Enterprise Mobility Solution | MS Azure AD, MS Azure RMS, MS Intune
Listed on 2026-07-01
-
IT/Tech
Cybersecurity, Azure, Cloud Computing: Infrastructure & Operations, Data Security
Consultant
Duration of the project: 9 Months
Work Location with Zip code: 15219 onsite from Day-1
Is this an 100% remote role? - No
Do you have budget approved for this request? Yes
Minimum years of experience required: 8+
Would you require the candidates to meet you for in person interview? - YES
Is Skype/Web Ex interview, OK? – Yes, Video mode interview.
Must Have Skills (TOP 3 SKILLS):
- Azure IAM
- Microsoft Entra , including PIM, JIT elevation, and Conditional Access for privileged roles, RBAC MFA, Microsoft Sentinel (SIEM), Identity Monitoring, Audit & Compliance, Azure Policy, Management Groups, Managed Identities, Azure AD-based admin configs, Azure Monitor, Log Analytics (KQL) Secrets Management
- Azure Key Vault, Microsoft Graph API, Azure CLI
Required Skills/
Experience:
- Deep hands-on expertise with Microsoft Entra (Azure AD), Azure RBAC, security groups, PIM, and JIT workflows
- Strong Azure Policy and resource configuration: enable managed identities, provision Azure AD admin roles (e.g., Azure SQL), minimize local service keys
- Strong authenticator management and MFA for privileged roles (e.g., smart cards, FIDO2 security keys) with enforced session configuration norms
- NIST SP 800-53 FedRAMP High controls expertise relevant to IAM
- Experience in highly regulated environments (federal/financial services)
- Azure-native monitoring/logging for identity/access events (e.g., Entra sign-in/audit logs, Azure Monitor), AAA alignment, and alert routing to service owners/security teams
- Access governance and documentation: author/maintain IAM policies/standards/SOPs, conduct periodic access reviews, support audit evidence and control tests
- Baseline configuration management and accurate asset/data inventories aligned to enterprise configuration practices
- Secret hygiene: eliminate static credentials in code/images; enforce password and authenticator protection
Preferred Skills/
Experience:
- Experience aligning Azure IAM/RBAC with internal policies/standards and external frameworks (e.g., SOX, ISO, NIST)
- Exposure to application identity design patterns, least-privilege for service principals, and CI/CD controls for secret management (e.g., Key Vault, pipeline secret scanning)
- Advanced authenticator management
Required Software/ Technology:
- Microsoft Entra , including PIM, JIT elevation, and Conditional Access for privileged roles
- Azure RBAC across management group/subscription/resource scopes, custom role design, and enterprise role taxonomy
- Azure governance with Azure Policy and Management Groups to enforce least‐privilege guardrails
- MFA with strong authenticators (FIDO2 security keys, smart cards) and Microsoft Authenticator configuration
- Managed Identities for Azure services and Azure Key Vault integration to eliminate local service keys
- Monitoring and logging via Azure Monitor, Activity Logs, Diagnostic Settings, and Log Analytics (KQL)
- Security operations integration with Microsoft Sentinel (SIEM) and Microsoft Defender for Cloud
- Administration and automation using Power Shell (Az and Microsoft Graph), Azure CLI, and Microsoft Graph API
- Inventory and configuration governance using Azure Resource Graph, tagging strategies, and naming conventions
Preferred Software/ Technology:
- Power Shell;
Azure CLI - Experience with CI/CD and Dev Sec Ops integrations
Required Education/
Certifications:
- Microsoft SC-300 (Identity and Access Administrator)
- Microsoft AZ-500 (Azure Security Engineer)
- CISSP or CCSP (nice to have)
Diverse Lynx LLC is an Equal Employment Opportunity employer. All qualified applicants will receive due consideration for employment without any discrimination. All applicants will be evaluated solely on the basis of their ability, competence and their proven capability to perform the functions outlined in the corresponding role. We promote and support a diverse workforce across all levels in the company.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).