Entra ID Security Engineer Systems Engineer 3

Entra ID Security Engineer (Systems Engineer 3)

Print (/ governmentjobs. com/careers/metrocouncil/jobs/newprint/4693137)

Apply




Salary

$89,003. 20 - $144,372. 80 Annually

Location

390 Robert St. N St. Paul, MN

Job Type

Full-Time

Job Number

2024-00377

Division

Regional Administration

Department

IS-Admin

Opening Date

10/29/2024

Closing Date

11/12/2024 11:59 PM Central

Description

Benefits

Questions

WHO WE ARE

This position is eligible for a hybrid (both remote and onsite) telework arrangement. Candidate's permanent residence must be in Minnesota or Wisconsin.

We are theMetropolitan Council, the regional government for the seven-county Twin Cities metropolitan area. We plan 30 years ahead for the future of the metropolitan area and provide regional transportation, wastewater, and housing services. More information about us on our website. (/metrocouncil. org/About-Us/The-Council-Who-We-Are. aspx)

We are committed to supporting a diverse workforce that reflects the communities we serve.

Information Servicesis the central IT department supporting all divisions of the Metropolitan Council. Our 140 team members provide technology, practices, and innovative solutions that enable the core services of the Council.

How your work would contribute to our organization and the Twin Cities region:

We are seeking a highly skilled Entra ID Security Engineer to join our team to design, implement, and manage secure identity services across our cloud infrastructure using Microsoft Entra ID (formerly Azure Active Directory). The ideal candidate will have in-depth experience with identity governance, zero-trust architecture, and hybrid identity environments.

As an Entra ID Security Engineer, you will focus on architecting and maintaining Microsoft Entra ID and Active Directory environments, ensuring robust security for cloud and on-premises resources. You will collaborate closely with the security and operations teams to ensure seamless and secure authentication and authorization processes, enforce identity security best practices, and respond to potential identity threats.

Full Salary Range: $42. 79 - $69. 41 hourly/$89,003 - $144,373 yearly

What you would do in this job

Architect and Implement Identity Solutions:

Design and implementMicrosoft Entra IDidentity services to secure access to cloud-based and on-premises applications

Configure and maintainAzure AD Conditional Access Policiesto enforce risk-based sign-in controls, such as multi-factor authentication (MFA), device compliance policies, and geolocation-based restrictions

Architect and maintainIdentity GovernanceusingAccess Reviews,Entitlement Management, andLifecycle Workflowsfor efficient user lifecycle management

Identity Security Best Practices:

ImplementIdentity Protectionpolicies to detect and respond to risks such as leaked credentials, risky sign-ins, and compromised user accounts

DevelopZero Trustidentity architectures, ensuring strong authentication mechanisms and least privilege access controls

Regularly update and auditAccess Control Lists (ACLs)andRole-Based Access Control (RBAC)policies to minimize access vulnerabilities

UtilizeConditional Access Report-Only Modeto simulate policies and fine-tune their impact before enforcing

Hybrid Identity Environment Management:

Oversee and maintainAzure AD Connectto ensure proper synchronization between on-premises Active Directory (AD) and Microsoft Entra ID

Configure and secureSingle Sign-On (SSO)for bothSaaSapplications and on-premises resources, leveraging protocols such asSAML, OAuth2, OpenID Connect, andWS-Federation

Troubleshoot and manage issues related to hybrid identity environments, including synchronization conflicts, password hash synchronization, and pass-through authentication

Monitor and manageAzure AD Domain Services (AAD DS)for secure legacy app integration

Automation and Infrastructure as Code (IaC):

Automate routine identity tasks, such as user provisioning and group management, usingPowerShellandMicrosoft Graph API

Develop and manageAzure ARM templatesorTerraformscripts for automating the deployment of identity-related infrastructure components

Integrate identity services intoCI/CD pipelinesusingAzure DevOpsto ensure secure and automated provisioning of roles, policies, and access controls

Identity Monitoring and Incident Response:

UtilizeMicrosoft Entra Identity Protectionto detect and respond to identity-based threats, such as sign-ins from unfamiliar locations, impossible travel scenarios, and suspicious user behavior

Set up alerts and monitoring usingMicrosoft Sentinelto track security incidents involving identity resources

Perform regular security assessments using tools likeAzure Security Centerto evaluate identity configuration, detect vulnerabilities, and apply remediation steps

Coordinate and respond to identity-related incidents, such as account compromises or privilege escalation attempts, following defined incident response protocols

Data Security and Compliance:

Securely store and manage encryption keys, certificates, and secrets usingAzure Key Vaultintegrated with Entra ID for role-based access

Implement and enforceData Loss Prevention (DLP)policies within Entra ID to ensure that sensitive data remains protected within the identity system

Ensure compliance with frameworks such asGDPR,HIPAA, andPCI-DSS, regularly auditing identity logs and access records usingAzure AD Sign-in LogsandAudit Logs

What education and experience are required for this job (minimum qualifications)

Any of the following combinations of education (in Computer Science, Systems Security, or similar) and relevant experience:

Bachelor's degree and 5 years of experience

Associate's degree and 7 years of experience

High school diploma or GED and 9 years of experience

Knowledge, Skills, and Abilities:

Experience in configuring and managingMicrosoft Entra ID (Azure AD)environments

Experience withConditional Access,Multi-Factor Authentication (MFA), andPrivileged Identity Management (PIM)

Experience with hybrid identity models, including managingAzure AD Connectandon-premises ADintegration

Proficiency in scripting withPowerShelland managing API-based automation throughMicrosoft Graph API

Experience with cloud identity management tools, includingAzure Identity Protection,Microsoft Defender for Identity, andMicrosoft Sentinel

Understanding ofOAuth2,OpenID Connect, andSAMLprotocols for SSO and federated identity

Ab ility to attain Microsoft AZ-900 fundamentals certification and progress to additional advanced certifications

Ab ility to complete Azure DevOps services CI/CD implementation for custom applications

Abili ty to define a plan to implement security and quality tooling into CI/CD pipelines

Skilled in collaboration, facilitation, and mentor.