Microsoft Entra ID & Active Directory Engineer

Company Description

Metro Global Solution Center (MGSC) is internal solution partner for METRO, a €31.6 Billion international wholesaler with operations in more than 30 countries. The store network comprises a total of 623 stores in 21 countries, of which 522 offer out-of-store delivery (OOS), and 94 dedicated depots. In 12 countries, METRO runs only the delivery business by its delivery companies (Food Service Distribution, FSD).

HoReCa and Traders are core customer groups of METRO. The HoReCa section includes hotels, restaurants, catering companies as well as bars, cafés and canteen operators. The Traders section includes small grocery stores and kiosks. The majority of all customer groups are small and medium-sized enterprises as well as sole traders. METRO helps them manage their business challenges more effectively.

MGSC, location wise is present in Pune (India), Düsseldorf (Germany) and Szczecin (Poland). We provide HR, Finance, IT & Business operations support to 31 countries, speak 24+ languages and process over 18,000 transactions a day. We are setting tomorrow’s standards for customer focus, digital solutions, and sustainable business models. For over 10 years, we have been providing services and solutions from our two locations in Pune and Szczecin. This has allowed us to gain extensive experience in how we can best serve our internal customers with high quality and passion. We believe that we can add value, drive efficiency, and satisfy our customers.
 

Website: https://www.metro-gsc.in
Company Size: 1000-1100
Headquarters: Pune, Maharashtra, India
Type: Privately Held
Inception:  2011

Job Description

Microsoft Entra ID (Advanced Implementation)

• Implement and optimize Conditional Access policies based on approved designs
• Support and operationalize:
  • Risk‑based access policies
  • Authentication Strengths and phishing‑resistant MFA
• Lead operational implementation of Privileged Identity Management (PIM):
  • Role assignments
  • Approval workflows
  • Just‑in‑Time access configuration
• Secure application and workload identities:
  • App registrations and service principals
  • OAuth permission governance

On‑Prem Active Directory (Security & Hardening)

• Support and enforce AD security best practices:
  • Tiered admin model (Tier 0 / 1 / 2)
  • Privileged account separation
• Lead AD hardening activities:
  • LAPS
  • Protected Users
  • Delegation and admin access restrictions
• Troubleshoot complex AD security and authentication issues

Hybrid Identity & Integration

• Support Entra Connect configuration and lifecycle management
• Assist in evaluating authentication models and hybrid trust decisions
• Support integration of identity with:
  • Azure subscriptions
  • Third‑party SaaS applications

Threat Detection & Operations

• Support CyberDefence team for Identity (MDI) investigations and tuning
• Act as a technical escalation point during identity‑related incidents

Collaboration & Mentoring

• Mentor mid‑level engineers and provide technical guidance
• Participate in design reviews and provide implementation feedback
• Work closely with Identity Architects, Security, and Platform teams

Qualifications

• 8–10 years of experience in identity and access management
• Strong hands‑on experience with:
  • Microsoft Entra ID P2
  • Conditional Access at scale
  • Privileged Identity Management
  • Active Directory security
• Experience supporting hybrid AD environments
• Advanced PowerShell scripting and automation
• Strong understanding of identity‑based attack techniques and mitigations
• Solid grasp of Zero Trust principles (implementation‑focused)

Additional Information

• Experience with:
  • Concepts around IGA
  • Defender for Identity
  • Passwordless authentication (FIDO2, WHfB)
  • VDI or shared device environments
• Certifications:
  • SC‑300
  • AZ‑500
  • Microsoft Security certifications