Cloud Security Engineer (Azure/EntraID) in United Estate

Cloud Security Engineer (Azure/EntraID) - (100% remote, EST hours)

Optomi, in partnership with a Fortune 50 company in the pharma/healthcare space is looking to add a Security Engineer to their IAM Team! The Security Engineer over Azure Active Directory/Entra will support various Azure compliance, EntraID and security initiatives throughout a global organization. The right candidate will have experience configuring Azure subscriptions, and experience hardening systems and domains tied to PAM. The Cloud Security Engineer needs to be well rounded in security and be able to navigate Excel to manage large data sets (experience with Pivot Tables, XLookups, etc.) and Graph API’s.

Must-Have Qualifications

1. 5–10 yrs hands-on Azure engineering with at least 3 yrs focused on Azure AD / Entra ID (tenant design, B2B/B2C, custom domains, conditional access).
2. Proven track record hardening cloud identity & subscription models in medium-to-large environments (1K+ users, multi-subscription).
3. Strong grasp of RBAC, PIM / PAM concepts, and subscription governance—even if you haven’t deployed full PAM suites.
4. PowerShell & Graph API scripting to automate identity tasks and parse audit data.
5. Fluent with Excel power tools (pivot tables, lookups, Power Query).
6. Familiarity with Zero Trust, CIS Controls, or NIST-based compliance frameworks.
7. Ability to lead smaller-scale Azure AD projects end-to-end and communicate clearly with business owners.

Nice-to-Have Skills

• Microsoft Sentinel, Defender for Cloud, or identity-centric SIEM tunings.
• Experience migrating legacy AD forests or hybrid ADFS/SSO solutions to Entra ID.
• Terraform/Bicep or Azure DevOps pipelines for identity-as-code.
• Active Microsoft certifications (e.g., SC-300, AZ-500, SC-100).

What You'll do:

Engineer & Harden Azure AD / Entra ID

- Build, configure, and optimize tenants, domains, and resource subscriptions.

- Design least-privilege identity patterns (RBAC, PIM, non-admin subscription access).

- Implement Conditional Access, MFA, role reviews, and governance controls.

Compliance & Assessment

- Map current identity posture against NIST and Zero-Trust benchmarks.

- Run data-driven gap analyses; deliver remediation roadmaps.

Automation & Data Analysis

- Write / maintain PowerShell & Microsoft Graph scripts to enforce policy and collect telemetry.

- Slice large exports in Excel (pivot tables, Power Query) to surface anomalies (e.g., non-admin subscription owners).

Cross-Team Consulting

- Translate technical risk into business impact; lead workshops with app teams.

Advance the Program

- Evaluate emerging Entra ID features (e.g., Entra Permissions Mgmt).