Salary: £18,200 - 19,890 per year Requirements: Proven, hands-on Microsoft Entra ID administration: app registrations, Conditional Access, Identity Protection, authentication strengths, and policy operations. SSO delivery using SAML 2.0 / OIDC / OAuth 2.0: enterprise app onboarding, claims mapping, token troubleshooting (SAML traces, Fiddler, browser dev tools). MFA engineering and rollout: CA-based MFA, method policies, break-glass procedures, staged/targeted deployments. Microsoft 365 security controls: Exchange, SharePoint/OneDrive, Teams governance and access configuration. Desirable CyberArk PAM (Core PAS): Safes, platform onboarding, credential rotation, PSM/PSMP, API integration. Responsibilities: Entra ID operations & hardening: tenant hygiene, identity security baseline, Conditional Access (CA) design/maintenance, break-glass access. SSO engineering: onboard and support SAML/OIDC apps; configure enterprise app registrations, claims, tokens, and session settings. MFA at scale: method policies (Authenticator, FIDO2, SMS), registration campaigns, CA-based MFA enforcement, resilient admin access patterns. Lifecycle & access controls: group-based access, dynamic groups, PIM (just-in-time admin), RBAC reviews, access reviews, least-privilege enforcement. Microsoft 365 alignment: integrate with Defender for Cloud Apps, govern Exchange/SharePoint/Teams access, improve Secure Score. Technologies: API Cloud Fiddler IAM Support Microsoft 365 OAuth RBAC SAML Security SharePoint Office 365 Architect Azure DevOps More: We are an established, well-known national organization seeking a hands-on IAM Engineer for a contract role focused on implementing and operating identity, authentication, and access controls across Microsoft 365 and Microsoft Entra ID. This position will allow you to work hybrid, spending two days a week onsite in Sheffield and the remainder remote. We value collaboration with Security, Infrastructure, and Service Management teams to enhance controls and user experience. last updated 13 week of 2026