Home
Explore roles
Explore companies
Log in
Sign up
Roles
Tria Recruitment
IAM Engineer - MS365 / Entra ID / SSO / MFA
Explore roles
Tria Recruitment
IAM Engineer - MS365 / Entra ID / SSO / MFA
£700/day - £800/day
Sheffield
Hybrid
Graduate
Junior
Mid
Senior
Leader
Description

Microsoft 365 / Entra ID / SSO / MFA

Role: IAM Engineer
Contract: 6+ months initially
IR35: Inside IR35
Day Rate: Up to £800 per day (via umbrella) potential for flex DOE
Location: Hybrid - 2 days/week on-site in Sheffield, remainder remote
Start: ASAP

Summary

An established well known national organisation is seeking a hands-on IAM Engineer to implement and operate identity, authentication, and access controls across Microsoft 365 and Microsoft Entra ID (Azure AD).

Focus is on SSO, MFA, Conditional Access, identity lifecycle, and privileged access (with CyberArk as a desirable skill). This is a delivery and operations role (not an architect), partnering with Security, Infrastructure, and Service Management to harden controls, reduce risk, and improve user experience.

Responsibilities

  • Entra ID operations & hardening: tenant hygiene, identity security baseline, Conditional Access (CA) design/maintenance, break-glass access.
  • SSO engineering: onboard and support SAML/OIDC apps; configure enterprise app registrations, claims, tokens, and session settings.
  • MFA at scale: method policies (Authenticator, FIDO2, SMS), registration campaigns, CA-based MFA enforcement, resilient admin access patterns.
  • Lifecycle & access controls: group-based access, dynamic groups, PIM (just-in-time admin), RBAC reviews, access reviews, least-privilege enforcement.
  • Microsoft 365 alignment: integrate with Defender for Cloud Apps, govern Exchange/SharePoint/Teams access, improve Secure Score.

Required Skills & Experience

  • Proven, hands-on Microsoft Entra ID administration: app registrations, Conditional Access, Identity Protection, authentication strengths, and policy operations.
  • SSO delivery using SAML 2.0 / OIDC / OAuth 2.0: enterprise app onboarding, claims mapping, token troubleshooting (SAML traces, Fiddler, browser dev tools).
  • MFA engineering and rollout: CA-based MFA, method policies, break-glass procedures, staged/targeted deployments.
  • Microsoft 365 security controls: Exchange, SharePoint/OneDrive, Teams governance and access configuration.

Desirable

  • CyberArk PAM (Core PAS): Safes, platform onboarding, credential rotation, PSM/PSMP, API integration.

If you have the relevant skills and interested in hearing more please apply with your latest CV.

Tria Recruitment
IAM Engineer - MS365 / Entra ID / SSO / MFA£700/day - £800/day
Confirmed live a few seconds ago
© 2026 HAYSTACK APP LTD
Privacy policy & Cookies
Terms
Feedback
Contact
Careers