Senior Entra ID/Active Directory Engineer (Systems Engineer 3) - REPOST Print (https://www.governmentjobs.com/careers/metrocouncil/jobs/newprint/4693137) Apply  Senior Entra ID/Active Directory Engineer (Systems Engineer 3) - REPOST Salary See Position Description Location 390 Robert St. N St. Paul, MN Job Type Full-Time Job Number 2024-00377 Division Regional Administration Department IS-Admin Opening Date 03/21/2025 Closing Date Continuous + Description + Benefits + Questions WHO WE ARE This posting is open continuously. However, it may close any time after April 11, 2025. Priority will be given to applications received on or before April 11, 2025. This is a reposted position - if you have recently applied and/or interviewed you do not need to apply again. We are theMetropolitan Council, the regional government for the seven-county Twin Cities metropolitan area. We plan 30 years ahead for the future of the metropolitan area and provide regional transportation, wastewater, and housing services. More information about us on our website. (https://metrocouncil.org/About-Us/The-Council-Who-We-Are.aspx) We are committed to supporting a diverse workforce that reflects the communities we serve. Information Servicesis the central IT department supporting all divisions of the Metropolitan Council. Our 140 team members provide technology, practices, and innovative solutions that enable the core services of the Council. How your work would contribute to our organization and the Twin Cities region: We are seeking a highly skilled and experienced Senior Entra ID / Active Directory Engineer to join our team. This role is critical in administering and securing a complex IT environment containing CJIS Data, PCI, HIPAA, and PII data. The ideal candidate will have extensive experience in managing hybrid on-premises and cloud identity services, implementing security best practices, and ensuring compliance with regulatory requirements. This position demands a proactive individual with strong technical expertise, leadership skills, and a commitment to operational excellence. This position is eligible for a hybrid (both remote and onsite) telework arrangement. Candidate's permanent residence must be in Minnesota or Wisconsin. Full Salary Range: $44.72 - $72.53 hourly/$93,018 - $150,862 yearly What you would do in this job Identity Management & Administration: + Design, implement, and manage hybrid Active Directory (AD) environments and Azure Active Directory (Entra ID) + Integrate systems and applications with centralized authentication solutions + Administer identity federation services such as Single Sign On (SSO) and Multifactor Authentication (MFA) + Manage directory synchronization tools like Azure AD Connect or Okta Security & Compliance: + Implement security measures to protect AD/Entra ID environments against vulnerabilities + Ensure compliance with CJIS, PCI, HIPAA, and other relevant regulatory frameworks + Conduct regular disaster recovery exercises for AD/Entra ID environments + Develop and enforce security baselines and policies for identity services Operational Excellence: + Monitor system performance, capacity planning, and resolve high-severity incidents + Automate processes using PowerShell scripting or other tools to enhance efficiency + Conduct regular health checks of identity platforms to ensure operational stability + Maintain detailed technical documentation and Standard Operating Procedures (SOPs) Collaboration & Leadership: + Provide technical leadership to cross-functional teams + Mentor junior engineers and operational teams on best practices + Participate in architectural discussions to design scalable, secure solutions + Collaborate with stakeholders to align identity services with business needs What education and experience are required for this job (minimum qualifications) Any of the following combinations of education (in Computer Science, Systems Security, or similar) and relevant experience: + Bachelor's degree and 5 years of experience + Associate's degree and 7 years of experience + High school diploma or GED and 9 years of experience Experience should include Active Directory/Entra ID engineering and experience managing environments containing sensitive data (CJIS, PCI, HIPAA, etc.). Knowledge, Skills, and Abilities: + Advanced knowledge of Active Directory (onpremises) and Azure Active Directory/Entra ID + Expertise in authentication protocols such as LDAP, Kerberos, SAML, OIDC + Proficiency in PowerShell scripting for automation tasks + Experience with disaster recovery planning for directory services + Familiarity with Group Policy Objects (GPO), AD replication, backup/restoration processes + Strong understanding of identity security best practices + Experience implementing privileged access management (PAM) solutions + Familiarity with regulatory frameworks like CJIS, PCI DSS, HIPAA + Strong problem-solving abilities under pressure + Excellent communication skills for collaboration across teams + High attention to detail with a proactive approach to identifying risks What additional skills and experience would be helpful in this job (desired qualifications): + Relevant certifications such asMicrosoft Certified: Identity and Access Administrator Associate(SC300) orMCSE: Core Infrastructure + Expertise with Microsoft Azure + Expertise with Entra ID + Experience in domain consolidation or migration projects + Knowledge of modern access control models (RBAC, PBAC) + Exposure to AI/ML tools for enhancing IT operations What you can expect from us: + We offer the opportunity to make a difference and positively influence the Twin Cities metropolitan area + We encourage our employees to develop their skills through on-site training and tuition reimbursement + We provide a competitive salary, excellent benefits and a good work/life balance More about why you should join us! (http://metrocouncil.org/Employment/Making-A-Difference.aspx) Additional information Union/Grade:AFSCME, Grade I FLSA Status:Exempt Safety Sensitive:No Work Environment: Work is performed in a standard office setting. May require travel between primary worksite and various locations on short notice to resolve computer system problems. What steps the recruitment process involves: + We review your minimum qualifications + We rate your education and experience + We conduct a structured panel interview + We conduct a selection interview Once you have successfully completed the steps above, then: If you are new to the Metropolitan Council, you must pass a drug test (safety sensitive positions only), and a background check which verifies education, employment, and criminal history. A driving record check and/or physical may be conducted if applicable to the job. If you have a criminal conviction, you do not automatically fail. The Metropolitan Council considers felony, gross misdemeanor and misdemeanor convictions on a case-by-case basis, based on whether they are related to the job and whether the candidate has demonstrated adequate rehabilitation. If you are already an employee of the Metropolitan Council, you must pass a drug test (if moving from a non-safety sensitive position to a safety sensitive position) and criminal background check if the job you're applying for is safety sensitive, is a supervisory or management job, is in the Finance, Information Services, Audit, or Human Resources departments, or has access to financial records, files/databases, cash, vouchers or transit fare cards. A driving record check and/or physical may be conducted if applicable to the position. Security Policy: This position involves direct access to Criminal Justice Information (CJI) as defined by the FBI CJIS (Criminal Justice Information Services) security policy. In accordance with section 5.12.1.1 of the FBI CJIS Security Policy, final candidates must agree to submit to a state of residence and national fingerprint-based record check. If the result of the record check reveals criminal convictions, the nature and circumstances of those convictions will be reviewed by the Metropolitan Transit Police Department and/or the Minnesota Bureau of Criminal Apprehension to determine if access to Criminal Justice Information would be permissible. If it is determined that access to Criminal Justice Information would not be permissible, the candidate will no longer be considered for the position. IMPORTANT: If you make a false statement or withhold information, you may be barred from job consideration. The Metropolitan Council is an Equal Opportunity, Affirmative Action, and veteran-friendly employer. The Council is committed to a workforce that reflects the diversity of the region and strongly encourages persons of color, members of the LGBTQ community, individuals with disabilities, women, and veterans to apply. If you have a disability that requires accommodation during the selection process, please email HR-OCCHealth@metc.state.mn.us. We believe our employees are a key to our agency's success! In order to attract and retain high quality employees, the Council provides a highly competitive benefits package both in choice and coverage levels. Some highlights about our benefits are listed below: + Guaranteed monthly retirement income through Minnesota State Retirement System pension fund + Opportunity to save additional funds for retirement on a tax-deferred basis through a voluntary deferred compensation (457) plan + Two or more medical plans from which to choose, with employer contribution towards premiums over 80% + Dental insurance, life insurance and vision insurance The following benefits are provided to all employees as part of working for the Council. You will have access to free: + Well@Work clinic + bus/rail pass valued at over $1200 per year + parking at many job locations + fitness centers at many job locations + Employee Assistance Program + extensive health and wellness programs and resources 01 Applicant Instructions: It is important thatyour application shows all relevant education and experienceyou possess. The supplemental questions listed below are to further evaluate your education and experience and to determine your eligibility for this position. Answer each question completely, and please do not type "see resume" otherwise your application will be considered incomplete, and you will not receive further consideration for this position. The experience you indicate in your responses should also be consistent with the Work History section of this application. If you attach a resume to your application, it will be reviewed at the education and experience review step. I have read and understand the above instructions regarding my application and supplemental questions. + Yes + No 02 How did youfirsthear about this job opening? + CareerForce Center + Community Event/Organization + Employee Referral + Facebook + Glassdoor + Indeed + Job Fair + LinkedIn + Metro Transit Bus Advertisement + Twitter + Website: governmentjobs.com + Website: metrocouncil.org + Website: metrotransit.org + Website: minnesotajobnetwork.com + Other 03 If you selected 'Other', please describe where you first heard about this job. if you selected 'Employee Referral' please enter the employee's first and last name, ID number (if known), and job title. Type N/A if not applicable. 04 Please select the option that best describes your highest level of education and experience: + Bachelor's degree or higher AND 5 or more years of experience + Associate's degree AND 7 or more years of experience + High school diploma or GED AND 9 or more years of experience + Other/none of the above 05 If you answered that you have a degree in the previous question, please enter your degree type and field of study (e.g. "Associate's degree in Computer Science"). If this does not apply, enter "N/A." 06 Please select all areas in which you have work experience (select ALL that apply): + Configuring and managing Microsoft Entra ID (Azure AD) environments + Conditional Access, Multi-Factor Authentication (MFA), and Privileged Identity Management (PIM) + Hybrid identity models, including managing Azure AD Connect and on-premises AD integration + Scripting with PowerShell and managing API-based automation through Microsoft Graph API + Cloud identity management tools, including Azure Identity Protection, Microsoft Defender for Identity, and Microsoft Sentinel + OAuth2, OpenID Connect, and SAML protocols for SSO and federated identity + Auditing tools like Azure AD Identity Governance and Access Reviews for compliance + Zero Trust security frameworks and their application to identity management 07 Please list any relevant certifications you have (e.g. Microsoft Certified: Identity and Access Administrator Associate) 08 This position requires working with stakeholders from diverse personal and professional backgrounds. Please briefly describe your experience working in a diverse environment. Required Question Employer Metropolitan Council Address 390 Robert St. N.St. Paul, Minnesota, 55101 Website https://metrocouncil.org Apply Please verify your email addressVerify Email