Senior IAM Cloud and Federation Expert (EntraID)

Your Key Responsibilities

Your responsibilities include, but are not limited to:

• Design, deploy, and optimize Entra ID , Entra Connect , and Azure identity services across hybrid enterprise environments and CIAM.

• Implement and maintain cross-domain and cross-tenant synchronization between AD and Entra ID using Entra Connect or Cloud Sync .

• Build secure authentication and federation flows using SAML , OIDC , and OAuth2 .

• Enhance identity security with Conditional Access , MFA , Passwordless , and FIDO2 authentication methods.

• Support Zero Trust Directory Security through tiered administration, least privilege, and delegated access controls.

• Collaborate with cloud and infrastructure teams to integrate Azure resources securely with enterprise identity services.

• Automate identity tasks using PowerShell , Graph API , and Azure Automation, support incident response and directory health checks.

• Partner with security and enterprise architects to maintain security baselines, privileged access models, and directory hardening for Azure environments.

KPI: Delivery of secure, scalable, and automated identity solutions aligned with Zero Trust principles and compliance standards.

What You’ll Bring to the Role

Essential Requirements:

• Bachelor’s degree in Cybersecurity, Computer Science, IT, or equivalent experience.

• 10+ years in IT or cybersecurity, with 7+ years focused on Entra ID , Ping , Okta , CA Siteminder , Forgerock , and Azure identity engineering in enterprise-scale environments and CIAM.

• Strong hands-on expertise with Entra ID and hybrid identity integration ( Entra Connect / Cloud Sync , federation, SSO).

• Experience with Azure governance, RBAC , PIM , and access policy enforcement.

• Skilled in implementing Conditional Access , Passwordless , phishing-resistant MFA, and Entra IGA (Access Packages, Access Reviews).

• Proficient in PowerShell scripting , Graph API , and Azure automation .

• Solid understanding of authentication protocols ( SAML , OIDC , OAuth2 , LDAP ).

• Familiarity with Zero Trust , tiered admin models, and directory hardening.

Essential Skills: Strong problem-solving, technical leadership, and collaboration abilities.
Languages: English (mandatory).

Desirable Requirements:

• Experience with directory and cloud security tools ( AD , Netwrix , Microsoft Defender for Identity , Entra ID Governance ).

• Exposure to regulated industries and compliance frameworks.

You’ll Receive:

• Competitive compensation and benefits package.

• Flexible working arrangements (hybrid model).

• Learning and development opportunities, including access to global training programs.

• Inclusive and collaborative work environment that values diversity and innovation.

Why Sandoz?

Generic and Biosimilar medicines are the backbone of the global medicines industry. Sandoz, a leader in this sector, provided more than 900 million patient treatments across 100+ countries in 2024 and while we are proud of this achievement, we have an ambition to do more!

With investments in new development capabilities, production sites, new acquisitions, and partnerships, we have the opportunity to shape the future of Sandoz and help more patients gain access to low-cost, high-quality medicines, sustainably.

Our momentum is powered by an open, collaborative culture driven by our talented and ambitious colleagues, who, in return for applying their skills, experience an agile and collegiate environment with impactful, flexible-hybrid careers, where diversity is welcomed and where personal growth is supported!

Join us!