Role Description We are seeking a highly skilled Entra ID Architect specializing in Microsoft Entra ID (formerly Azure Active Directory) to design, implement, and manage our cloud-based and hybrid identity infrastructures. In this role, you will serve as the subject matter expert for our identity ecosystem, ensuring seamless user access while maintaining a robust security posture. You will be responsible for defining access management strategies, enforcing governance policies, and securing our enterprise resources across hybrid environments. Location: USA, Remote Employment Type: Contract Key Responsibilities - Identity Infrastructure & Hybrid Management - Design, deploy, and maintain Microsoft Entra ID and hybrid identity architectures, including Entra Connect / Cloud Sync environments. - Manage corporate directory integration between on-premises Active Directory (AD) and Entra ID. - Oversee Enterprise Applications, App Registrations, and Service Principals, ensuring secure API permissions and consent frameworks. - Troubleshoot complex authentication, synchronization, and replication issues across hybrid infrastructure. - Access Management & Security Policies - Design and enforce zero-trust security architectures using Entra Conditional Access Policies, risk-based policies, and Continuous Access Evaluation (CAE). - Deploy and manage Multi-Factor Authentication (MFA), Passwordless authentication, and Windows Hello for Business. - Configure and maintain Privileged Identity Management (PIM) to enforce just-in-time (JIT) and just-enough-access (JEA) for administrative roles. - Implement Entra ID Governance, including Access Reviews, Entitlement Management (Access Packages), and Lifecycle Workflows to automate user onboarding/offboarding. - Automation, Monitoring & Compliance - Automate routine identity management tasks using PowerShell, Microsoft Graph API, and Azure Automation runbooks. - Monitor identity security logs using Entra ID Protection, Log Analytics, and integrate logs with enterprise SIEM platforms (e.g., Microsoft Sentinel). - Conduct regular access audits to ensure compliance with corporate policies, regulatory standards (e.g., SOC2, ISO 27001), and identity best practices. Qualifications - Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (or equivalent professional experience). - 5+ years of dedicated experience in Identity and Access Management (IAM), with at least 3 years focusing heavily on Microsoft Entra ID / Azure AD. - Deep understanding of modern authentication protocols (SAML 2.0, OIDC, OAuth 2.0, WS-Fed, FIDO2). - Hands-on experience configuring Entra ID Governance tools (PIM, Access Reviews). - Strong proficiency in scripting and automation using PowerShell and interfacing with the Microsoft Graph API. - Solid understanding of network security concepts relating to identity (e.g., Managed Identities, Application Proxy, Private Access). Preferred Certifications & Skills - Microsoft Certified: Identity and Access Administrator Associate (SC-300) - Microsoft Certified: Cybersecurity Architect Expert (SC-100) or Azure Solutions Architect Expert (AZ-305) - CISSP, CISA, or CCSP designations are highly valued. - Familiarity with integrating Entra ID with governance platforms (such as SailPoint Identity Security Cloud or IdentityIQ) for advanced identity lifecycle workflows is a strong plus. - Strong analytical mindset, excellent documentation skills, and the ability to collaborate effectively with security compliance officers and infrastructure teams. Benefits - Valuing learning, growth, and work-life balance. - Extensive opportunities to advance your career through leading digital identity projects across North America. - A culture built on respect, inclusion, and equal opportunity for everyone. Accessibility & Accommodations If you require accommodation due to a disability at any time during the recruitment and/or assessment process, please contact Talent Acquisition, and we will make all reasonable efforts to accommodate your request. Fraud Prevention & Identity Verification We may use information provided during the application process to help prevent fraud and verify identity. These checks may be conducted automatically through trusted third-party service providers as part of our standard application screening process. BrightHire technology is used during the preliminary interview stage for recording, transcription, and candidate evaluation as part of our hiring process. Apply now to join the KeyData Cyber team and be part of our mission to secure the future of digital identity across North America.