Microsoft Azure IAM & PKI Specialist (SME)

Overview Job Title : Microsoft Azure IAM & PKI Specialist (SME)

Location : Jeddah

Experience : 8-12 years

Responsibilities

IAM : Microsoft Azure IAM SME (Entra ID, etc.).

Identity & Access Management concepts (SSO, MFA, conditional access, RBAC).

Entra ID administration (user / group management, app registration, service principals).

Federation & integration (SAML, OAuth 2.0, OpenID Connect).

Identity Governance (access reviews, entitlement management, lifecycle workflows).

Permissions Management (cloud entitlements across Azure, GCP).

Troubleshooting authentication & authorization issues.

Microsoft Azure : Azure AD / Entra integration with Azure resources.

Azure RBAC & security best practices.

Azure Policy & compliance management.

Azure Monitor, Log Analytics, Sentinel (security monitoring).

Familiarity with ARM templates / Bicep for infrastructure automation.

Microsoft Active Directory (AD) : AD domain services administration (user, group, OU, GPO).

Domain & forest trust management.

DNS integration with AD.

AD replication & troubleshooting (dcdiag, repadmin).

Security hardening (admin tiering, delegation).

AD backup & recovery procedures.

Microsoft Active Directory Certificate Services (AD CS) : PKI concepts (public / private keys, X.509 certificates, CRL, OCSP).

Installing & configuring AD CS (root CA, subordinate CA).

Certificate templates, enrollment policies, and auto-enrollment.

Managing CRLs & OCSP responders.

Securing CA infrastructure & key material.

Certificate lifecycle management & renewal automation.

Certificate Lifecycle Management (CLM) : Managing certificate inventories & expiration alerts.

Automated issuance & renewal (SCEP, ACME protocols).

Integrating PKI with endpoint, server, and network devices.

Governance & compliance for certificate usage.

Transitioning cryptographic algorithms (e.g., SHA-1 → SHA-256, RSA → ECC).

Microsoft PKI : Deep understanding of PKI trust chains; secure design of enterprise PKI; policy & practice statement creation.

Hardware Security Module (HSM) integration.

Root & subordinate CA separation & protection.

Microsoft Network Policy Server (NPS) : RADIUS server configuration, integration with AD for authentication, NPS policies for wired / wireless 802.1X authentication, NPS & MFA integration, troubleshooting RADIUS authentication issues (logs, Event Viewer).

Google Cloud Console Management : GCP IAM (roles, service accounts, policies).

Project, folder, and organization-level resource management.

Integration with external identity providers (Entra ID, SAML).

Monitoring & logging with Google Cloud Operations Suite.

Security best practices in GCP (org policy, security command center).

Qualifications

8-12 years of experience in IAM, PKI, and related Microsoft and cloud technologies.

Strong understanding of Azure AD / Entra ID, RBAC, conditional access, and identity governance.

Experience with PKI, AD CS, certificate lifecycle, and HSM integration.

Hands-on experience with AD, DNS, GPOs, domain / forest trust, and AD replication.

Familiarity with cloud platforms (Azure, Google Cloud) and cross-provider identity integration (SAML, OAuth, OIDC).

Ability to design secure IAM architectures and apply security best practices.

#J-18808-Ljbffr