Identity & Access Management Expert

Uni Systems is a systems integrator providing consulting, design, implementation, and support in ICT integrated solutions and services across 20+ countries in Europe. The company employs over 1400 people and serves more than 200 customers across various geographies and markets. Uni Systems offers continuous development opportunities including technical trainings, leadership programs, workshops, e-learning courses, and a Mini MBA program in collaboration with ALBA Graduate Business School. The company supports hybrid working models, private medical insurance, and mental health programs.

• Bachelor’s degree in IT or related field with 10+ years of experience, including 8+ years in IT security.
• Strong experience with Entra ID / Entra External ID, enterprise app/API integrations, and hybrid identity environments (AD DS/AD FS).
• Strong understanding of OAuth 2.0, OpenID Connect, SAML, token/session lifecycles, consent models, and enterprise authentication/authorization patterns.
• Hands-on experience implementing and troubleshooting modern authentication flows (Auth Code + PKCE, Device Code, Client Credentials, OBO), claims mapping/normalization, and SSO integrations.
• Experience with Enterprise Apps, App Registrations, service principals, managed identities, and IdP/SP federation integrations.
• Strong knowledge of Conditional Access, MFA, phishing-resistant authentication, risk-based access controls, and safe rollout/break-glass practices.
• Experience with CIAM/B2B/B2C onboarding patterns and balancing UX with security requirements.
• Experience with SailPoint governance, JML processes, access requests, certifications, SoD, role/entitlement models, and provisioning approaches (SCIM, JIT, managed provisioning).
• Solid understanding of AD DS concepts including domains/forests, trusts, delegation, OU/GPO, and hybrid identity impacts.
• Experience designing IAM controls aligned with GDPR/EUDPR, auditability, traceability, and least-privilege principles, including AI/agent identities.
• Experience with PowerShell automation, operational scripting, reporting, and controlled delivery processes (CI/CD, ITSM).
• Advanced English (C1) communication skills (written and spoken).

• Define and maintain modern authentication standards and reference architectures for applications and APIs using OAuth2, OIDC, and SAML.
• Support project teams in implementing, troubleshooting, and securing authentication flows (Auth Code + PKCE, Device Code, Client Credentials, OBO), including production incident resolution.
• Design and standardize token, session, claims, and permission strategies, including least-privilege access, consent governance, IdP normalization, and scalable API authorization models.
• Configure and operate federation integrations (IdP/SP), including metadata management, certificate rollovers, and SSO troubleshooting.
• Design and implement risk-based access controls, Conditional Access policies, MFA strategies, and phishing-resistant authentication aligned to application sensitivity.
• Deliver and improve Entra ID tenant configurations, governance controls, and operational security posture.
• Design and support external identity onboarding patterns (Entra External ID CIAM/B2B/B2C), balancing usability, security, and operational supportability.
• Implement and operate Entra ID Governance and SailPoint IGA capabilities, including JML, access requests, certifications, SoD, entitlement management, lifecycle workflows, and role modeling.
• Support application onboarding and integrations involving Enterprise Apps, App Registrations, service principals, managed identities, and hybrid identity dependencies.
• Operate and modernize hybrid identity environments involving AD DS/AD FS, including federation, delegation, group structures, and cloud transition planning.
• Develop and maintain PowerShell automation and operational tooling for identity lifecycle management, reporting, governance checks, troubleshooting, and repeatable operational tasks.
• Design and improve provisioning and lifecycle integrations (SCIM, authoritative sources, reconciliation, JIT vs managed provisioning) while ensuring GDPR/EUDPR compliance, auditability, and access hygiene, including AI/agent identities where applicable.

Uni Systems provides equal employment opportunities and prohibits discrimination on grounds of gender, religion, race, color, nationality, disability, social class, political beliefs, age, marital status, sexual orientation, or any other characteristics.