Search jobs > Saint Paul, MN > Permanent > Security engineer

Entra ID Security Engineer (Systems Engineer 3)

Metropolitan Council
Saint Paul, MN, United States
$89K-$144.4K a year
Full-time

WHO WE ARE

This position is eligible for a hybrid (both remote and onsite) telework arrangement. Candidate's permanent residence must be in Minnesota or Wisconsin.

We are the Metropolitan Council , the regional government for the seven-county Twin Cities metropolitan area. We plan 30 years ahead for the future of the metropolitan area and provide regional transportation, wastewater, and housing services.

More information about us on our website.

We are committed to supporting a diverse workforce that reflects the communities we serve.

Information Services is the central IT department supporting all divisions of the Metropolitan Council. Our 140 team members provide technology, practices, and innovative solutions that enable the core services of the Council.

How your work would contribute to our organization and the Twin Cities region :

We are seeking a highly skilled Entra ID Security Engineer to join our team to design, implement, and manage secure identity services across our cloud infrastructure using Microsoft Entra ID (formerly Azure Active Directory).

The ideal candidate will have in-depth experience with identity governance, zero-trust architecture, and hybrid identity environments.

As an Entra ID Security Engineer, you will focus on architecting and maintaining Microsoft Entra ID and Active Directory environments, ensuring robust security for cloud and on-premises resources.

You will collaborate closely with the security and operations teams to ensure seamless and secure authentication and authorization processes, enforce identity security best practices, and respond to potential identity threats.

Full Salary Range : $42.79 - $69.41 hourly / $89,003 - $144,373 yearly

What you would do in this job

Architect and Implement Identity Solutions :

  • Design and implement Microsoft Entra ID identity services to secure access to cloud-based and on-premises applications
  • Configure and maintain Azure AD Conditional Access Policies to enforce risk-based sign-in controls, such as multi-factor authentication (MFA), device compliance policies, and geolocation-based restrictions
  • Architect and maintain Identity Governance using Access Reviews , Entitlement Management , and Lifecycle Workflows for efficient user lifecycle management

Identity Security Best Practices :

  • Implement Identity Protection policies to detect and respond to risks such as leaked credentials, risky sign-ins, and compromised user accounts
  • Develop Zero Trust identity architectures, ensuring strong authentication mechanisms and least privilege access controls
  • Regularly update and audit Access Control Lists (ACLs) and Role-Based Access Control (RBAC) policies to minimize access vulnerabilities
  • Utilize Conditional Access Report-Only Mode to simulate policies and fine-tune their impact before enforcing

Hybrid Identity Environment Management :

  • Oversee and maintain Azure AD Connect to ensure proper synchronization between on-premises Active Directory (AD) and Microsoft Entra ID
  • Configure and secure Single Sign-On (SSO) for both SaaS applications and on-premises resources, leveraging protocols such as SAML, OAuth2, OpenID Connect , and WS-Federation
  • Troubleshoot and manage issues related to hybrid identity environments, including synchronization conflicts, password hash synchronization, and pass-through authentication
  • Monitor and manage Azure AD Domain Services (AAD DS) for secure legacy app integration

Automation and Infrastructure as Code (IaC) :

  • Automate routine identity tasks, such as user provisioning and group management, using PowerShell and Microsoft Graph API
  • Develop and manage Azure ARM templates or Terraform scripts for automating the deployment of identity-related infrastructure components
  • Integrate identity services into CI / CD pipelines using Azure DevOps to ensure secure and automated provisioning of roles, policies, and access controls

Identity Monitoring and Incident Response :

  • Utilize Microsoft Entra Identity Protection to detect and respond to identity-based threats, such as sign-ins from unfamiliar locations, impossible travel scenarios, and suspicious user behavior
  • Set up alerts and monitoring using Microsoft Sentinel to track security incidents involving identity resources
  • Perform regular security assessments using tools like Azure Security Center to evaluate identity configuration, detect vulnerabilities, and apply remediation steps
  • Coordinate and respond to identity-related incidents, such as account compromises or privilege escalation attempts, following defined incident response protocols

Data Security and Compliance :

  • Securely store and manage encryption keys, certificates, and secrets using Azure Key Vault integrated with Entra ID for role-based access
  • Implement and enforce Data Loss Prevention (DLP) policies within Entra ID to ensure that sensitive data remains protected within the identity system
  • Ensure compliance with frameworks such as GDPR , HIPAA , and PCI-DSS , regularly auditing identity logs and access records using Azure AD Sign-in Logs and Audit Logs

What education and experience are required for this job (minimum qualifications)

Any of the following combinations of education (in Computer Science, Systems Security, or similar) and relevant experience :

  • Bachelor's degree and 5 years of experience
  • Associate's degree and 7 years of experience
  • High school diploma or GED and 9 years of experience

Knowledge, Skills, and Abilities :

  • Experience in configuring and managing Microsoft Entra ID (Azure AD) environments
  • Experience with Conditional Access , Multi-Factor Authentication (MFA) , and Privileged Identity Management (PIM)
  • Experience with hybrid identity models, including managing Azure AD Connect and on-premises AD integration
  • Proficiency in scripting with PowerShell and managing API-based automation through Microsoft Graph API
  • Experience with cloud identity management tools, including Azure Identity Protection , Microsoft Defender for Identity , and Microsoft Sentinel
  • Understanding of OAuth2 , OpenID Connect , and SAML protocols for SSO and federated identity
  • Ab ility to attain Microsoft AZ-900 fundamentals certification and progress to additional advanced certifications
  • Ab ility to complete Azure DevOps services CI / CD implementation for custom applications
  • Abili ty to define a plan to implement security and quality tooling into CI / CD pipelines
  • Skilled in collaboration, facilitation, and mentoring skills
  • St rong understanding of overall information security best practices
  • Ab ility to provide great quality customer service
  • Ab ility to prioritize and balance multiple tasks
  • Ab ility to communicate effectively with diverse peers, business units and vendors
  • Ab ility to work independently and with minimal supervision
  • Ability to implement corrective actions

What additional skills and experience would be helpful in this job (desired qualifications) :

  • Relevant certifications such as Microsoft Certified : Identity and Access Administrator Associate or Microsoft Certified : Security, Compliance, and Identity Fundamentals
  • Experience with auditing tools like Azure AD Identity Governance and Access Reviews for compliance
  • Familiarity with Zero Trust security frameworks and their application to identity management

What you can expect from us :

  • We offer the opportunity to make a difference and positively influence the Twin Cities metropolitan area
  • We encourage our employees to develop their skills through on-site training and tuition reimbursement
  • We provide a competitive salary, excellent benefits and a good work / life balance

More about why you should join us!

Additional information

Union / Grade : AFSCME, Grade I

FLSA Status : Exempt

Safety Sensitive : No

Work Environment :

Work is performed in a standard office setting.

May require travel between primary worksite and various locations on short notice to resolve computer system problems.

What steps the recruitment process involves :

  • We review your minimum qualifications.
  • We rate your education and experience.
  • We conduct a structured panel interview.
  • We conduct a selection interview.

Once you have successfully completed the steps above, then :

If you are new to the Metropolitan Council , you must pass a drug test (safety sensitive positions only), and a background check which verifies education, employment, and criminal history.

A driving record check and / or physical may be conducted if applicable to the job. If you have a criminal conviction, you do not automatically fail.

The Metropolitan Council considers felony, gross misdemeanor and misdemeanor convictions on a case-by-case basis, based on whether they are related to the job and whether the candidate has demonstrated adequate rehabilitation.

If you are already an employee of the Metropolitan Council , you must pass a drug test (if moving from a non-safety sensitive position to a safety sensitive position) and criminal background check if the job you're applying for is safety sensitive, is a supervisory or management job, is in the Finance, Information Services, Audit, or Human Resources departments, or has access to financial records, files / databases, cash, vouchers or transit fare cards.

A driving record check and / or physical may be conducted if applicable to the position.

IMPORTANT : If you make a false statement or withhold information, you may be barred from job consideration.

The Metropolitan Council is an Equal Opportunity, Affirmative Action, and veteran-friendly employer. The Council is committed to a workforce that reflects the diversity of the region and strongly encourages persons of color, members of the LGBTQ community, individuals with disabilities, women, and veterans to apply.

If you have a disability that requires accommodation during the selection process, please email [email protected] .

12 hours ago
Related jobs
Promoted
VirtualVocations
Saint Paul, Minnesota

A company is looking for a Senior Enterprise Security Engineer responsible for enhancing security posture across infrastructure and SaaS applications. Familiarity with major cloud providers (AWS, Azure, GCP) and Kubernetes. ...

Promoted
Phaedon
Minneapolis, Minnesota

We are seeking a highly skilled AWS Cloud Security Architect Engineer to join our team. Strong understanding of SOC 2 Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, and Privacy). Reasonable Accommodations are available, including, but not limited to, for disa...

Promoted
VirtualVocations
Saint Paul, Minnesota

A company is looking for a Security Operations Engineer to implement and maintain technical solutions to prevent and combat data threats. ...

Leonardo DRS
Burnsville, Minnesota

Technical degree (Master or Bachelor of Science) in relevant field with at least 8 years of direct experience related to Systems with Test & Project Engineering skillsets and must have demonstrated success in similar technical environments. In this role, the candidate will be responsible for assigne...

Promoted
VirtualVocations
Saint Paul, Minnesota

A company is looking for a Fully Remote Azure Security Engineer to manage cloud operations in an Azure environment. ...

CVS Health
Work from home, MN, US
Remote

The Staff Security Engineer of IAM will be a product owner and lead engineer within Identity Access Management (IAM) space for CVS Health. Operating within DevOps and Agile frameworks as part of our Product Management Model, an ideal candidate will have strong soft skills and engineering skills. As ...

Medtronic
Fridley, Minnesota

As a Principal Systems Engineer, you will be the technical leader for our Deep Brain, Spinal Cord Stim, Targeted Drug Delivery, and Pelvic Health Implantable systems, focused on external devices and their accessories. This complex platform will require your in-depth knowledge of systems engineering ...

General Dynamics
Bloomington, Minnesota

Requires a Bachelor’s degree in Systems Engineering, or a related Science, Engineering or Mathematics field. As a Systems Test Engineer for GDMS, you’ll lead a cross functional team responsible for development of a generic platform to support muliple new products in production. Research oriented wor...

Olsson
Minneapolis, Minnesota
Remote

Olsson's Facilities Engineering and Design team, you’ll provide high-level technical support and lead quality assurance/quality control (QA/QC) activities that drive excellence in healthcare facilities design. Collaborate with multidisciplinary teams to integrate electrical systems seamlessly into o...

Travelers
Saint Paul, Minnesota

The Systems Engineer/DBA resides in The Cloud, NoSQL, and Open Source Database Team, within Database Engineering. Identifies talents of others and matches them to tasks that will best suit project goals and/or provide growth for the individual. Identifies talents of others and matches them to tasks ...