Senior Identity & Access Management Engineer

Senior Identity & Access Management Engineer

Job Description:

Ready to make an impact at Sage?

At Sage, we’re passionate about empowering businesses and people to thrive. Our technology helps millions of customers worldwide simplify processes, unlock insights, and achieve their goals. Behind the scenes, our colleagues drive innovation and deliver secure, reliable solutions that make this possible. If you’re looking for a place where your expertise matters and your ideas can shape the future, you’ll feel right at home here.

We’re currently seeking a Senior Identity & Access Management Engineer to join our dynamic team. In this role, you’ll be a key technical contributor responsible for delivering and supporting high-quality services and systems that enable and empower our colleagues across the organization.

What You’ll Do

• Delivery and maintenance of robust technical solutions, including the configuration and management of both on‑premises and cloud-based systems such as Entra , Active Directory, and supporting services like Multi‑Factor Authentication, Conditional Access, Public Key Infrastructure, and DNS.
• Use of scripting and automation tools, particularly Power Shell, to streamline identity and access management operations and develop efficient, repeatable workflows.
• Contributing to all phases of project delivery, including technical design, implementation, configuration, and documentation, while collaborating with technical leads and stakeholders throughout the lifecycle.
• Applying security best practices to identity and access management, including security hardening, privileged access controls, and audit measures, helping to ensure systems are secure and compliant.
• Collaborating effectively with cross‑functional teams, aligning identity solutions with business and security requirements. Communicate clearly with both technical and non‑technical stakeholders to ensure shared understanding and alignment.
• Commitment to staying updated on industry trends, emerging technologies and advancements in cloud identity and access management. Proactive in seeking out professional development opportunities.
• Being curious with a growth mindset and a proven ability to troubleshoot and resolve complex issues with experience in root‑cause analysis and the development of preventive measures to enhance system reliability.
• Supporting adoption of new technologies and tools, assisting with evaluations and sharing insights with the wider team to drive innovation and continuous improvement.

Requirements:

• Extensive experience with Active Directory and Entra , specifically areas like Conditional Access, Identity Protection, MFA, Domain Controllers, DNS, DHCP.
• Knowledge of securing identity platforms such as Privileged Identity Management (PIM) and Role-based Access Control (RBAC).
• Familiarity with security tools and practices such as Entra , Defender for Identity, Microsoft Sentinel, Group Policy hardening, and Secure LDAP.
• Knowledge of Azure Security Center features related to identity security.
• Proficiency in implementing and managing Entra  B2B for external user collaboration.
• Experience with Entra Connect for integrating on‑premises Active Directory with Entra .
• Proficiency in scripting languages such as Power Shell for automating Entra  and configurations.
• Experience with Infrastructure as Code (IaC) tools for managing Azure resources.
• Knowledge of Entra  API and Microsoft Graph API for programmatically managing Entra .
• Understanding of DNS principles, design, and configuration.
• Integration of DNS services with Active Directory and Entra  name resolution and identity verification.
• Experience implementing and managing Public Key Infrastructure (PKI) solutions.
• Knowledge of digital certificate management, including issuance, renewal, and revocation processes.

Preferred Qualifications

• 5–10 years of enterprise‑level experience with Active Directory and Microsoft Entra .
• Expertise in Conditional Access, Identity Protection, MFA, Domain Controllers and DNS.
• Experience with Privileged Identity Management (PIM) and Role‑Based Access Control (RBAC).
• Knowledge of cloud identity solutions and SaaS integrations.
• P…