Role Description As part of our dynamic team, you will play a crucial role in driving innovation by creating solutions that improve the day-to-day work experience of our 500+ Engineers, enabling them to deliver software faster, with greater quality and security. Your mission will be to make it simple and efficient for Engineering teams to follow best practices through the tools, processes, and automation you develop. Qualifications - Strong fundamentals in core areas such as Software Architecture, AWS, Kubernetes APIs, CI/CD, Networking, and Developer Experience. - Experience developing production software such as web applications, libraries, or CLIs. - Experience operating cloud infrastructure. - English proficiency. Requirements - Previous experience in Platform teams. - Golang proficiency. - Experience designing and managing cloud infrastructure. - Experience developing Developer Experience tooling, Software Testing solutions, or similar. - Experience developing Kubernetes Operators. - Experience with Incident Management. - Knowledge and experience in AI concepts and implementation in Platform teams. - Knowledge and experience in Engineering Productivity metrics analysis frameworks. - Having participated in projects related to Knowledge Sharing for Engineering teams (creating courses, LMS platforms, or something related). Benefits - Competitive salary. - Profit sharing. - Variable compensation (Somente para vagas comerciais). - Meal allowance. - Health insurance. - Dental plan. - Life insurance. - Childcare subsidy and Atypical Parenthood subsidy. - Wellhub. - Home office allowance. - Employee assistance program (mental health, social, legal, and financial support). - Extended parental leave. - Day off on birthday, Mother’s Day, and Father’s Day. - Benefits Club (discounts on everyday services). - Discounts at educational institutions. - Reading kit for children – PlayKids.

• Lead the design, development, integration, deployment, and ongoing support of the organization's AI platform • Define and implement platform architecture, engineering standards, and development practices • Partner with product, data, infrastructure, security, and business teams • Oversee engineering teams in building reusable platform services, tools, and components • Drive modernization and integration efforts to connect existing systems with AI platform capabilities • Monitor platform performance, operational health, and user feedback

• Проєктувати та будувати ключові сервіси GaaS-платформи: сегментація гравців, офери системи, лідерборди, аналітичні пайплайни та інше. • Відповідати за технічну архітектуру від першого проєктного документа до деплою у продакшн. • Визначати та впроваджувати стандарти платформенної розробки: дизайн API, observability, CI/CD. • Взаємодіяти з іншими командами для формування вимог бекенд-сервісів, на яких вони зможуть будувати свої продукти. • Приймати інфраструктурні рішення: обчислення, зберігання, мережа, повідомлення та обирати правильний інструмент для кожного. • Бути голосом якості платформи: навантажувальне тестування, надійність, failure modes.

Role Description The Senior Modern Workplace Identity Platform Engineer is responsible for designing, owning, and continuously improving the organization’s Microsoft identity platform. This role focuses on: - Identity architecture - Microsoft Entra ID - Conditional Access - Identity governance - Privileged access - Application identity - Lifecycle automation - Graph-based automation - Secure integration patterns across the Modern Workplace ecosystem The senior engineer acts as a technical owner for identity platform standards, automation patterns, governance controls, and complex troubleshooting. Responsibilities Success in this role means: - Identity is automated, auditable, secure, and scalable. - Access governance is based on real access state, not assumptions. - Privileged access is controlled, reviewed, and minimized. - SSO and application identity patterns are standardized. - Identity lifecycle processes are repeatable across users, guests, admins, service accounts, and applications. - Manual identity operations are replaced with automation wherever possible. - Identity platform decisions improve security without creating unnecessary business friction. - Tenant to tenant migrations – seamless and repeatable templates for multi-tenant organization. Key Responsibilities: - Identity Architecture & Platform Ownership: - Design and own Microsoft Entra ID architecture, standards, and operating models. - Define identity platform patterns for users, groups, guests, administrators, service principals, managed identities, and workload identities. - Design scalable models for groups, administrative units, RBAC, ABAC, access packages, and role assignments. - Define standards for naming, ownership, lifecycle, access reviews, privileged access, and identity documentation. - Lead identity platform improvements across Microsoft 365, Azure, and integrated business applications. - Authentication, Conditional Access & Zero Trust: - Design and maintain Conditional Access strategy. - Define MFA, passwordless, session control, device-based access, location-based access, and risk-based access patterns. - Align identity controls with Zero Trust principles. - Review and improve authentication security posture. - Lead troubleshooting for complex authentication, authorization, token, claims, and access issues. - Partner with security teams on identity protection, risky users, risky sign-ins, and control improvements. - Tenant-to-tenant migration capability: - Design, standardize, and support repeatable migration patterns for multi-tenant organizations, including users, groups, mailboxes, Teams, SharePoint/OneDrive, enterprise applications, app registrations, Conditional Access, identity governance, and access models. - Build reusable templates, runbooks, automation scripts, validation checks, and cutover procedures to make tenant migrations predictable, secure, auditable, and scalable. - Application Identity & Integration: - Own standards for enterprise applications, app registrations, service principals, API permissions, certificates, secrets, and consent. - Design secure SSO patterns using SAML, OAuth 2.0, OIDC, and SCIM. - Define application onboarding requirements for identity, access, provisioning, ownership, and review. - Lead complex SSO and provisioning troubleshooting. - Review application identity designs and challenge insecure or non-scalable patterns. - Define secure patterns for workload identity, managed identity, and service-to-service authentication. - Identity Lifecycle Automation: - Design and improve joiner, mover, leaver, contractor, guest, admin, and service identity lifecycle processes. - Build and govern automation using Microsoft Graph, PowerShell, Azure Functions, Logic Apps, Azure Automation, and CI/CD pipelines. - Create reusable automation modules for provisioning, deprovisioning, access changes, reporting, cleanup, and validation. - Design event-driven workflows for identity lifecycle and access governance. - Reduce dependency on manual identity operations. - Ensure automation is documented, maintainable, monitored, and auditable. - Access Governance & Privileged Access: - Design and operate access governance using Microsoft Entra ID Governance. - Own access review, entitlement management, access package, lifecycle workflow, and approval models. - Define privileged access strategy using Microsoft Entra PIM. - Design admin account models, break-glass procedures, role activation policies, and privileged access reviews. - Build reporting for actual access state, privileged access drift, stale permissions, orphaned ownership, and risky assignments. - Partner with audit, compliance, and security teams to provide evidence and improve controls. - Reporting, Monitoring & Compliance: - Define meaningful identity platform reporting. - Build reports showing access state across users, groups, roles, applications, guests, and privileged assignments. - Use KQL, Log Analytics, Sentinel, Entra logs, and Microsoft Graph for visibility and investigation. - Monitor identity platform health, risk signals, failed provisioning, failed sign-ins, and policy impact. - Lead root cause analysis for major identity incidents. - Maintain audit-ready documentation, diagrams, runbooks, and control evidence. - Device Identity & Modern Workplace Integration: - Define identity requirements for Entra join, hybrid join, registered devices, and device-based Conditional Access. - Collaborate with endpoint management teams on compliance signals, device identity, and access control requirements. - Ensure device identity is correctly used as part of the broader identity security model. - Troubleshoot complex access issues involving user identity, device identity, compliance state, and Conditional Access. - Technical Leadership: - Mentor identity engineers and operations teams. - Review scripts, designs, policies, access models, and automation workflows. - Translate business, audit, and security requirements into scalable identity platform solutions. - Provide technical direction for identity-related projects, migrations, integrations, and platform improvements. - Challenge weak designs and promote secure, simple, repeatable patterns. - Act as escalation point for complex identity and access issues. Qualifications - Strong experience with Microsoft Entra ID architecture and operations for at least 5 years. - Strong understanding of identity and access management principles. - Strong experience with Conditional Access, MFA, passwordless authentication, identity protection, and Zero Trust controls. - Strong experience with enterprise applications, app registrations, service principals, API permissions, certificates, secrets, and consent. - Strong experience with SAML, OAuth 2.0, OIDC, SCIM, claims, tokens, and application SSO troubleshooting. - Strong PowerShell and Microsoft Graph API skills. - Experience designing identity lifecycle automation. - Experience with Microsoft Entra PIM, access reviews, entitlement management, and access governance. - Ability to troubleshoot complex identity issues using logs, traces, audit events, sign-in logs, provisioning logs, and KQL. - Ability to design scalable standards, not just resolve individual tickets. - Strong documentation, mentoring, and stakeholder management skills. Nice to Have - Experience with Microsoft Entra ID Governance and Lifecycle Workflows. - Experience with Azure Functions, Logic Apps, Event Grid, queues, or webhook-based automation. - Experience with Azure DevOps, GitHub Actions, or CI/CD-based automation. - Experience with Terraform or Infrastructure as Code. - Experience with Microsoft Sentinel and advanced KQL. - Experience with cross-tenant migrations, tenant consolidation, or M&A identity scenarios. - Experience with admin tiering, privileged access workstations, break-glass models, and delegated administration. - Experience with managed identities, workload identities, and Azure service authentication. - Familiarity with device identity, Entra join, hybrid join, and compliance-based Conditional Access. - Familiarity with Microsoft 365 security and compliance capabilities. Tools & Technologies - Microsoft Entra ID - Microsoft Entra ID Governance - Conditional Access - MFA / Passwordless Authentication - Identity Protection - PIM - Access Reviews - Entitlement Management - Lifecycle Workflows - Enterprise Applications - App Registrations - Service Principals - Managed Identities - Workload Identities - Microsoft Graph API - PowerShell - Azure Automation - Azure Functions - Logic Apps - Event Grid - Azure DevOps / GitHub - KQL / Log Analytics - Microsoft Sentinel - Microsoft 365