IAM Senior Engineer - Active Directory/Entra ID

This role has been designed as ‘’Onsite’ with an expectation that you will primarily work from an HPE office.

Who We Are:

Hewlett Packard Enterprise is the global edge-to-cloud company advancing the way people live and work. We help companies connect, protect, analyze, and act on their data and applications wherever they live, from edge to cloud, so they can turn insights into outcomes at the speed required to thrive in today’s complex world. Our culture thrives on finding new and better ways to accelerate what’s next. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good. If you are looking to stretch and grow your career our culture will embrace you. Open up opportunities with HPE.

Job Description:

HPE Global IT is a dynamic organization enabling the enterprise to innovate and lead the industry with our consumption-based IT transformation and our consulting, financial, educational, and operational support services.  Join us as we develop innovative solutions that revolutionize how we help customers by simplifying their operations and move the world forward.

About our Cybersecurity Team
Are you ready to make an impact with one of the world’s leading technology companies? HPE’s Cybersecurity team is where you can do just that. We’re looking for a highly skilled and motivated Senior Active Directory (AD), Entra ID Engineer to join our global Cybersecurity organization. If you’re passionate about modernizing enterprise directory services, securing hybrid identity environments, and driving Zero Trust and cloud identity adoption, this is the role for you.

What you’ll do:

About the Role

We are seeking a highly skilled Senior Active Directory (AD), Entra ID Engineer with 10+ years of IT or cybersecurity experience, including 7+ years focused on AD, Entra ID, and Azure identity engineering in enterprise-scale environments. This role is critical to designing, implementing, and securing hybrid identity infrastructures that enable Zero Trust, cloud transformation, and regulatory compliance. You will take ownership from technical design through deployment and optimization, ensuring secure, automated, and scalable identity solutions across complex global environments.

Key Responsibilities

Technical Design & Engineering

• Engineer, deploy, and optimize Active Directory, Entra ID, and Azure identity services across enterprise-scale hybrid environments.
• Design and manage multi-forest AD architectures, including schema extensions, replication, delegation, and hardening.
• Implement and maintain cross-domain and cross-tenant synchronization between AD and Entra ID using Entra Connect or Cloud Sync.
• Engineer secure authentication and federation flows leveraging Kerberos, NTLM, SAML, OIDC, and OAuth2.
• Implement and enhance conditional access, MFA, passwordless, and FIDO2 authentication methods in Entra and Azure environments.
• Support Zero Trust Directory Security through tiered administration, least privilege, and delegated access controls.
• Partner with cloud and infrastructure teams to ensure secure integration of Azure resources with enterprise identity services.

Operations & Integration

• Maintain and secure domain controllers, DNS, DHCP, and Group Policy Objects (GPOs) across global environments.
• Manage Azure AD tenants, subscriptions, and resource access controls (RBAC, PIM, Entra roles).
• Integrate on-prem AD with Azure workloads, Microsoft 365, Intune, and other SaaS applications.
• Automate operational tasks using PowerShell, Graph API, and Azure Automation.
• Support incident response, directory health checks, replication analysis, and disaster recovery procedures.
• Collaborate with IAM, PAM, and Cloud Security teams to align identity operations and cloud governance.

Security & Compliance

• Implement and maintain security baselines, privileged access models, and directory hardening for both AD and Azure environments.
• Conduct periodic reviews of GPOs, ACLs, and admin rights to prevent privilege escalation and lateral movement.
• Integrate directory and Azure logging with SIEM/SOAR platforms for continuous monitoring and anomaly detection.
• Ensure directory and Azure controls meet regulatory and audit requirements (SOX, FedRAMP, ISO 27001, etc.).
• Collaborate with cybersecurity architects to evaluate and mitigate identity-related vulnerabilities.

Collaboration & Continuous Improvement

• Work with enterprise architects, IAM, and cloud teams to align directory and Azure services with enterprise identity strategy.
• Drive modernization and automation of directory and Azure identity operations.
• Provide technical mentorship and guidance to junior engineers and peer teams on AD, Entra, and Azure identity practices.
• Contribute to roadmap planning, documentation, and adoption of new Azure identity and governance features.

What you need to bring:

Education & Experience Requirements

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience).
• 10+ years of IT or cybersecurity experience, including 7+ years focused on AD, Entra ID, and Azure identity engineering in enterprise-scale environments
• Deep hands-on experience managing multi-forest AD environments (schema, replication, delegation, GPOs, DNS, DHCP).
• Strong expertise with Entra ID and hybrid identity integration (Entra Connect / Cloud Sync, federation, SSO).
• Hands-on experience with Azure governance, RBAC, PIM, and access policy enforcement.
• Experience implementing conditional access, passwordless, and phishing-resistant MFA in Entra and Azure.
• Proficiency in PowerShell scripting, Graph API, and Azure automation for identity management and reporting.
• Solid understanding of authentication protocols (Kerberos, NTLM, LDAP, SAML, OIDC, OAuth2).
• Familiarity with Zero Trust, tiered admin models, and directory hardening practices.
• Experience with directory and cloud security tools (PingCastle, Netwrix, Microsoft Defender for Identity, Entra ID Governance).

Preferred Certifications:
Microsoft Certified: Identity and Access Administrator Associate, Entra ID Support Engineer, Azure Administrator Associate, or equivalent.

Additional Skills:

Accountability, Accountability, Action Planning, Active Learning, Active Listening, Agile Methodology, Bias, Business, Coaching, Creativity, Critical Thinking, Cybersecurity, Data Analysis Management, Data Collection Management (Inactive), Data Controls, Design Thinking, Development Methodologies, Empathy, Follow-Through, Growth Mindset, Implementation Methodologies, Infrastructure Design, Intellectual Curiosity (Inactive), Long Term Planning, Managing Ambiguity {+ 4 more}

What We Can Offer You:

Health & Wellbeing

We strive to provide our team members and their loved ones with a comprehensive suite of benefits that supports their physical, financial and emotional wellbeing.

Personal & Professional Development

We also invest in your career because the better you are, the better we all are. We have specific programs catered to helping you reach any career goals you have — whether you want to become a knowledge expert in your field or apply your skills to another division.

Unconditional Inclusion

We are unconditionally inclusive in the way we work and celebrate individual uniqueness. We know varied backgrounds are valued and succeed here. We have the flexibility to manage our work and personal needs. We make bold moves, together, and are a force for good.

Let's Stay Connected:

Follow @HPECareers on Instagram to see the latest on people, culture and tech at HPE.

#india#globalIT

Job:

Information Technology

Job Level:

TCP_04

HPE is an Equal Employment Opportunity/ Veterans/Disabled/LGBT employer. We do not discriminate on the basis of race, gender, or any other protected category, and all decisions we make are made on the basis of qualifications, merit, and business need. Our goal is to be one global team that is representative of our customers, in an inclusive environment where we can continue to innovate and grow together. Please click here: Equal Employment Opportunity.

Hewlett Packard Enterprise is EEO Protected Veteran/ Individual with Disabilities.

HPE will comply with all applicable laws related to employer use of arrest and conviction records, including laws requiring employers to consider for employment qualified applicants with criminal histories.

No Fees Notice & Recruitment Fraud Disclaimer

It has come to HPE’s attention that there has been an increase in recruitment fraud whereby scammer impersonate HPE or HPE-authorized recruiting agencies and offer fake employment opportunities to candidates.  These scammers often seek to obtain personal information or money from candidates.

Please note that Hewlett Packard Enterprise (HPE), its direct and indirect subsidiaries and affiliated companies, and its authorized recruitment agencies/vendors will never charge any candidate a registration fee, hiring fee, or any other fee in connection with its recruitment and hiring process.  The credentials of any hiring agency that claims to be working with HPE for recruitment of talent should be verified by candidates and candidates shall be solely responsible to conduct such verification. Any candidate/individual who relies on the erroneous representations made by fraudulent employment agencies does so at their own risk, and HPE disclaims liability for any damages or claims that may result from any such communication.