PAM Specialist (Entra ID)

ComTec Information Systems (IT)

Newark

Description

Title: PAM Specialist (Entra ID)

Location: Newark, NJ (Hybrid)

Mode: Hybrid (onsite 2-3 days a week)

Responsibilities:

  • Integrate on-prem and SaaS apps with Microsoft Entra ID using SAML 2.0 and OIDC/OAuth 2.0 (enterprise, gallery, and custom apps)
  • Design and support secure SSO across cloud, hybrid, and federated identity environments
  • Manage Entra ID enterprise apps, app registrations, service principals, API permissions, and consent policies
  • Implement Conditional Access (MFA, risk-based, device-based, step-up authentication)
  • Assess legacy apps for SSO readiness and recommend modernization
  • Troubleshoot authentication/federation issues using Entra logs, audit logs, and token diagnostics
  • Configure and validate secure token settings (claims, redirect URIs, certificates, audience)
  • Collaborate with IAM, SailPoint, CyberArk, cloud, and app teams for identity modernization
  • Align authentication with identity lifecycle (provisioning/deprovisioning) and PAM controls (JIT, secrets, session isolation)
  • Define SSO standards and onboarding guidance for application teams
  • Support large-scale application onboarding and standardize integration processes/documentation
  • Drive identity security initiatives (passwordless, Zero Trust, SSO expansion, legacy migration)
  • Automate tasks using PowerShell, Python, and Microsoft Graph API

Qualifications:

  • Strong experience integrating applications with Microsoft Entra ID using SAML 2.0, OIDC, and OAuth 2.0
  • Expertise in SSO, federation, authentication patterns, and enterprise identity architecture
  • Hands-on with Conditional Access, app registrations, service principals, API permissions, and consent models
  • Experience with hybrid identity (Active Directory, Entra Connect) and lifecycle management with SailPoint integration
  • Skilled in troubleshooting authentication using Entra ID logs, token analysis, and sign-in diagnostics
  • Knowledge of secure token design, claims mapping, certificates, redirect URIs, and encryption standards
  • Experience with PAM solutions like CyberArk and privileged access integration (ZSP, JIT)
  • Familiar with passwordless authentication (FIDO2, Windows Hello, certificate-based auth) and Zero Trust principles
  • Basic automation/scripting using PowerShell, Python, and Microsoft Graph API
  • Experience supporting large-scale SSO onboarding (300–600+ apps) and enterprise app discovery
  • Familiar with compliance frameworks (SOX, NERC CIP, CIS)
  • Experience migrating from legacy IAM platforms (ADFS, Okta, Ping) to Microsoft Entra ID
  • Strong cross-functional collaboration, documentation, and stakeholder communication skills