AD & Entra ID Expert

Take a step forward and let Edenred surprise you.

Every day, we deliver innovative solutions to improve the life of millions of people, connecting employees, companies, and merchants all around the world. 

We know there are hundred ways for you to grow. With us, you will expand your skills in a multicultural, challenging, and dynamic environment. 

Dare to join Edenred and get ready to thrive in a global company that will offer you endless opportunities.

Edenred is all about meritocracy. You come as you are, and you contribute. Indeed, the Edenred Group recognizes, recruits and develops all talents and singularities.

We are committed to preventing all forms of discrimination and to providing all our candidates with equal opportunities regardless of their gender and gender expression, disability, origin, religious belief and sexual orientation or any other criteria.

The Edenred Digital Center (EDC) in Bucharest, Romania is Edenred Group's new Digital hub for strategic IT projects.

The Identity expert will be responsible for designing, implementing, operating, securing, and evolving the organization’s hybrid identity infrastructure, spanning on-premises Active Directory (AD DS, AD CS) and Microsoft Entra ID.
This role ensures the availability, security, compliance, and governance of Tier 0 identity assets, supports global IT operations, and contributes to the transition toward cloud-native identity and Zero Trust models

Your Role:

• Design, implement, and manage AD & Entra ID architecture, including hybrid identity, conditional access, identity governance, identity protection, hybrid identity, and privileged identity management.
• Co-lead the migration of AD to Entra ID for Workstations.
• Develop, implement, and support automation for provisioning/deprovisioning across AD DS and Entra ID.
• Develop and enforce identity lifecycle policies, including provisioning, deprovisioning, and role-based access control (RBAC).
• Collaborate with cybersecurity, infrastructure, and application teams to ensure secure and compliant identity solutions.
• Provide technical leadership on Identity-related projects and support audits and compliance reviews.
• Serve as a subject matter expert and product owner for AD & Microsoft Entra ID across the enterprise.
• Contribute to Identity roadmap in alignment with security, compliance, and digital workplace strategies.
• Propose and lead initiatives to improve identity lifecycle management, access governance, and user experience.
• Monitor and optimize AD & Entra ID performance, availability, and security posture.
• Take part of the day-to-day operational tasks:
• Create, manage, and maintain AD users, groups, organizational units, and Entra ID objects.
• Operate and secure Tier 0 assets: Domain Controllers, Entra ID tenants, Entra ID Connect, AD CS (PKI), and Privileged Access Workstations.
• Lead lifecycle tasks: FSMO role management, SYSVOL replication, GPO management, krbtgt password rotation, and Windows Time Service synchronization.
• Monitor and maintain synchronization health for hybrid identity environments (Entra ID Connect, staging nodes, synchronization rules, outbound trusts).
• Enforce least privilege and role-based access through Entra ID PIM, RBAC, and Conditional Access policies.
• Collaborate with SOC and Cyber teams on identity-related threat detection and response (MDI, MDE, Identity Protection).
• Resolve existing findings from Vulnerability management tools such as PingCastle
• Define and enforce governance for SSO integrations (SAML, OAuth, OIDC) and Entra ID app registrations / enterprise applications.
• Ensure compliance with frameworks (PCI DSS, ISO 27001, internal policies).
• Maintain audit logs, operational runbooks, and documentation to support annual reviews and audits.
• Partner with Digital Workplace, Application, and Infrastructure Teams to resolve incidents, perform root cause analysis, and ensure continuity of service.
• Participate in Change Advisory Board (CAB) reviews, risk assessments, and operational acceptance for new services.

Your Profile:

You Will Have To Demonstrate:

• Extensive hands-on experience with Microsoft EntraID / Azure AD in a complex enterprise environment.
• Experience with hybrid identity (on-prem AD + EntraID).
• Good experience of Azure
• Strong knowledge of identity federation (SAML, OAuth, OpenID Connect), MFA, and conditional access policies.
• Automation & Scripting: Strong proficiency in PowerShell for reporting, auditing, provisioning, and automation of hybrid identity operations.
• Familiarity with Microsoft Intune and Microsoft 365 security tools.
• Identity Security & Governance: Tiering Model, Zero Trust principles, identity lifecycle management (IGA/IAM), privileged access governance, least privilege enforcement.
• Threat Detection & Response: Familiarity with Microsoft Defender for Identity (MDI), Defender for Endpoint (MDE), SIEM/SOAR (e.g., Splunk, Sentinel), and incident response workflows.
• Compliance & Audit: Knowledge of regulatory requirements (PCI DSS, ISO 27001, SOX), documentation practices, and evidence gathering for audits.
• At least 6 Years at managing and maintaining Active Directory Services (AD DS): Domain Controller operations, FSMO roles, SYSVOL replication, GPO management, krbtgt password rotation.
• Microsoft Entra ID: Tenant administration, Entra ID Connect (Staging/Active nodes), synchronization health, role management, Conditional Access, PIM/RBAC.
• Single Sign-On & Applications: Governance of Entra ID App Registrations, Enterprise Apps, OAuth/SAML configurations, API permissions, and application security reviews.
• AD CS (PKI): Certificate authority operations, key management, certificate lifecycle management.

Core Competencies

• Analytical & Problem-Solving: Ability to assess complex hybrid identity issues and propose effective, business-aligned solutions.
• Collaboration: Work effectively across global IT, Security, and Infrastructure teams in different regions (EMEA, APAC, Americas).
• Communication: Ability to explain technical issues to non-technical stakeholders (e.g., managers, compliance teams).
• Security Mindset: Strong focus on safeguarding Tier 0 identity assets, incident prevention, and proactive risk management.
• Process Orientation: Knowledge of ITIL/ITSM practices, CAB participation, and change management to minimize operational risks.
• Continuous Improvement: Drive automation, efficiency, and modernization of identity services toward cloud-native and Zero Trust approaches.
• Fluent English speaker
• Preferred Certifications (Nice to Have)
• Microsoft:
• MS-102 (Microsoft 365 Administrator)
• SC-100 (Cybersecurity Architect)
• SC-300 (Identity & Access Administrator)
• Security/Compliance: CISM, CISSP, or equivalent.
• Cloud/Automation: Azure Administrator Associate, or equivalent scripting/automation certifications.

Joining Us Means:

• Taking part in an ambitious corporate project
• Becoming part of a team that embraced the digitalization challenge and enjoys this transformation every day
• Living our values every day: passions for customers, respect, imagination, simplicity, entrepreneurial spirit.

Because:

• You will greatly contribute to build the project that will improve the customers’ experience on an international level
• You will get exposure to various global cultures and teams
• You will be working with the newest technologies to build a new platform from scratch
• We offer you a very pleasant working environment, close to Bucharest city center
• We also have for you: meal tickets, holiday vouchers, health subscription, flexible hours, a work policy with 2 days per week in the office, flexible benefits system, on-the-job training & e-learning platforms.

And we do not stop here!

Apply now and Vibe with Us!