provide technical guidance,
documentation, and train junior staff or operational teams. Project
Collaboration: Participate in IAM architecture design,
proof-of-concepts, and roadmap planning, aligning with zero-trust
initiatives. May lead projects and/or project teams (including
assigning work, reviewing progress and evaluating results), mentor,
provide guidance and technical direction to less experienced
engineering and technical staff, including the provision of input
in performance evaluations, but is not responsible for supervising
anyone. Plans, schedules, and manages all operational day-to-day
engineering support work activities; manages trouble ticket/problem
resolution and issue escalation. Leads projects to ensure on-time
and in-budget implementation. Makes recommendations in area of
security administration/authentication; participates in evaluating
enabling technologies; designs and manages security architectures;
leads research of advanced technologies. Consults on planning and
issues in security administration/authentication design and
direction; provides configurations for security
administration/authentication; consults with application teams;
consults on security architecture design and direction. Actively
seeks continuous improvement opportunities and leads continuous
improvement initiatives. Consults on operational and planning
issues related to security administration / authentication
technologies; works closely with outside vendors. Keeps abreast of
technology trends and the stated direction of the enterprise. Works
as a proactive team player in dynamic environments. Leads and
facilitates meetings and group discussions; develops and conducts
formal and informal presentations and technical training classes.
Creates and maintains project work plans and budgets. Provides
direction and leadership on all aspects of security engineering and
internal IT processes. Required Skills & Experience: 3–8 years of
experience managing Microsoft Entra ID / Azure AD in enterprise
environments. Deep understanding of SSO, MFA, Conditional Access,
PIM, RBAC, and zero-trust principles. Experience integrating SAML,
OIDC, OAuth2, and configuring service principals. Strong scripting
abilities using PowerShell, Graph API, Azure Policy, ARM, or
Terraform. Familiarity integrating and managing hybrid identity
(Azure AD Connect). Competent in directory services security,
Tier?0 boundaries, and DR strategies. Excellent troubleshooting,
documentation, and stakeholder communication abilities. Preferred
Qualifications: Certifications: Microsoft Certified – Identity and
Access Administrator Associate (SC-300), or equivalent. Hands-on
with M365 security tools (Defender for Identity, Purview), and
compliance frameworks (SOX, NIST, CMMC). Knowledge of Azure B2C
custom policies, PKI integration, and JIT/Key Vault configurations.
Experience with policy enforcement using Azure Policy, ARM, or
Terraform pipelines. Education & Personal Traits: Bachelor’s degree
in Computer Science, IT, or related field or equivalent experience.
Self-motivated, able to work under deadlines, and adapt to evolving
environments. Bonus Skills: Exposure to machine learning or
AI-driven identity tool enhancements. Experience using ServiceNow
for ticketing and incident workflows. Familiarity with Windows
Hello for Business and certificate-based auth systems. Experienced
with Amazon Web Services (AWS) and Google Cloud IAM
Keywords: S3, Dearborn , Entra ID Engineer, IT / Software / Systems , Detroit, Michigan
