Lead, Identity Engineer- EntraID

Job Description/Preferred Qualifications

Key Responsibilities

• Manage maintain and optimize Microsoft Entra ID including groups access policies SSO integrations applications and conditional access.
• Support and improve MultiFactor Authentication (MFA) and Conditional Access policies.
• Troubleshoot synchronization and identity flow issues across hybrid identities using Entra Connect / Cloud Sync.
• Administer and support Active Directory (users groups GPOs OU structure domain controllers).
• Implement and maintain identity lifecycle automation including provisioning deprovisioning and role-based access control (RBAC).
• Configure and manage SSO / federation services (SAML OAuth OpenID Connect SCIM).
• Enforce identity governance best practices and assist in access certification and audit activities.
• Support ZeroTrust initiatives focused on identity hardening and secure authentication.
• Monitor and respond to identity-related incidents alerts and vulnerabilities.
• Create and enhance automation with PowerShell Graph API and Entra automation tools.
• Assist in integrating SaaS and onprem applications with Entra ID for SSO and automated provisioning.
• Work closely with security cloud and infrastructure teams to implement identity solutions.
• Participate in IAM roadmap planning solution design and documentation.
• Support migration efforts to modern identity platforms and cloudfirst authentication models.

Minimum Qualifications

• 36 years of experience in Identity & Access Management or equivalent technical roles.
• Strong expertise with Microsoft Entra ID (Azure Active Directory) including:
  • Conditional Access
  • Identity protection
  • App registrations & enterprise apps
  • OAuth/OIDC/SAML integrations
• Good experience with onprem Active Directory:
  • Domain administrationCe
  • Group Policy
  • Site topology & replication
• Hands-on experience managing Entra Connect or Cloud Sync.
• Proficiency with PowerShell for IAM automation.
• Solid understanding of authentication/authorization protocols (SAML OAuth 2.0 OIDC Kerberos).
• Experience supporting MFA RBAC privileged access and identity governance processes.
• Certifications in Microsoft Azure or security is a huge plus.

We offer a competitive family friendly total rewards package. We design our programs to reflect our commitment to an inclusive environment while ensuring we provide benefits that meet the diverse needs of our employees.

KLA is proud to be an equal opportunity employer

Be aware of potentially fraudulent job postings or suspicious recruiting activity by persons that are currently posing as KLA employees. KLA never asks for any financial compensation to be considered for an interview to become an employee or for equipment. Further KLA does not work with any recruiters or third parties who charge such fees either directly or on behalf of KLA. Please ensure that you have searched KLAs Careers website for legitimate job postings. KLA follows a recruiting process that involves multiple interviews in person or on video conferencing with our hiring managers. If you are concerned that a communication an interview an offer of employment or that an employee is not legitimate please send an email to to confirm the person you are communicating with is an employee. We take your privacy very seriously and confidentially handle your information.