Title: Systems Admin III
Duration: 9 months contract
Location: Denver, CO, 80202(Remote)
Description:
The Tier 3 Microsoft 365 Entra Administrator is a senior-level Identity & Access Management (IAM) professional responsible for securing, administering, and optimizing a hybrid identity environment spanning on‑prem Active Directory and Microsoft Entra ID. This role serves as the highest escalation point for identity-related incidents, leads advanced troubleshooting and root cause analysis, and drives identity security strategy aligned with Zero Trust principles
The role has a strong emphasis on identity security, governance, and privileged access, working closely with Cybersecurity, Infrastructure, and Compliance teams. The Tier 3 Entra Administrator also mentors Tier 1–2 support, owns identity automation and governance improvements, and ensures audit-ready identity operations using tools such as ServiceNow and NetIQ.
Key Responsibilities:
Tier 3 Escalation & Incident Leadership
· Act as the Tier 3 escalation point for complex Entra ID, hybrid identity, and authentication incidents.
· Lead resolution of high-severity identity outages and security incidents (authentication failures, MFA bypass attempts, Conditional Access issues).
· Perform detailed root cause analysis (RCA) and implement long-term corrective and preventive actions.
· Drive identity-related Problem Management activities within ServiceNow.
· Provide technical leadership, mentoring, and knowledge transfer to Tier 1–2 support teams.
Hybrid Identity Administration (AD + Entra)
· Administer and secure Microsoft Entra ID and on‑prem Active Directory in a hybrid configuration.
· Support and troubleshoot Entra Connect / Cloud Sync:
o Attribute flow and sync rule issues
o Duplicate object resolution (soft/hard match)
o UPN, proxyAddress, and source anchor mismatches
· Partner with AD, PKI, networking, and endpoint teams to ensure identity dependencies remain secure and resilient.
Identity Security & Zero Trust Enforcement (Primary Focus):
· Design, implement, and maintain Conditional Access policies with a security-first approach:
o Risk-based access
o Device and platform restrictions
o Session controls and legacy authentication blocking
· Manage and optimize authentication methods, including:
o MFA (Authenticator, FIDO2, WHfB, OATH, Temporary Access Pass)
o Phishing-resistant authentication strategies
· Administer Privileged Identity Management (PIM):
o Eligible role assignments
o Approval workflows
o Just-in-time access
o Privileged access monitoring and alerts
· Investigate Entra ID Protection risk detections and coordinate remediation for risky users and sign-ins.
· Maintain and protect break-glass and emergency access accounts.
Identity Governance & Compliance
· Lead identity governance initiatives using:
o Access Reviews
o Entitlement Management / Access Packages
o Lifecycle and joiner-mover-leaver processes
· Utilize NetIQ identity tools to support:
o Identity lifecycle management
o Role-based access models
o Attestation and access certification workflows
· Ensure identity controls align with regulatory and audit requirements (SOX, SOC 2, ISO, HIPAA, etc.).
· Provide audit evidence, logging, and reporting for identity-related controls.
Application Access & Single Sign-On (SSO)
· Integrate and secure enterprise and SaaS applications using Entra SSO:
o SAML, OAuth 2.0, OpenID Connect
o SCIM provisioning and deprovisioning
· Secure and manage:
o App registrations and service principals
o API permissions and consent models
o Certificate and secret lifecycle management
· Troubleshoot federation, claims, and token-related issues.
ServiceNow & Operational Excellence
· Use ServiceNow for:
o Incident, Problem, and Change Management
o Identity request workflows and approvals
o CMDB and service mapping related to identity services
· Improve operational maturity through:
o Runbooks and SOPs
o Monitoring and alerting enhancements
o Identity-related SLAs and KPIs
Automation & Continuous Improvement
· Automate identity operations using:
o PowerShell
o Microsoft Graph
o Azure Automation / Logic Apps
· Reduce manual access administration and improve consistency through automation.
· Maintain version-controlled scripts and documentation.
· Continuously assess and improve identity security posture and architecture.
Required Qualifications
· 5+ years of IAM experience, with 3+ years focused on Microsoft Entra ID in a hybrid environment.
· Deep expertise in:
o Microsoft Entra ID and Active Directory
o Conditional Access, MFA, and Zero Trust identity controls
o Privileged Identity Management (PIM)
o Hybrid identity troubleshooting (sync, authentication, federation)
· Hands-on experience with ServiceNow (ITSM, identity workflows).
· Experience working with NetIQ identity governance or directory tools.
· Strong PowerShell and automation skills.
· Proven ability to lead incident response and security-focused identity initiatives.
Preferred Qualifications
· Microsoft certifications (preferred):
o SC-300 – Identity and Access Administrator
o SC-200 / SC-100 – Security
o AZ-104, MS-102
· Experience with:
o Entra ID Protection and identity risk management
o Defender for Cloud Apps integration
o Phishing-resistant MFA rollouts (FIDO2 / WHfB)
o ITIL-based operational environments
· Experience supporting regulated or highly audited environments.
Core Competencies
· Security-first mindset with strong Zero Trust principles
· Advanced troubleshooting and analytical skills
· Strong collaboration with Security, Compliance, and Infrastructure teams
· Clear technical documentation and communication
· Ability to lead initiatives independently and influence identity strategy
*** We offer health benefits and 401K Plan***
Never miss an opportunity! Create an alert based on the job you applied for.
