Active Directory Federation Services Customer Engineer

QUICK FACTS:

• Work authorization: U.S. citizenship required
• Location: Remote delivery via Microsoft Teams; minimal travel may be required
• Compensation: $95,000 $110,000 (DOE)

WHAT YOU'LL DO:
As a Customer Engineer (CE), you will work directly with enterprise customers to design, secure, migrate, and optimize complex federation and hybrididentity environments. You will leverage Microsoft Intellectual Property (MIP) engagements to guide customers toward a healthy, secure state and act as a trusted advisor.
PRIMARY WORK:

• Active Directory Federation Services (ADFS) Assessment & Onboarding Accelerator
• Migrate & Protect Applications with Entra (Architecture Services + Technical Blocker Mitigation)
• Active Directory Security & OnDemand Assessments
• Microsoft Active Directory Show technical engagements

RESPONSIBILITIES:

• Design, deploy, and configure new or upgraded ADFS 2016/2019/2022/2025 farms
• Lead ADFStoADFS version migrations and execute farm upgrades with zero downtime
• Migrate enterprise apps and service providers from ADFS to Microsoft Entra ID
• Craft claims rules and Access Control Policies (ACPs) and transition Issuance Authorization Rules to ACPs
• Implement multifactor authentication providers for relyingparty trusts and manage certificate rollover
• Troubleshoot claims flows, authentication failures, and certificate issues
• Deliver knowledgetransfer workshops and mentor customer identity teams
• Serve as senior technical escalation point and trusted advisor for federation and hybrididentity projects

EXPERIENCE

• Expertise designing and configuring ADFS farms (2016 2025)
• Handson experience leading ADFS version migrations and farm upgrades
• Proven success migrating enterprise applications from ADFS to Microsoft Entra ID (SAML/OIDC/OAuth)
• Ability to craft, migrate, and troubleshoot claims rules and Access Control Policies
• Deep knowledge integrating multifactor authentication providers with ADFS trusts
• Experience managing certificate lifecycles and updating relyingparty trust metadata
• Solid background with Microsoft Entra Connect / synchronization and hybrid authentication

OPTIONAL KNOWLEDGE:

• Entra ID (Free/P1/P2), RBAC, Entra Password Protection, Device management
• Active Directory Certificate Services, Defender for Identity, AD security hardening and remediation
• Finegrain password policies, auditpolicy tuning, security baselines

CERTIFICATIONS (any of):

• Microsoft Certified: Identity & Access Administrator (SC300), Azure Administrator (AZ104)
• MCSE or equivalent
• Microsoft Certified Trainer (MCT)
• CISSP or comparable security credential

ABOUT JDA TSG:
Since 2011 we have partnered with clients to solve their toughest technical challenges through dynamic, forwardthinking managed services and talent solutions. We believe smart, passionate people tackling meaningful work are the key to our success and yours.
BENEFITS & PERKS:
- Comprehensive medical, dental, and vision coverage

- 401(k) with company match

- Generous PTO, paid parental leave, and a Volunteer Day Off

- Employee Assistance Program for counseling and coaching

- Companypaid life and businesstravel accident insurance
EQUAL EMPLOYMENT OPPORTUNITY
JDA TSG is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, political affiliation, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations, and ordinances. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements.