System Administrator III

The Tier 3 Microsoft 365 Entra Administrator is a senior-level Identity & Access Management (IAM) professional responsible for securing administering and optimizing a hybrid identity environment spanning onprem Active Directory and Microsoft Entra ID. This role serves as the highest escalation point for identity-related incidents leads advanced troubleshooting and root cause analysis and drives identity security strategy aligned with Zero Trust principles.

The role has a strong emphasis on identity security governance and privileged access working closely with Cybersecurity Infrastructure and Compliance teams. The Tier 3 Entra Administrator also mentors Tier 12 support owns identity automation and governance improvements and ensures audit-ready identity operations using tools such as ServiceNow and NetIQ.

• Must be local to Brentwood TN or Denver CO
• Act as the Tier 3 escalation point for complex Entra ID hybrid identity and authentication incidents.
• Lead resolution of high-severity identity outages and security incidents (authentication failures MFA bypass attempts Conditional Access issues).
• Perform detailed root cause analysis (RCA) and implement long-term corrective and preventive actions.
• Drive identity-related Problem Management activities within ServiceNow.
• Provide technical leadership mentoring and knowledge transfer to Tier 12 support teams.
• Administer and secure Microsoft Entra ID and onprem Active Directory in a hybrid configuration.
• Support and troubleshoot Entra Connect / Cloud Sync:
  • Attribute flow and sync rule issues
  • Duplicate object resolution (soft/hard match)
  • UPN proxyAddress and source anchor mismatches
• Partner with AD PKI networking and endpoint teams to ensure identity dependencies remain secure and resilient.
• Identity Security & Zero Trust Enforcement (Primary Focus)
• Design implement and maintain Conditional Access policies with a security-first approach:
  • Risk-based access
  • Device and platform restrictions
  • Session controls and legacy authentication blocking
• Manage and optimize authentication methods including:
  • MFA (Authenticator FIDO2 WHfB OATH Temporary Access Pass)
  • Phishing-resistant authentication strategies
• Administer Privileged Identity Management (PIM):
  • Eligible role assignments
  • Approval workflows
  • Just-in-time access
  • Privileged access monitoring and alerts
• Investigate Entra ID Protection risk detections and coordinate remediation for risky users and sign-ins.
• Maintain and protect break-glass and emergency access accounts.
• Lead identity governance initiatives using:
  • Access Reviews
  • Entitlement Management / Access Packages
  • Lifecycle and joiner-mover-leaver processes
• Utilize NetIQ identity tools to support:
  • Identity lifecycle management
  • Role-based access models
  • Attestation and access certification workflows
• Ensure identity controls align with regulatory and audit requirements (SOX SOC 2 ISO HIPAA etc.).
• Provide audit evidence logging and reporting for identity-related controls.

• Application Access & Single Sign-On (SSO)

• Integrate and secure enterprise and SaaS applications using Entra SSO:
  • SAML OAuth 2.0 OpenID Connect
  • SCIM provisioning and deprovisioning
• Secure and manage:
  • App registrations and service principals
  • API permissions and consent models
  • Certificate and secret lifecycle management
• Troubleshoot federation claims and token-related issues
• ServiceNow & Operational Excellence
• Use ServiceNow for:
  • Incident Problem and Change Management
  • Identity request workflows and approvals
  • CMDB and service mapping related to identity services
• Improve operational maturity through:
  • Runbooks and SOPs
  • Monitoring and alerting enhancements
  • Identity-related SLAs and KPIs

• Automation & Continuous Improvement

• Automate identity operations using:
  • PowerShell
  • Microsoft Graph
  • Azure Automation / Logic Apps
• Reduce manual access administration and improve consistency through automation.
• Maintain version-controlled scripts and documentation.
• Continuously assess and improve identity security posture and architecture.

Qualifications :

Required:

• 5 years of IAM experience with 3 years focused on Microsoft Entra ID in a hybrid environment.
• Deep expertise in:
  • Microsoft Entra ID and Active Directory
  • Conditional Access MFA and Zero Trust identity controls
  • Privileged Identity Management (PIM)
  • Hybrid identity troubleshooting (sync authentication federation)
• Hands-on experience with ServiceNow (ITSM identity workflows).
• Experience working with NetIQ identity governance or directory tools.
• Strong PowerShell and automation skills.
• Proven ability to lead incident response and security-focused identity initiatives.
• Security-first mindset with strong Zero Trust principles
• Advanced troubleshooting and analytical skills
• Strong collaboration with Security Compliance and Infrastructure teams
• Clear technical documentation and communication
• Ability to lead initiatives independently and influence identity strategy

Preferred:

• Microsoft certifications (preferred):
  • SC-300 Identity and Access Administrator
  • SC-200 / SC-100 Security
  • AZ-104 MS-102
• Experience with:
  • Entra ID Protection and identity risk management
  • Defender for Cloud Apps integration
  • Phishing-resistant MFA rollouts (FIDO2 / WHfB)
  • ITIL-based operational environments
• Experience supporting regulated or highly audited environments.

Additional Information :

Discover some of the global benefits that empower our people to become the best version of themselves:

• Finance: Competitive salary package share plan company performance bonuses value-based recognition awards referral bonus;   
• Career Development: Career coaching global career opportunities non-linear career paths internal development programmes for management and technical leadership;
• Learning Opportunities: Complex projects rotations internal tech communities training certifications coaching online learning platforms subscriptions pass-it-on sessions workshops conferences;
• Work-Life Balance: Hybrid work and flexible working hours employee assistance programme;
• Health: Global internal wellbeing programme access to wellbeing apps;
• Community: Global internal tech communities hobby clubs and interest groups inclusion and diversity programmes events and celebrations.

Additional Employee Requirements  

• Participation in both internal meetings and external meetings via video calls as necessary. 
• Ability to go into corporate or client offices to work onsite as necessary. 
• Prolonged periods of remaining stationary at a desk and working on a computer as necessary. 
• Ability to bend kneel crouch and reach overhead as necessary. 
• Hand-eye coordination necessary to operate computers and various pieces of office equipment as necessary. 
• Vision abilities including close vision toleration of fluorescent lighting and adjusting focus as necessary. 
• For positions that require business travel and/or event attendance ability to lift 25 lbs as necessary. 
• For positions that require business travel and/or event attendance a valid drivers license and acceptable driving record are required as driving is an essential job function.

*If requested reasonable accommodations will be made to enable employees requiring accommodations to perform the essential functions of their jobs absent undue hardship.   

USA Benefits (Full time roles only does not apply to contractor positions)

• Robust healthcare and benefits including Medical Dental vision Disability coverage and various other benefit options  
• Flexible Spending Accounts (Medical Transit and Dependent Care)  
• Employer Paid Life Insurance and AD&D Coverages  
• Health Savings account paired with our low-cost High Deductible Medical Plan  
• 401(k) Safe Harbor Retirement plan with employer match with immediately vest   

At Endava were committed to creating an open inclusive and respectful environment where everyone feels safe valued and empowered to be their best. We welcome applications from people of all backgrounds experiences and perspectivesbecause we know that inclusive teams help us deliver smarter more innovative solutions for our customers. Hiring decisions are based on merit skills qualifications and potential. If you need adjustments or support during the recruitment process please let us know.

Remote Work :

No

Employment Type :

Full-time