Senior Software Engineer (Azure Identity)
We are seeking a Senior Software Engineer (Azure Identity) to join our identity transformation team and lead the migration from legacy authentication systems to secure, modern Microsoft Entra ID–based Single Sign-On (SSO) solutions.
Responsibilities
- Migrate application authentication from legacy protocols such as LDAP and Integrated Windows Authentication to Entra ID SSO using SAML or OIDC
- Classify applications, estimate migration effort and determine the optimal SSO pattern for each application, including SAML, OIDC/OAuth2, legacy, on-premises and SaaS
- Support hybrid identity prerequisites including UPN strategy, identity matching and duplicate resolution, with an understanding of Entra Connect and Cloud Sync impact
- Configure and onboard enterprise applications in Entra ID, including SSO setup, claims mapping, group and role assignments and SCIM provisioning
- Conduct testing, validation and cutover activities for migrated applications
- Support hybrid identity configurations such as Entra Connect and Cloud Sync
- Manage App Registrations, service principals, API permissions and consent, as well as credential lifecycle including secret and certificate rotation and expiry monitoring
Requirements
- Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity or a related field
- At least 3 years of experience in Azure Identity and Access Management
- Proven experience migrating application authentication from AD and other legacy IdPs to Microsoft Entra ID using SAML and OIDC/OAuth2, including cutover and rollback
- Experience with Microsoft Entra PIM and Azure RBAC, including eligible roles, JIT access, approvals, access reviews and auditability
- Excellent stakeholder management, communication and documentation skills
- Ability to work independently and collaborate effectively with cross-functional teams
- Proficiency in English, written and spoken (B2+)
Nice to have
- Experience implementing and configuring Microsoft Entra PIM, including eligible roles, JIT activation, approvals and time-bound access
- Knowledge of PIM deployment planning such as pilot testing, role discovery and communication strategies
