IAM Engineer - Entra ID

We are looking for an IAM Engineer with deep Microsoft Entra ID expertise to join our team and lead identity engagements for our enterprise customers, including current programs with UK and EU critical infrastructure operators. This is a well-paid remote role, based in Portugal so you can collaborate with our UK and EU clients within the same working hours.

Responsibilities

• Lead the design and delivery of hybrid identity architectures across Entra ID, Active Directory, and SaaS applications.
• Design and roll out Conditional Access policies, including phishing-resistant MFA, device compliance, and risk-based controls.
• Reduce exposure on privileged and service accounts: PIM, managed identities, credential rotation, least-privilege scoping.
• Integrate business applications via SAML, OIDC, and SCIM, and migrate legacy authentication where needed.
• Work directly with customer CISOs, CIOs, and identity teams to scope, plan, and deliver phased engagements.
• Document architectures, design decisions, and operational runbooks.
• Participate in customer meetings, both pre-sales and post-sales.

Your profile

• 3+ years of hands-on experience with Microsoft Entra ID in enterprise environments.
• Knowledge of hybrid identity: Entra Connect, Entra Connect Cloud Sync, ADFS, hybrid join, and authentication modes (PHS, PTA).
• Experience designing and deploying Conditional Access at scale.
• Experience implementing Privileged Identity Management and remediating service account sprawl.
• Practical experience with Intune device compliance and its role as a Conditional Access signal.
• Working knowledge of SAML, OIDC, OAuth 2.0, and SCIM provisioning patterns.
• Strong client-facing skills: able to lead workshops, explain trade-offs to executive stakeholders, and write clear documentation.
• Excellent English, written and verbal.
• Based in the EU with the ability to travel to UK/EU customer sites occasionally.
• Service-oriented and customer-centric mindset.
• Great level of autonomy.

Nice to have:

• Experience with critical national infrastructure, aviation, or other regulated environments.
• Familiarity with OT/IoT identity and tenant segmentation scenarios.
• Exposure to JML automation, HRIS integration, and Identity Governance (Entra ID Governance / access packages).
• Microsoft certifications (SC-300, SC-100, AZ-500).
• Experience with Keycloak or other open-source identity platforms.
• BSc or MSc in any relevant IT field.

If this role excites you, but you are worried that you don’t fit all the requirements, please send your application anyway. We would love to get in touch!

Our recruiting process consists of…

• Send us your updated CV
• First interview (30 min)
• Technical Assessment
• Second interview (30 min)
• Offer
• Contract signing