IT - Consultant - Infrastructure Management | Enterprise Mobility Solution | MS Azure AD, MS Azure RMS, MS Intune

POC:
Brenda

•

Job title:

Consultant

• Duration of the project: 9 Months

• Work Location with Zip code: 15219 onsite from Day-1

• Is this an 100% remote role? - No

• Vendor Rate Range (min to max rate you can offer): XXX to XXX

• Do you have budget approved for this request? Yes

• Minimum years of experience required: 8+

• Would you require the candidates to meet you for in person interview? - YES

• Is Skype/Web Ex interview, OK? - Yes , Video mode interview .

• Please Confirm Must Have Skills (TOP 3 SKILLS)
- Azure IAM - Microsoft Entra , including PIM, JIT elevation, and Conditional Access for privileged roles,RBAC
MFA, Microsoft Sentinel (SIEM), Identity Monitoring, Audit & Compliance, Azure Policy, Management Groups, Managed Identities, Azure AD-based admin configs, Azure Monitor, Log Analytics (KQL)
Secrets Management - Azure Key Vault , Microsoft Graph API, Azure CLI

• Please provide a Detailed

Job Description . (Word Document if any).

Required Skills/ Experience

Deep hands-on expertise with Microsoft Entra  (Azure AD), Azure RBAC, security groups, PIM, and JIT workflows
Strong Azure Policy and resource configuration: enable managed identities, provision Azure AD admin roles (e.g., Azure SQL), minimize local service keys
Strong authenticator management and MFA for privileged roles (e.g., smart cards, FIDO2 security keys) with enforced session configuration norms
NIST SP 800-53 FedRAMP High controls expertise relevant to IAM
Experience in highly regulated environments (federal/financial services)
Azure-native monitoring/logging for identity/access events (e.g., Entra sign-in/audit logs, Azure Monitor), AAA alignment, and alert routing to service owners/security teams
Access governance and documentation: author/maintain IAM policies/standards/SOPs, conduct periodic access reviews, support audit evidence and control tests
Baseline configuration management and accurate asset/data inventories aligned to enterprise configuration practices
Secret hygiene: eliminate static credentials in code/images; enforce password and authenticator protection
Preferred Skills/ Experience

Experience aligning Azure IAM/RBAC with internal policies/standards and external frameworks (e.g., SOX, ISO, NIST)
Exposure to application identity design patterns, least-privilege for service principals, and CI/CD controls for secret management (e.g., Key Vault, pipeline secret scanning
Advanced authenticator management
Required Software/ Technology

Microsoft Entra , including PIM, JIT elevation, and Conditional Access for privileged roles
Azure RBAC across management group/subscription/resource scopes, custom role design, and enterprise role taxonomy
Azure governance with Azure Policy and Management Groups to enforce least-privilege guardrails
MFA with strong authenticators (FIDO2 security keys, smart cards) and Microsoft Authenticator configuration
Managed Identities for Azure services and Azure Key Vault integration to eliminate local service keys
Monitoring and logging via Azure Monitor, Activity Logs, Diagnostic Settings, and Log Analytics (KQL)
Security operations integration with Microsoft Sentinel (SIEM) and Microsoft Defender for Cloud
Administration and automation using Power Shell (Az and Microsoft Graph), Azure CLI, and Microsoft Graph API
Inventory and configuration governance using Azure Resource Graph, tagging strategies, and naming conventions
Preferred Software/ Technology

Power Shell;
Azure CLI

Experience with CI/CD and Dev Sec Ops  integrations
Required Education/ Certifications

Preferred Education/ Certifications

Microsoft SC-300 (Identity and Access Administrator)
Microsoft AZ-500 (Azure Security Engineer)
CISSP or CCSP (nice to have)