Entra ID Engineer – Identity & Access Management

afarax is looking for a freelance Entra ID Engineer – Identity & Access Management. We need you!

The project:

Our client in the Transportation, Logistics, Supply Chain and Storage sector, is seeking an experienced Entra ID Engineer – Identity & Access Management to strengthen their team.

Key responsibilities:

Identity & Access Engineering

• Design, implement, and optimize Entra ID (Azure AD) for authentication, federation, and access management.
• Configure and enforce MFA and SSO policies across enterprise applications and platforms.
• Implement Privileged Access Management (PAM) controls, including Just-in-Time (JIT) and Just-Enough-Access (JEA).
• Build and maintain role-based access control (RBAC) models and conditional access rules.

Automation & Security-as-Code

• Automate IAM provisioning and governance processes using PowerShell, Terraform, or Azure Automation.
• Develop scripts and workflows for account lifecycle management, entitlement reviews, and access certifications.
• Integrate IAM services with CI/CD pipelines to enforce secure authentication patterns by default.

Governance, Compliance & Risk

• Ensure IAM services comply with ISO 27001, NIS2, PCI DSS, and DORA regulatory frameworks.
• Support identity-related audits, access recertifications, and risk assessments.
• Monitor and analyze authentication telemetry to identify anomalies and strengthen detection.

Advisory & Incident Support

• Act as a subject-matter expert for identity-related incidents, supporting SOC in detection and response.
• Advise application and infrastructure teams on secure integration with Entra ID, SAML, OIDC, and OAuth2.
• Coach business and IT teams on IAM best practices and identity-first security.

Is this you?

• 8+ years in IT/security, with at least 5+ years in IAM engineering.
• Deep expertise in Microsoft Entra ID, MFA, SSO, Conditional Access, and PAM solutions.
• Hands-on experience with RBAC, SAML, OAuth2, OpenID Connect, and directory synchronization (AD Connect).
• Strong scripting/automation skills (PowerShell, Terraform, JSON).
• Experience delivering IAM solutions at scale in regulated industries (finance, logistics, public sector).

Certifications:

Required (at least 1):

• Microsoft Certified: Identity and Access Administrator Associate (SC-300)
• Microsoft Certified: Azure Security Engineer Associate (AZ-500)

Preferred:

• CISSP, CISM, TOGAF, or vendor-specific PAM certifications (CyberArk, BeyondTrust, Thycotic).

How afarax supports you?

• You benefit from our extensive network
• You will have access to projects that fit your expertise
• We help and support you throughout your project
• We offer the possibility to build a valuable and lasting partnership

Check out more projects on: