Job DescriptionThis role is primarily focused on driving the Microsoft Entra ID device migration and providing Entra ID engineering support across the organization. The Staff Security Operations Engineer serves as a key technical driver for migrating devices into Entra ID and as a hands-on engineering resource for the Entra ID (Azure AD) platform. Supporting identity and access management technologies - multi-factor authentication (Duo MFA and Windows Hello for Business), mobile device management, and Active Directory - make up the secondary scope of the role.
Essential Duties and Responsibilities: - Entra ID Device Migration (Primary Focus):
- Drive and lead the migration of devices into Microsoft Entra ID, including Entra ID join and hybrid Entra ID join scenarios.
- Plan, schedule, and execute device migration waves from on-premises Active Directory / hybrid configurations to Entra ID, with minimal disruption to end users.
- Develop migration runbooks, rollback plans, validation checklists, and success criteria for each migration phase.
- Coordinate with endpoint, IT, and security teams to align device readiness, Conditional Access, and compliance requirements ahead of migration.
- Troubleshoot device join, registration, enrollment, and Conditional Access issues encountered during migration.
- Track migration progress, report on adoption metrics, and continuously refine the migration approach.
- Entra ID Engineering Support (Primary Focus):
- Provide engineering-level administration and operational support for the Microsoft Entra ID (Azure AD) platform.
- Configure and manage Conditional Access policies, Identity Protection, single sign-on (SSO), app registrations, and enterprise applications.
- Support hybrid identity using Microsoft Entra Connect (Azure AD Connect), ensuring reliable synchronization between on-premises AD and Entra ID.
- Act as the technical escalation point for Entra ID incidents, identifying root causes and implementing durable solutions.
- Automate Entra ID administration, reporting, and provisioning tasks using PowerShell and Microsoft Graph.
- Maintain documentation, runbooks, and operational procedures for the Entra ID environment.
- Multi-Factor Authentication (MFA) Management (Secondary Focus):
- Administer and manage the organization's MFA platforms, including Duo MFA and Windows Hello for Business.
- Implement and enforce MFA policies across the organization, ensuring integration with various applications and systems.
- Monitor MFA performance, troubleshoot issues, and handle escalations related to authentication failures or policy violations.
- Mobile Device Management (MDM) (Secondary Focus):
- Support the administration of the Intune platform security, Conditional Access and Compliance, and RBAC/PIM/MAA Governance.
- Work with IT teams to ensure all mobile devices comply with organizational security policies and access controls.
- Active Directory (AD) (Secondary Focus):
- Provide support for Active Directory, managing user accounts, group policies, and organizational units.
- Support hybrid identity integration between on-premises AD and Entra ID using Microsoft Entra Connect.
- Troubleshoot and resolve issues related to AD/Entra ID authentication and access provisioning.
- IAM Process Optimization:
- Continuously evaluate and improve IAM processes related to Entra ID, device migration, MFA, and AD to enhance security and user experience.
- Automate routine identity management tasks and workflows to increase efficiency and reduce manual errors.
- Incident Response and Troubleshooting:
- Act as the technical escalation point for identity-related incidents involving Entra ID, device migration, Duo MFA, Windows Hello for Business, and other IAM systems.
- Investigate, troubleshoot, and resolve IAM issues, working closely with other teams to identify root causes and implement solutions.
- Compliance and Reporting:
- Ensure IAM solutions meet compliance requirements such as SOX, etc.
- Generate reports for auditing purposes and provide insights into the security posture of identity systems.
- Collaboration and Documentation:
- Collaborate with security, IT, and compliance teams to define and implement identity governance frameworks.
- Develop and maintain comprehensive documentation for all IAM solutions, policies, and procedures.
- Training and Knowledge Sharing:
- Provide training to end-users and technical staff on IAM best practices, focusing on Entra ID, MFA, and other key services.
- Stay up-to-date with industry trends and emerging technologies to continuously enhance the organization's IAM capabilities.
Professional Attributes
- Leadership: Demonstrated ability to assist in leading cross-functional teams and manage technical resources, driving projects and solutions to successful completion.
- Problem-Solving: Strong analytical and troubleshooting skills with a proactive approach to identifying and resolving issues within complex identity and directory environments.
- Analytical Skills: Ability to analyze complex IAM issues and apply logical troubleshooting techniques to resolve identity-related problems.
- Attention to Detail: High accuracy and attention to detail in managing identity policies, systems configurations, and security protocols.
- Communication: Strong communication skills to collaborate with technical and non-technical stakeholders across the organization.
- Team Player: Ability to work effectively as part of a cross-functional team, with a focus on supporting the broader IAM strategy.
- Customer Focused: Demonstrated ability to deliver excellent service to internal and external stakeholders, focusing on user experience without compromising security.
- Adaptability: Ability to quickly learn and adapt to new tools, technologies, and security practices in a dynamic IT environment.
QualificationsRequired:- Education:
- BA or BS in Information Technology, Computer Science, Information Security, or a related field. Equivalent hands-on experience in IAM may be considered in lieu of a degree.
- Relevant certifications such as Microsoft Certified: Identity and Access Administrator, Microsoft Certified: Endpoint Administrator, Certified Information Systems Security Professional (CISSP), or DUO Security Administrator are desirable.
- Experience:
- 6+ years of experience in IT or Information Security, with a focus on identity and access management.
- 3+ years of direct, hands-on experience with Microsoft Entra ID (Azure AD), including device migration and engineering support.
- Experience working with Duo MFA, Windows Hello for Business, Microsoft Intune, and Active Directory.
- Microsoft Entra ID (Azure AD) (Primary):
- Hands-on experience driving device migrations into Entra ID, including Entra ID join and hybrid Entra ID join.
- Engineering-level experience administering Entra ID, including Conditional Access, Identity Protection, SSO, app registrations, and enterprise applications.
- Experience with Microsoft Entra Connect (Azure AD Connect) for hybrid identity synchronization between on-prem AD and Entra ID.
- Ability to configure, enforce, and troubleshoot Entra ID policies across diverse applications, devices, and systems.
- Multi-Factor Authentication (MFA):
- Experience administering and managing Duo MFA and Windows Hello for Business, or similar authentication platforms.
- Ability to configure, enforce, and troubleshoot MFA policies across diverse applications and systems.
- Mobile Device Management (MDM):
- Knowledge of MS Intune platforms and their integration with IAM systems for device security and policy enforcement.
- Experience managing devices in an enterprise setting, focusing on compliance and access control.
- Active Directory (AD):
- Experience managing user accounts, group policies, and organizational units in Active Directory.
- Familiarity with hybrid identity environments and synchronization between on-prem AD and Entra ID.
- PowerShell & Microsoft Graph:
- PowerShell and Microsoft Graph scripting skills to automate identity and device tasks such as provisioning, migration, reporting, and troubleshooting.
- SIEM and Auditing Tools:
- Familiarity with security information and event management (SIEM) tools for monitoring identity-related logs and events.
- Experience generating audit reports for compliance purposes.
Programming and Tools
- Scripting and Programming Languages:
- PowerShell & Microsoft Graph: Proficiency in using PowerShell and Microsoft Graph to automate identity and device tasks, generate reports, and troubleshoot issues.
- Python (optional): Familiarity with Python for advanced IAM automation and integration tasks.
- IAM and Directory Tools:
- Microsoft Entra ID (Azure AD): Expertise in administering Entra ID for device migration, Conditional Access, SSO, and identity engineering.
- Microsoft Entra Connect (Azure AD Connect): Experience with synchronization between on-prem AD and Entra ID for seamless hybrid identity management.
- Duo MFA & Windows Hello for Business: Experience configuring and maintaining Duo MFA and Windows Hello for Business for secure multi-factor authentication.
- MDM Platforms:
- Experience with leading MDM tools such as Microsoft Intune, or equivalent, for device management and security.
- Monitoring and Logging:
- Familiarity with SIEM platforms (e.g., Devo) for monitoring and auditing identity events and security logs.
Logistics:- Primary work in the Irvine, California office and/or a home office environment (hybrid).
- Willing to be on call as needed to support critical identity and device operations.
- Willing to perform work functions across time zones to support global coverage needs.
Based on our experience, we anticipate that the application deadline will be
10/07/2026 (3 months from posting), although we reserve the right to close the application process sooner if we hire an applicant for this position before the application deadline. If we are not able to hire someone from this role before the ap