Title: Identity & Access Management System Engineer, Technology Services
Burnaby/Vancouver, BC - Hybrid, with remote work permitted
Department: Technology Services
Active Directory, Entra ID / Azure AD, SSO, MFA, Conditional Access, Hybrid Identity
Scope of Work
The consultant will support Technology Services in advancing identity modernization, access
management, authentication, and security hardening across hybrid Microsoft environment.
The role requires extensive hands-on experience with Active Directory, Microsoft Entra ID / Azure AD,
hybrid identity, authentication services, SSO, MFA, Conditional Access, identity synchronization, and
integration between on-premises and cloud services.
The consultant will support identity and access management activities required for Windows 11, Intune,
M365, Azure, server modernization, cloud migration, application modernization, cybersecurity uplift,
and operational resiliency initiatives.
The consultant will support projects and activities in the following areas:
• Assessment, remediation, and modernization of Active Directory, Entra ID / Azure AD, and
hybrid identity configurations.
• Support for identity synchronization, authentication flows, federation or cloud authentication
patterns, and secure access to both on-premises and cloud-hosted services.
• Design, implementation, and sustainment support for SSO, MFA, Conditional Access, privileged
access, identity lifecycle, and access governance.
• Identity readiness and engineering support for M365, Intune, Windows 11, Azure IaaS, server
replatforming, application migration, and operational service transition.
• Review and improvement of identity-related security controls, access models, administrative
roles, service accounts, and audit readiness.
• Any additional identity, access management, cybersecurity, infrastructure, cloud, or Technology
Services initiatives identified by TS Leadership.
Key Responsibilities and Deliverables
• Assess the current-state Active Directory, Entra ID / Azure AD, hybrid identity, authentication,
authorization, and access management environment.
• Review identity synchronization, domain services, OU/group structures, group policy
dependencies, authentication patterns, administrative roles, service accounts, and identity
related technical debt.
• Identify risks, constraints, configuration gaps, legacy dependencies, and security issues that may
affect Windows 11, M365, Azure, server migration, application access, or operational resiliency.
• Design and implement identity controls including SSO, MFA, Conditional Access, role-based
access, group-based access, privileged administration, and identity protection patterns.
• Support Entra ID / Azure AD hybrid scenarios, including secure access between cloud services,
domain-joined devices, hybrid-joined devices, on-premises applications, Azure-hosted
workloads, and M365 services.
• Support remediation of legacy authentication, insecure access patterns, unmanaged service
accounts, excessive privileges, weak group ownership, and unclear access lifecycle processes.
• Develop and maintain identity architecture diagrams, authentication flow diagrams,
dependency maps, integration documentation, access models, and operational decision records.
• Support identity readiness for Windows 11 deployment, Intune enrollment, Autopilot, M365
service operationalization, Azure IaaS migration, and server replatforming.
• Define and document privileged access practices including administrative role assignment,
break-glass accounts, emergency access, access review processes, and operational audit
controls.
• Support joiner/mover/leaver processes, group ownership, access request workflows,
deprovisioning requirements, and integration with ITSM processes where required.
• Troubleshoot and resolve identity-related issues affecting user access, device compliance,
application authentication, service availability, and migration readiness.
• Produce runbooks, operational procedures, support documentation, configuration standards,
test plans, validation evidence, change documentation, and transition-to-operations materials.
• Work with cybersecurity, infrastructure, endpoint, M365, ServiceNow, application, and cloud
teams to align identity services with security, operational, and modernization requirements.
• Support implementation planning, change readiness, cutover activities, hypercare, and
knowledge transfer related to identity changes.
Education, Training and Experience
• Minimum of 10 years’ experience in identity and access management, directory services, or
systems engineering in complex hybrid Microsoft environments.
• Degree in computer science, information systems, or a related field, or an equivalent
combination of training and experience.
• Strong hands-on experience designing and implementing Active Directory, Entra ID / Azure AD,
hybrid identity, SSO, MFA, and Conditional Access is required.
• Microsoft certifications such as Identity and Access Administrator Associate, or
Security/Enterprise Administrator credentials, are strong assets.
• Experience with identity synchronization (Entra Connect), federation, and privileged access
management is an asset.
• Experience working in highly available public safety or other regulated environments is an asset.
Knowledge, Skills and Abilities
• Knowledge of identity and access management standards, authentication and authorization
patterns, and Zero Trust principles.
• Knowledge of Active Directory, Entra ID / Azure AD, hybrid identity, Conditional Access, MFA,
and privileged access practices.
• Knowledge of identity lifecycle, access governance, and audit/compliance requirements.
• Knowledge of and experience in the design and deployment of secure systems, preferably in a
public safety context.
• Knowledge of MS Visio, Teams, PowerPoint, and SharePoint.
• Ability to respond to shifting priorities, demands, and timelines.
• Ability to anticipate, investigate, research, and analyze complex identity problems, and to
resolve or escalate issues in a timely fashion.
• Ability to work effectively and elicit cooperation with a variety of internal and external contacts.
• Ability to communicate effectively orally and in writing and to prepare clear, concise, and
complete documentation.
• Ability to prepare and maintain a variety of records and technical documentation related to the
work.
Reach me at : saibhumaatwebmobilezdotcom
Never miss an opportunity! Create an alert based on the job you applied for.
