What success looks like in this role:
Highly skilled Security Architect with deep expertise in Microsoft Entra ID to lead the design, implementation, and governance of company Entra ID tenants. This role is pivotal in ensuring tenant baseline configurations, security, and operational practices align with Zero Trust principles, corporate security policies, and industry best practices. This is a hands-on role requiring both technical depth and delivery focus.
Key Responsibilities:
Entra ID Focus:
· Design architect and SME for corporate tenant directory baseline configurations and settings.
· Govern roles, permissions and consent management, enforcing least privilege through robust delegated and application permission models.
· Manage user and admin consent settings and develop automated workflows for reviewing and approving sensitive permission requests.
· Implement Tenant DR recoverability using best cost-effective means
· Implement application access reviews to validate permissions and ensure least privileged access.
· Design and drive optimal security and cost
· Securely manage application secrets and certificates, integrating with corporate PKI infrastructure and Azure Key Vaults.
· Design and enforce Conditional Access policies based on user, location, device, and risk signals in coordination with security team.
· Conduct threat modeling and risk assessments for authentication and authorization flows.
· Monitor application and service principal activity using Microsoft Sentinel, Azure Monitor, and Entra ID audit logs.
· Define and maintain the enterprise identity architecture leveraging Microsoft Entra ID.
· Lead the adoption of modern authentication (OAuth, OIDC, SAML, FIDO2, passwordless).
· Implement identity lifecycle automation using tools such as Entra ID Governance (IGA), Privileged Identity Management (PIM), and Access Reviews.
· Deploy and manage Entra Connect, Cloud Sync, federation, and SSO configurations.
· Integrate third-party SaaS and internal applications with Entra ID for SSO and provisioning (SCIM).
· Support the rollout of MFA, passwordless authentication, and secure sign-in enhancements.
Strategic Problem Solving:
· Lead structured problem-solving efforts for complex, high-impact information technology security and identity-related challenges.
· Develop and propose actionable, scalable solutions aligned with enterprise risk appetite and security strategy based on industry best practices.
· Drive end-to-end execution of solutions-ensuring delivery, stakeholder alignment, and measurable outcomes.
· Influence teams and leadership to adopt new approaches and remediate systemic issues.
· Collaborate with engineering, operations, and governance teams to ensure solutions are fully adopted and maintained.
· Track and report progress on key initiatives, highlighting risk reduction and business impact.
· Stay current on emerging threats, technologies, and regulatory requirements to inform strategic decisions.
You will be successful in this role if you have:
BA/BS degree and 8+ years’ relevant experience OR equivalent combination of education and experience
Master’s degree preferred
· 7 or more years of related experience (Preferred)
· Deep expertise in Microsoft Entra ID, Active Directory, and hybrid identity architectures.
· Experience implementing conditional access, MFA, identity protection, and PIM.
· Hands-on experience with Entra Connect, Cloud Sync, federation, SSO, and app integrations.
· 3+ years primary focus on Microsoft Azure/Entra ID (Mandatory).
· Proven experience securing application registrations, service principals, and enterprise applications in single/multi-tenant environments.
· Deep expertise in Microsoft Entra ID, including Conditional Access, Entra Directory Configuration, Roles and Permissions, Privileged Identity Management (PIM).
· Proven expertise in PowerShell, Graph API, Automation and ability to create and modify scripts for purposes of configuration settings and report access.
· Strong understanding of modern authentication protocols: SAML, OAuth 2.0, OpenID Connect, Kerberos and LDAP.
· Experience with Microsoft Graph API permissions (Application and Delegated) with deep understanding of how they apply and most secure methods for assignment.
Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, blood type, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status or any other category protected by law.
Local employment practices and rights may vary by jurisdiction and are subject to applicable local laws. This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers.
If you are a US job seeker unable to review the job opportunities herein, or cannot otherwise complete your expression of interest, without additional assistance and would like to discuss a request for reasonable accommodation, please contact our Global Recruiting organization at [email protected]. US job seekers can find more information about Unisys’ EEO commitment here.
