System Administrator III

E

Endava

System Administrator III

Colorado Springs, CO
Full Time
Paid
  • Responsibilities

    Job Description

    The Tier 3 Microsoft 365 Entra Administrator is a senior-level Identity & Access Management (IAM) professional responsible for securing, administering, and optimizing a hybrid identity environment spanning on‑prem Active Directory and Microsoft Entra ID. This role serves as the highest escalation point for identity-related incidents, leads advanced troubleshooting and root cause analysis, and drives identity security strategy aligned with Zero Trust principles.

    The role has a strong emphasis on identity security, governance, and privileged access , working closely with Cybersecurity, Infrastructure, and Compliance teams. The Tier 3 Entra Administrator also mentors Tier 1–2 support, owns identity automation and governance improvements, and ensures audit-ready identity operations using tools such as ServiceNow and NetIQ.

    • Must be local to Brentwood, TN or Denver, CO

    • Act as the Tier 3 escalation point for complex Entra ID, hybrid identity, and authentication incidents.

    • Lead resolution of high-severity identity outages and security incidents (authentication failures, MFA bypass attempts, Conditional Access issues).

    • Perform detailed root cause analysis (RCA) and implement long-term corrective and preventive actions.

    • Drive identity-related Problem Management activities within ServiceNow.

    • Provide technical leadership, mentoring, and knowledge transfer to Tier 1–2 support teams.

    • Administer and secure Microsoft Entra ID and on‑prem Active Directory in a hybrid configuration.

    • Support and troubleshoot Entra Connect / Cloud Sync :

      • Attribute flow and sync rule issues
      • Duplicate object resolution (soft/hard match)
      • UPN, proxyAddress, and source anchor mismatches

    • Partner with AD, PKI, networking, and endpoint teams to ensure identity dependencies remain secure and resilient.

    • Identity Security & Zero Trust Enforcement (Primary Focus)

    • Design, implement, and maintain Conditional Access policies with a security-first approach:

      • Risk-based access
      • Device and platform restrictions
      • Session controls and legacy authentication blocking

    • Manage and optimize authentication methods , including:

      • MFA (Authenticator, FIDO2, WHfB, OATH, Temporary Access Pass)
      • Phishing-resistant authentication strategies

    • Administer Privileged Identity Management (PIM) :

      • Eligible role assignments
      • Approval workflows
      • Just-in-time access
      • Privileged access monitoring and alerts

    • Investigate Entra ID Protection risk detections and coordinate remediation for risky users and sign-ins.

    • Maintain and protect break-glass and emergency access accounts.

    • Lead identity governance initiatives using:

      • Access Reviews
      • Entitlement Management / Access Packages
      • Lifecycle and joiner-mover-leaver processes

    • Utilize NetIQ identity tools to support:

      • Identity lifecycle management
      • Role-based access models
      • Attestation and access certification workflows

    • Ensure identity controls align with regulatory and audit requirements (SOX, SOC 2, ISO, HIPAA, etc.).

    • Provide audit evidence, logging, and reporting for identity-related controls.

    • Application Access & Single Sign-On (SSO)

    • Integrate and secure enterprise and SaaS applications using Entra SSO:

      • SAML, OAuth 2.0, OpenID Connect
      • SCIM provisioning and deprovisioning

    • Secure and manage:

      • App registrations and service principals
      • API permissions and consent models
      • Certificate and secret lifecycle management

    • Troubleshoot federation, claims, and token-related issues

    • ServiceNow & Operational Excellence

    • Use ServiceNow for:

      • Incident, Problem, and Change Management
      • Identity request workflows and approvals
      • CMDB and service mapping related to identity services

    • Improve operational maturity through:

      • Runbooks and SOPs
      • Monitoring and alerting enhancements
      • Identity-related SLAs and KPIs

    • Automation & Continuous Improvement

    • Automate identity operations using:

      • PowerShell
      • Microsoft Graph
      • Azure Automation / Logic Apps

    • Reduce manual access administration and improve consistency through automation.

    • Maintain version-controlled scripts and documentation.

    • Continuously assess and improve identity security posture and architecture.

  • Qualifications

    Qualifications

    Required:

    • 5+ years of IAM experience, with 3+ years focused on Microsoft Entra ID in a hybrid environment.
    • Deep expertise in:
      • Microsoft Entra ID and Active Directory
      • Conditional Access, MFA, and Zero Trust identity controls
      • Privileged Identity Management (PIM)
      • Hybrid identity troubleshooting (sync, authentication, federation)
    • Hands-on experience with ServiceNow (ITSM, identity workflows).
    • Experience working with NetIQ identity governance or directory tools.
    • Strong PowerShell and automation skills.
    • Proven ability to lead incident response and security-focused identity initiatives.
    • Security-first mindset with strong Zero Trust principles
    • Advanced troubleshooting and analytical skills
    • Strong collaboration with Security, Compliance, and Infrastructure teams
    • Clear technical documentation and communication
    • Ability to lead initiatives independently and influence identity strategy

    Preferred:

    • Microsoft certifications (preferred):
      • SC-300 – Identity and Access Administrator
      • SC-200 / SC-100 – Security
      • AZ-104, MS-102
    • Experience with:
      • Entra ID Protection and identity risk management
      • Defender for Cloud Apps integration
      • Phishing-resistant MFA rollouts (FIDO2 / WHfB)
      • ITIL-based operational environments
    • Experience supporting regulated or highly audited environments.

    Additional Information

    Discover some of the global benefits that empower our people to become the best version of themselves:

    • Finance: Competitive salary package, share plan, company performance bonuses, value-based recognition awards, referral bonus;
    • Career Development : Career coaching, global career opportunities, non-linear career paths, internal development programmes for management and technical leadership;
    • Learning Opportunities: Complex projects, rotations, internal tech communities, training, certifications, coaching, online learning platforms subscriptions, pass-it-on sessions, workshops, conferences;
    • Work-Life Balance: Hybrid work and flexible working hours, employee assistance programme;
    • Health: Global internal wellbeing programme, access to wellbeing apps;
    • Community: Global internal tech communities, hobby clubs and interest groups, inclusion and diversity programmes, events and celebrations.

    Additional Employee Requirements

    • Participation in both internal meetings and external meetings via video calls, as necessary.
    • Ability to go into corporate or client offices to work onsite, as necessary.
    • Prolonged periods of remaining stationary at a desk and working on a computer, as necessary.
    • Ability to bend, kneel, crouch, and reach overhead, as necessary.
    • Hand-eye coordination necessary to operate computers and various pieces of office equipment, as necessary.
    • Vision abilities including close vision, toleration of fluorescent lighting, and adjusting focus, as necessary.
    • For positions that require business travel and/or event attendance, ability to lift 25 lbs, as necessary.
    • For positions that require business travel and/or event attendance, a valid driver’s license and acceptable driving record are required, as driving is an essential job function.

    *If requested, reasonable accommodations will be made to enable employees requiring accommodations to perform the essential functions of their jobs, absent undue hardship.

    USA Benefits (Full time roles only, does not apply to contractor positions)

    • Robust healthcare and benefits including Medical, Dental, vision, Disability coverage, and various other benefit options
    • Flexible Spending Accounts (Medical, Transit, and Dependent Care)
    • Employer Paid Life Insurance and AD&D Coverages
    • Health Savings account paired with our low-cost High Deductible Medical Plan
    • 401(k) Safe Harbor Retirement plan with employer match with immediately vest

    At Endava, we’re committed to creating an open, inclusive, and respectful environment where everyone feels safe, valued, and empowered to be their best. We welcome applications from people of all backgrounds, experiences, and perspectives—because we know that inclusive teams help us deliver smarter, more innovative solutions for our customers. Hiring decisions are based on merit, skills, qualifications, and potential. If you need adjustments or support during the recruitment process, please let us know.