Job Description

Cloud Identity Engineer - L3 (Expert Active Directory)

Please share your profiles to [email protected] with Subject line: Cloud Identity Engineer - L3

Role Overview

We are looking for an expert Active Directory & Cloud Identity Engineer to lead the design, hardening, and transformation of enterprise identity platforms across Active Directory and Microsoft Entra ID.

This role requires deep technical expertise and architectural ownership, with a strong focus on Active Directory Tiering, privileged access controls, and identity security. You will play a key role in reducing risk, strengthening identity governance, and driving secure-by-design identity architecture in a complex enterprise environment.

Active Directory Tiering (Tier 0 / Tier 1 / Tier 2) is mandatory and non-negotiable!

Key Responsibilities

Own and drive Active Directory and Microsoft Entra ID architecture and engineering
Design and enforce AD Tiering model (Tier 0/1/2) and privileged access segregation
Implement and manage Privileged Identity Management (PIM), RBAC, and admin isolation
Design and enforce Conditional Access, MFA, and Zero Trust identity controls
Build and optimize hybrid identity architecture (AD + Entra ID / Azure AD Connect)
Drive directory hardening, identity lifecycle governance, and access control improvements
Lead access reviews, entitlement governance, and audit readiness
Provide advanced troubleshooting for complex identity, authentication, and synchronization issues
Define and maintain standards, policies, and secure operational procedures
Act as L3 / SME escalation points for identity-related incidents and risks
Collaborate with security, cloud, infrastructure, and risk teams in a regulated environment

Required Qualifications (Must Have)

Extensive experience in Active Directory engineering within enterprise environments
Proven, hands-on expertise in:
Active Directory Tiering model (Tier 0 / Tier 1 / Tier 2) – mandatory
Microsoft Entra ID (Azure AD)
Conditional Access (design & enforcement)
Privileged Identity Management (PIM)
Group Policy (GPO)
Hybrid identity (AD Connect / Entra ID sync)
Strong experience with:
Access governance and access reviews
Identity security and privileged access controls
Advanced troubleshooting (AD, authentication, identity sync)
Proven ability to operate as a expert engineer / SME / technical lead

Mandatory Microsoft Certifications

Microsoft Certified: Identity and Access Administrator Associate (SC-300)
Microsoft Certified: Windows Server Hybrid Administrator Associate (AZ-800 & AZ-801)

Preferred / Nice to Have

Experience with PKI / Certificate Services
Knowledge of Identity Protection and Zero Trust models
Exposure to ISO 27001 / audit / compliance frameworks
Microsoft Certified: Cybersecurity Architect Expert (SC-100)

Key Competencies

Strong security-first mindset
Deep understanding of privileged access risks and AD Tiering enforcement
Ability to drive and influence identity architecture decisions
Strong ownership and accountability in critical environments
Excellent problem-solving and advanced troubleshooting skills
Ability to collaborate across security, cloud, and infrastructure teams

Ideal Candidate

A senior identity expert who owns Active Directory Tiering end-to-end, has strong command of Microsoft Entra ID, Conditional Access, and PIM, and can drive identity security maturity across hybrid environments.