Identity & Access Management (IAM) Engineer
INFINITE COMPUTER SOLUTIONS PTE LTD
Experience: 4–6 Years
Position Summary
Responsible for end-to-end administration and operational support of Active Directory supporting services, Enterprise PKI (Certificate Services), and Microsoft Entra ID. Manages identity federation, authentication services, certificate lifecycle, user lifecycle, RBAC, SSO, MFA, and Conditional Access, ensuring secure, available, and well-documented identity infrastructure aligned to Microsoft best practices.
Required Skills
• Active Directory Federation Services (ADFS) — configuration, IdP request setup, claims & attribute customisation
• Azure AD B2C administration
• Microsoft Identity Manager (MIM)
• Azure AD Connect (AAD Connect) — sync health monitoring and troubleshooting
• Network Policy Server (NPS)
• LDAP, SAML, OAuth, OIDC-based authentication services
• Workspace ONE Access
• Microsoft Entra ID administration
• Relying party trust configuration and trust registry management between IdP and SP
• ADFS integration with second-factor authentication (e.g. Azure MFA)
• Active Directory Certificate Services (AD CS) / Enterprise PKI monitoring and operations
• Certificate lifecycle management (issuance, renewal, revocation)
• PKI capacity planning and performance tuning
• User lifecycle management (provisioning, modification, de-provisioning)
• Role-Based Access Control (RBAC) implementation and periodic access reviews
• Single Sign-On (SSO) implementation and management
• Multi-Factor Authentication (MFA) setup and IdP integration assurance
• Conditional Access (CA) policy configuration based on location, device, and risk
• Application registration and API permission management in Microsoft Entra
• Third-party application onboarding for SSO (user/group provisioning)
• Identity security monitoring, alerting, and incident response
JD (Scope of Work)
1. Administer and maintain ADFS, Azure AD B2C, MIM, AAD Connect, and NPS environments
2. Manage LDAP, SAML, OAuth, and OIDC-based authentication services, including Workspace ONE Access and Microsoft Entra ID
3. Configure and maintain relying party trusts between Identity Providers (IdP) and Service Providers (SP); maintain a trust registry
4. Support ADFS configuration including IdP request setup, claims, and attribute customisation
5. Integrate ADFS with second-factor authentication services (e.g. Azure MFA)
6. Perform regular health checks of AD-related services in line with Microsoft best practices
7. Maintain IT Service Continuity documentation for Active Directory, including configurations, policies, and procedures
8. Monitor and maintain audit logs for AD-related services
9. Monitor AD CS and the broader Enterprise PKI environment
10. Manage incident, problem, change, and vulnerability lifecycle activities within the PKI environment
11. Conduct capacity planning and performance tuning for PKI components
12. Perform daily health checks, including post-incident and post-change integrity verification
13. Produce regular reports on patches applied, system performance, and capacity status
14. Manage user lifecycle activities — provisioning, modification, and de-provisioning of accounts
15. Implement, maintain, and periodically review RBAC aligned to client policies
16. Implement and manage SSO across applications
17. Configure and manage MFA services, ensuring IdP integration assurance
18. Enforce Conditional Access policies based on location, device status, and risk level
19. Manage IdP requests to enable seamless and secure authentication
20. Onboard third-party applications for SSO, including user and group provisioning
21. Manage application registrations within Microsoft Entra, including API permission configuration
22. Monitor identity security alerts, respond to incidents, and drive remediation
23. Maintain comprehensive documentation of Entra configurations, policies, and procedures
24. Produce regular service status reports covering security incidents, access reviews, and optimisation recommendations
Key Responsibilities
• Own day-to-day operations of AD supporting services (ADFS, AAD Connect, MIM, NPS, B2C) ensuring availability and integrity of federated authentication
• Maintain and govern the relying party trust registry between IdPs and SPs
• Operate and maintain the Enterprise PKI environment, ensuring certificate availability and compliance through proactive lifecycle management
• Administer Microsoft Entra ID services including identity lifecycle, RBAC, SSO, MFA, and Conditional Access enforcement
• Onboard and manage third-party application integrations for SSO and identity federation
• Monitor identity security posture, respond to alerts/incidents, and implement remediation actions
• Conduct scheduled health checks across AD, PKI, and Entra environments per Microsoft best practices
• Maintain accurate, up-to-date documentation for continuity, audit, and compliance purposes
• Deliver regular operational, security, and capacity reporting to stakeholders
• Escalate complex architecture or governance issues to L3 IAM Engineer