Senior IT Engineer - Identity & Access Management
Kindred People AB / Datajobb / Stockholm
2025-04-07
Visa alla datajobb i Stockholm,
Solna,
Lidingö,
Sundbyberg,
Danderyd eller i
hela Sverige Visa alla jobb hos Kindred People AB i Stockholm As a Senior IT System Engineer - Identity Specialist, you will be responsible for the strategic ownership, design, and development of our corporate identity solutions using Microsoft Entra. This role requires a profound expertise in identity and access management (IAM) principles, and mandates a leadership role in shaping and securing our identity solutions in alignment with our company's Zero-Trust security framework.
Responsibilities:
Own a domain as the subject matter expert, staying up to date on new trends and capabilities within the supporting tools and incorporating relevant changes into our Corporate IT roadmap
Collaborate with other Corporate IT senior engineers, solution architects, domain experts and Helpdesk staff to test, deploy, communicate and support end user impacting changes into our Corporate IT
Coordinate medium to large scale corporate IT projects, defining business requirements, designing technical solutions and coordinating a squad of L2 Engineers for its implementation, testing, global deployment and maintenance
Work in autonomy to translate business requirements into technical solutions, leveraging our existing ecosystem and licenses everywhere possible
Designing, implementing and maintaining Corporate IT services in the following areas:
Identity & Access Management: Manage company identities within Microsoft Entra, encompassing employee identities and service accounts to ensure secure and efficient access control.
Conditional Access Policies: Develop and maintain Conditional Access Policies in accordance with Zero-Trust principles, such as enforcing phishing-resistant authentication mechanism, compliant device, blocking legacy protocols, etc.
B2B Security: Define and maintain secure B2B trust relationships with partners, ensuring robust security protocols are in place and adhered to.
Workload Identities: Develop and secure Workload identities, tailoring security measures to meet specific operational needs.
Modern Authentication Technologies: Maintain modern authentication technologies, such as Windows Hello for Business, Certificate-Based Authentication, and Passwordless phone sign-in.
SSO and automated provisioning for Corporate Apps: Integrate and maintain corporate applications in Entra Single Sign-On (SSO) systems, setting-up SCIM, ensuring seamless access across platforms according to policies
Ensure that you adhere to the Governance, Risk & Compliance (GRC) obligations for your role.
Desired
Extended knowledge in at least one of the following domains in order to support and backup other Senior IT engineers in those respective areas: Endpoint management, Application & Data Management, Infrastructure & Corporate Network.
As an "Endpoint" specialist:
Endpoint Security Baselines: Define, implement, and maintain security baselines for all company endpoints, including Windows laptops, Macbooks, company
Browser Policy Management: Define and implement
As a "Applications & Data management" specialist:
Data Lifecycle and Retention Policies: Define, implement, and maintain data labelling and retention policies based on business requirements.
Data Protection Templates: Develop and maintain data protection templates aligned with the company's Information Classification policies, tailored to fit main business use cases around data sharing and processing.
Data Leakage Prevention (DLP) Policies: Define, implement, and maintain data leakage prevention policies through Microsoft Purview and Defender for Cloud Apps to protect against oversharing and insider risks, whether accidental or adversarial.
Email Policies: Maintain email flow rules and security policies to protect against phishing and spam, including maintaining SPF, DKIM, and DMARC rules.
Office365 Configuration: Configure Office365 to follow security best practices, embrace new productivity and collaboration features or assist employees in adequately labelling and protecting company data. Oversee the Office suite, Exchange Online and Outlook, Teams IM, collaboration and voice, Power Apps, Automate and Planner, AI, and security management within the Microsoft 365 ecosystem.
Automatic Labelling and DLP Remediation Policies: Deploy automatic labelling and DLP resolution policies to reduce the overhead on both employees and corporate IT staff.
As an "Infrastructure" specialist:
VDI Infrastructure Management: Manage VDI infrastructure for hundreds of employees, ensuring high availability and optimal performance.
Security Hardening Policies: Define, deploy, and maintain security hardening policies for Windows and Linux servers, following industry's best practices.
Windows Server Administration: Deploy and maintain on-premise and azure-based Windows Server and, occasionally, Linux/Unix systems (CentOS).
Zero-Trust Network Access: Deploy zero-trust network access to corporate apps using technologies like Azure Application Proxy.
Corporate Services: Maintain corporate services including Radius, cloud, and on-premise Active Directory.
PKI: Maintain our Public Key Infrastructure (PKI), supporting user and device certificates for uses such as Certificate-Based Authentication and Network Access Control.
Secure Administration Workflows: Deploy and maintain secure administration workflows, leveraging privileged access workstation (PAW), secure protocols (SSH, RDP), and privileged access management (PAM) solutions.
Network Access Control (NAC): Maintain and support a Network Access Control setup leveraging Certificate Based Authentication to authenticate devices on the corporate network
Requirements
Educational Background: Master degree in Computer Science, Information Technology, or a related field.
Experience: Proven experience in Microsoft-heavy ecosystem, including Entra, Defender, Purview, Azure, Intune, Office365 product lines.
Certification: Relevant Microsoft certifications such as SC-300 (most-desirable), SC-100 SC-400, MD-102, MS-102, MS-900, AZ-140, AZ-104, AZ-900 are highly regarded.
MacOS Management: Experience handling MacOS devices in an Enterprise environment is a plus.
Technical Skills: Proficiency in scripting and query languages like KQL, Python, Bash, and PowerShell is a plus.
Så ansöker du Sista dag att ansöka är 2025-06-02
Klicka på denna länk för att göra din ansökan Omfattning Detta är ett heltidsjobb.
Arbetsgivare Kindred People AB (org.nr 556594-1621)
Regeringsgatan 25 9TR (
visa karta)
111 53 STOCKHOLM
Jobbnummer 9271176