Salary : $77,507.00 - $120,133.00 Annually
Location : 101 City Hall Plaza, Durham, NC
Job Type: Full time with benefits
Remote Employment: Flexible/Hybrid
Job Number: 26-06011
Department: Technology Solutions
Opening Date: 07/10/2026
Position DescriptionThe Microsoft Identity Administrator is responsible for overseeing and maintaining the City of Durham's enterprise identity and access management infrastructure. This position serves as the primary administrator of Microsoft Entra ID (formerly Azure Active Directory) and on-premises Active Directory, ensuring secure, reliable, and compliant access across all City systems and applications. The role encompasses user lifecycle management, access control, identity security monitoring, hybrid identity synchronization, and authentication policy administration. The Microsoft Identity Administrator also functions as the lead for identity governance, privileged access management, and automation of identity workflows, supporting a Zero Trust security posture across the enterprise. The ideal candidate brings deep technical expertise in Microsoft identity platforms, strong analytical judgment, and the ability to collaborate effectively across IT, cybersecurity, and business operations teams.
Duties/ResponsibilitiesUser and Group Management- Create, modify, and deprovision user, service, and group accounts in Microsoft Entra ID and on-premises Active Directory.
- Maintain group memberships, role assignments, and naming conventions in alignment with organizational standards.
- Coordinate with Human Resources to ensure identity provisioning aligns with HR data feeds and automated onboarding and offboarding workflows.
Access Control and Permissions- Administer Conditional Access policies and Role-Based Access Control (RBAC) across enterprise applications and platforms.
- Evaluate and process access requests in accordance with least privilege and separation of duties principles.
- Review and enforce access governance policies to ensure compliance with City security standards.
Identity Security and Compliance Monitoring- Monitor sign-in activity, Multi-Factor Authentication (MFA) enforcement, and Identity Protection alerts on a daily basis.
- Investigate risky users, blocked sign-ins, and compromised accounts; partner with the Security Operations team to contain and resolve identity-based threats.
- Produce audit reports for compliance, access reviews, and MFA adoption; provide evidence for internal and external audits.
Hybrid Identity Management- Manage Microsoft Entra Connect and Cloud Sync configurations to maintain healthy synchronization between on-premises Active Directory and Entra ID.
- Troubleshoot directory synchronization errors, password writeback issues, and hybrid join failures.
- Monitor Entra Connect Health dashboards and proactively address replication or connectivity issues.
Authentication and MFA Administration- Configure and maintain MFA, passwordless sign-in methods, and FIDO2 authentication keys for City staff.
- Support end users with MFA registration, authentication troubleshooting, and self-service password reset (SSPR).
- Manage authentication strengths and configure Windows Hello for Business, Microsoft Authenticator App, and certificate-based authentication.
Privileged Identity Management- Administer Privileged Identity Management (PIM) to enforce just-in-time (JIT) role activation for privileged accounts.
- Review and process privileged access requests, enforce approval workflows, and maintain audit logs of elevated access activity.
- Conduct periodic access reviews for privileged roles and group memberships to ensure continued appropriateness.
Policy and Configuration Management- Develop and enforce identity governance standards, lifecycle management policies, and automation scripts using PowerShell and Microsoft Graph API.
- Maintain comprehensive documentation of identity configurations, policies, and administrative procedures.
- Evaluate new Microsoft Entra features and recommend enhancements to improve security posture and operational efficiency.
Troubleshooting and Incident Resolution- Serve as Tier 2-3 escalation support for authentication, Conditional Access, Single Sign-On (SSO), and identity-related incidents.
- Collaborate with IT and cybersecurity teams to resolve incidents efficiently and document root cause and corrective actions.
- Provide technical guidance to End User Support engineers, systems administrators, and data center personnel on identity-related issues.
Oracle Identity and Device Management- Manage provisioning, modification, and deprovisioning workflows using Oracle Identity Manager (OIM) and Oracle Access Manager (OAM).
- Configure and maintain SSO and federation services across enterprise applications integrated with Oracle IAM.
- Enroll and manage City endpoints across Windows, macOS, iOS, and Android platforms using Microsoft Intune (Endpoint Manager).
- Configure device compliance policies, conditional access rules, application protection policies, and security baselines in Intune.
Minimum Qualifications & Experience - Bachelor's degree in Computer Science, Information Technology, Business, or a closely related field; relevant experience may substitute on a year-for-year basis.
- Minimum five (5) years of progressive experience managing enterprise identity and access management systems.
- Demonstrated hands-on experience with Microsoft Entra ID (Azure Active Directory), on-premises Active Directory, and Microsoft Entra Connect.
- Proficiency in PowerShell scripting and Microsoft Graph API for identity automation and administration.
- Experience working in compliance-driven environments, preferably within government or other regulated sectors.
- Strong knowledge of authentication protocols including SAML 2.0, OAuth 2.0, OpenID Connect, and WS-Federation.
- Microsoft Certified: Identity and Access Administrator Associate (SC-300) or equivalent certification required at time of hire or within 12 months of appointment.
- Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900) preferred.
Additional Preferred Skills - Experience with Oracle Identity Management (OIM/OAM), including SSO configuration and identity lifecycle automation.
- Microsoft Intune administration experience including device enrollment, compliance policy configuration, and application deployment.
- Oracle Certified Professional (OCP) designation or other industry-recognized identity and access management certifications.
- Familiarity with Microsoft Sentinel, Azure Monitor Workbooks, and SIEM integration for identity log analysis.
- Experience with Privileged Identity Management (PIM), entitlement management, and lifecycle workflows within Microsoft Entra ID Governance.
- Knowledge of Zero Trust security principles and their application in a hybrid cloud environment.
- Strong analytical, written communication, and documentation skills with the ability to translate technical concepts for non-technical audiences.
Benefits - General Full-Time Employees - 12-13 paid holidays per year
- 13 standard work days of vacation per year
- 13 standard work days of sick leave per year, which accumulates indefinitely; sick leave may be used toward early retirement
- 2 weeks paid military leave per year
- Medical, dental, vision, and supplemental life insurance plans
- State and City retirement plans
- Short and long term disability plans
- Paid temporary disability leave for specified conditions
- City contribution of 13.6% into the N.C. State Retirement System
- Paid funeral leave
- Employee Assistance Program - personal and family counseling
- Paid life insurance equal to annual salary
- 48 hours for volunteer work each year*
- 4 hours parental leave each year
- Workman's Compensation Insurance
- 457 Deferred Compensation Plans
Benefits - Part-Time (1,000 hours or more per year) - 401(k) retirement plan (5.0% of salary)
- State retirement plan
Benefits Part-Time (Average 30 hours per week over 12 month period) - 401(k) retirement plan (5.0% of salary)
- State retirement plan effective first day of the month following date of hire
- Health insurance effective first day of the month following date of hire
- Dental and life insurance, after one year of service
- Pro-rated vacation, pro-rated sick, pro-rated floating holiday, parttime holiday pay (based on scheduled hours for that day) after one year of service
01
Where did you first hear about this opportunity?
- City of Durham Website
- Walk in
- Job fair
- Employee referral
- Professional organization ***Please list the organization in "other" box below***
- Internet posting ***Please list the specific web site in the "other" box below***
- Craig's List
- Facebook
- LinkedIn
- GlassDoor
- governmentjobs.com
- Monster.com
- Indeed.com
- Employment Security Commission
- Magazine/Newspaper
- Other
02
If you listed "other" above please give specific web site, organization, or publication.
03
Please select your highest level of COMPLETED education.
- Less than a High School Diploma or Equivalent (GED, HiSET, TASC)
- High School Diploma or Equivalent (GED, HiSET, TASC)
- Associates Degree
- Bachelor's Degree
- Master's Degree
- Doctoral Degree (PhD, Juris Doctorate)
04
Please indicate the academic focus/concentration of your degree (bachelor's or advanced): If no degree, please put N/A
05
How many years of experience do you have managing enterprise identity and access management systems?
- No related experience
- Less than 1 year of related experience
- 1 year but less than 5 years of related experience
- 5 years but less than 9 years of related experience
- 9 or more years of related experience
- 13 or more years related experience
Required Question