Lead Entra Security Engineer
Humana
3h ago
0$142k - $196kDevUnited Stateshimalayas
Identity-And-Access-Management-EngineerCloud-Identity-Security-EngineerLead-Entra-Security-EngineerMicrosoft-Entra-AdministratorIdentity-Security-EngineerLead-Security-EngineerSecurity-Engineering-LeadLead-Cybersecurity-EngineerLead-Information-Security-EngineerLead-Cloud-Security-EngineerSenior
Job Description
Become a part of our caring community
*Selected candidate must reside within approximately 60 minutes driving distance from one of the following locations: (Louisville KY, NYC Metro, Dallas Metro, Charlotte NC Metro, South Florida(Tampa/Miami/Ft Lauderdale) , Washington DC metro, Chicago, Boston, Atlanta, Nashville)
The Lead Entra Security Engineer will drive both the architectural vision and hands-on engineering implementation of enterprise identity services across multiple Entra ID tenants. This role is responsible for designing and building modern identity controls across workforce, B2B, and application environments, while standardizing configurations and strengthening identity security posture.
The Lead Entra Security Engineer will partner closely with security, platform, and application teams to deliver secure-by-design identity solutions, modernize authentication and access controls, and enable scalable identity patterns aligned to Zero Trust principles. This role requires deep Entra expertise, strong engineering capability, and the ability to translate complex identity challenges into practical, enforceable solutions.Key ResponsibilitiesEngineer, implement, and help design identity controls across multiple Entra tenants, including Conditional Access, MFA, Identity Protection, and governance capabilitiesImplement and standardize cross-tenant access patterns, partnering on design decisions for B2B collaboration, Multi-Tenant Organizations (MTO), and external identity controlsLead implementation of Privileged Identity Management (PIM), access reviews, and least privilege access modelsEngineer and optimize authentication and SSO integrations (SAML, OAuth, OIDC) across SaaS and enterprise applicationsExecute tenant standardization efforts, ensuring consistent policies, authentication methods, and governance controlsTroubleshoot and resolve complex authentication, authorization, and provisioning issuesDevelop automation using PowerShell, Microsoft Graph, Terraform, Azure Logic Apps, etc. to scale identity operationsPartner with application and platform teams to embed identity-security-by-design into solutions and integrationsContribute to and operationalize identity security baselines aligned to Zero Trust principlesIdentify, engineer, and implement improvements to strengthen identity posture, reduce risk, and improve user experienceCreate and maintain reusable engineering patterns, scripts, and documentation for Entra security controls
Use your skills to make an impact
Requirements7+ years of experience in identity engineering, IAM architecture, or cloud identity security in large environmentsDeep expertise in Microsoft Entra ID (Azure AD) across multi-tenant environmentsStrong hands-on experience with:Conditional Access and MFA strategyPrivileged Identity Management (PIM)Identity Protection and governanceB2B, Multi-Tenant Org (MTO) and cross-tenant access configurationsEntra ID Sign-In, Audit, and other security log analysisAzure RBACSome hands-on experience or commensurate knowledge ofDatacenter technologies and topologiesAzure IaaS/PaaS InfrastructureCommon Enterprise User Networking Technologies (i.e. VPN, SASE/ZTNA)Intune and Microsoft 365 suiteVirtual Desktop Infrastructure technologiesMicrosoft Purview / DLP technologiesStrong understanding of modern identity protocols (OIDC, OAuth2, SAML)Experience integrating identity into SaaS, APIs, and enterprise platformsProven ability to design, implement, and standardize identity controls at scaleStrong automation skills (PowerShell, Microsoft Graph, Terraform or similar)Ability to translate architectural vision into executable engineering outcomesAbility to influence cross-functional teamsHands-on problem solver capable of supporting complex identity escalationsPreferred RequirementsExperience with multi-tenant governance or identity transformation initiativesFamiliarity with hybrid identity (Entra Connect / Cloud Sync) and identity monitoring toolsExperience operating in regulated environments (SOX, HIPAA, etc.)Relevant certifications (e.g., SC-300, SC-100, CISSP)Work at Home RequirementsTo ensure Home or Hybrid Home/Office employees’ ability to work effectively, the self-provided internet service of Home or Hybrid Home/Office employees must meet the following criteria:At minimum, a download speed of 25 Mbps and an upload speed of 10 Mbps is required; wireless, wired cable or DSL connection is suggested. In certain roles, the minimum recommended internet speed required by Humana may not be sufficient for business needs. Humana reserves the right to require associates to upgrade their internet service if necessary.Work from a dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information.Travel: While this is a remote position, occasional travel to Humana's offices for training or meetings may be required.Scheduled Weekly Hours40Pay RangeThe compensation range below reflects a good faith estimate of starting base pay for full time
