IAM Engineer - MS365 / Entra ID / SSO / MFA

South Yorkshire
£700 - £765 per day
Contract

Posted on Tue Mar 2026

Microsoft 365 / Entra ID / SSO / MFA

Role: IAM Engineer
Contract: 7+ months initially
IR35: Inside IR35
Day Rate: Up to £765 per day (via umbrella) potential for flex DOE
Location: Hybrid2 days/week on‑site in Sheffield, remainder remote
Start: ASAP

Summary

An established well known national organisation is seeking a hands‑on IAM Engineer to implement and operate identity, authentication, and access controls across Microsoft 365 and Microsoft Entra ID (Azure AD).

Focus is on SSO, MFA, Conditional Access, identity lifecycle, and privileged access (with CyberArk as a desirable skill). This is a delivery and operations role (not an architect), partnering with Security, Infrastructure, and Service Management to harden controls, reduce risk, and improve user experience.

Responsibilities

  • Entra ID operations & hardening: tenant hygiene, identity security baseline, Conditional Access (CA) design/maintenance, break‑glass access.
  • SSO engineering: onboard and support SAML/OIDC apps; configure enterprise app registrations, claims, tokens, and session settings.
  • MFA at scale: method policies (Authenticator, FIDO2, SMS), registration campaigns, CA‑based MFA enforcement, resilient admin access patterns.
  • Lifecycle & access controls: group‑based access, dynamic groups, PIM (just‑in‑time admin), RBAC reviews, access reviews, least‑privilege enforcement.
  • Microsoft 365 alignment: integrate with Defender for Cloud Apps, govern Exchange/SharePoint/Teams access, improve Secure Score.

Required Skills & Experience

  • Proven, hands‑on Microsoft Entra ID administration: app registrations, Conditional Access, Identity Protection, authentication strengths, and policy operations.
  • SSO delivery using SAML 2.0 / OIDC / OAuth 2.0: enterprise app onboarding, claims mapping, token troubleshooting (SAML traces, Fiddler, browser dev tools).
  • MFA engineering and rollout: CA‑based MFA, method policies, break‑glass procedures, staged/targeted deployments.
  • Microsoft 365 security controls: Exchange, SharePoint/OneDrive, Teams governance and access configuration.

Desirable

  • CyberArk PAM (Core PAS): Safes, platform onboarding, credential rotation, PSM/PSMP, API integration.

If you have the relevant skills and interested in hearing more please apply with your latest CV.

Apply for this role:

    Share this role:
    Advertised By:
    Scott Defries

    Scott has been working in recruitment since 2006, delivering consistent, high-quality talent across technology and digital roles. With deep market knowledge and a delivery-focused approach, he supports clients by securing the right talent efficiently and effectively.

    Similar Opportunities

    Employers About TRIA News & Insights Work for TRIA

    Actions speak louder than words when it comes to ED&I and we’re proud to let ours do the talking for us. TRIA have a majority female workforce from director level down and to keep building on this, we embody a commitment to keep TRIA a safe, prejudice-free environment.

    TRIA Consulting is dedicated to delivering end-to-end services that unlock potential and maximise value. Unlike traditional recruitment, we focus on providing comprehensive consultancy solutions tailored to your organisation's unique objectives.

    TEL 0117 332 7000 | POST 14th Floor, Colston Tower, Colston St, Bristol BS1 4XE

    Privacy Policy Terms & Conditions DE&I Policy Cookies Policy Modern Slavery Act Statement