Senior Software Engineer (Azure Identity)

EPAM·Romania·Удалённо, Офис·3 мес. назад

We are seeking a Senior Software Engineer (Azure Identity) to join our identity transformation team and lead the migration from legacy authentication systems to secure, modern Microsoft Entra ID–based Single Sign-On (SSO) solutions.

Responsibilities

Migrate application authentication from legacy protocols such as LDAP and Integrated Windows Authentication to Entra ID SSO using SAML or OIDC
Classify applications, estimate migration effort and determine the optimal SSO pattern for each application, including SAML, OIDC/OAuth2, legacy, on-premises and SaaS
Support hybrid identity prerequisites including UPN strategy, identity matching and duplicate resolution, with an understanding of Entra Connect and Cloud Sync impact
Configure and onboard enterprise applications in Entra ID, including SSO setup, claims mapping, group and role assignments and SCIM provisioning
Conduct testing, validation and cutover activities for migrated applications
Support hybrid identity configurations such as Entra Connect and Cloud Sync
Manage App Registrations, service principals, API permissions and consent, as well as credential lifecycle including secret and certificate rotation and expiry monitoring

Requirements

Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity or a related field
At least 3 years of experience in Azure Identity and Access Management
Proven experience migrating application authentication from AD and other legacy IdPs to Microsoft Entra ID using SAML and OIDC/OAuth2, including cutover and rollback
Experience with Microsoft Entra PIM and Azure RBAC, including eligible roles, JIT access, approvals, access reviews and auditability
Excellent stakeholder management, communication and documentation skills
Ability to work independently and collaborate effectively with cross-functional teams
Proficiency in English, written and spoken (B2+)

Nice to have

Experience implementing and configuring Microsoft Entra PIM, including eligible roles, JIT activation, approvals and time-bound access
Knowledge of PIM deployment planning such as pilot testing, role discovery and communication strategies