Job Description

1. Role Purpose /

Design, implement, manage, and support on-premises Active Directory (AD) and Azure Entra ID (Azure AD) environments. Provide operational support (day-to-day) for identity infrastructure, user provisioning, authentication, and access management. Ensure secure identity lifecycle (joiner / mover / leaver) processes. Manage synchronization between on-prem AD and Entra ID (e.g., Azure AD Connect). Implement and maintain identity governance (e.g., conditional access, role-based access control, MFA, identity protection). Troubleshoot identity-related incidents and service disruptions, meeting SLAs. Work with infrastructure, security, and cloud teams to integrate identity into broader Azure, hybrid, or on-prem systems. Contribute to projects, such as migrating AD to Azure, modernizing identity, or consolidating domains. Automate identity tasks using PowerShell, Microsoft Graph, or Infrastructure-as-Code (IaC) where possible. Document identity architecture, processes, and standard operating procedures (SOPs).
2. Qualifications

Education: NQF 6: 3-year Diploma / Degree in Information Technology, Computer Science, or related field ? Or equivalent experience in identity / systems engineering. Experience: Minimum of 3 years experience in systems engineering (cloud, infrastructure, identity) in a medium-to-large enterprise or managed service environment. Experience working with on-premises Active Directory (Domain Controllers, GPOs, trusts, OU structure). Experience with Azure Entra ID (or Azure AD), including identity synchronization, conditional access, SSO, and MFA. Exposure to hybrid identity architectures (on-prem + cloud). Experience with identity-related incident resolution, service management, and change management. Certifications (preferred): Azure certifications (e.g., AZ-900, AZ-104) ? Identity / Security-focused certs, for example: MS-500 (Microsoft Security), SC-100 (Microsoft Cybersecurity Architect), MS-900 (Microsoft 365 Fundamentals) ITIL Foundation (V3 or V4) to align with BCX's operational support model ?
3. Technical Skills / Competencies

Deep understanding of Active Directory (DNS, replication, FSMO roles, GPOs, Group Policy, AD sites) Hands-on experience with Azure Entra ID (user/groups management, role assignments, conditional access, identity protection) Knowledge of Azure AD Connect (installation, configuration, sync rules, troubleshooting) Familiarity with identity architecture patterns (hybrid, cloud-only, federated) Experience with Automation / Scripting (PowerShell, Azure PowerShell, Microsoft Graph API) Working knowledge of identity governance tools / concepts (PIM, access reviews, least-privilege) Competencies in identity security controls (MFA, SSO, device-based conditional access) Monitoring and logging: experience in using Azure Monitor, Azure AD logs, security reporting Backup & disaster recovery strategies for identity services (on-prem DCs, Azure AD) Change management and patching experience (identity system updates, schema changes)
4. Behavioural / Soft Skills

Problem Solving & Troubleshooting: Able to diagnose complex identity issues under pressure. Communication: Strong verbal and written communication, to work with business stakeholders, security teams, and other tech teams. Team Work: Works collaboratively within infrastructure, cloud, and security teams. Service Orientation: Focus on meeting SLAs, ensuring identity services are reliable, secure, and performant. Learning & Research: Keeps up to date with identity trends (e.g., Zero Trust, identity protection) and applies new knowledge. Resilience & Stress Management: Able to cope with production incidents; on-call support as needed. Process Adherence: Follows and improves standard operating procedures, change control, and documentation practices (as per BCX behavioral expectations).
5. Key Deliverables / Responsibilities

Ensure high availability and resiliency of AD / Entra ID infrastructure. Manage and maintain synchronization (Azure AD Connect), ensuring no identity drift. Implement and enforce access control policies via conditional access, RBAC, MFA. Regularly review identity security (audit logs, risk analysis, identity protection). Automate identity lifecycle tasks (provisioning, deprovisioning). Support project implementations (e.g., migrating on-prem AD to Azure, rearchitecting identity). Document identity architecture, processes, runbooks, and SOPs. Conduct identity health-checks, capacity planning, and performance tuning. Provide day-to-day operational support, including incident management, root-cause analysis, and resolution.
6. Reporting & Escalation

Report into the Enterprise Infrastructure or Cloud Operations team (depending on BCX's org structure). Act as a technical lead for identity-specific escalations. Engage with security / architecture teams for alignment on identity security posture. Participate in Change Advisory Board (CAB) exercises for identity changes.
Job Types: Full-time, Temporary
Contract length: 12 months

Pay: R450000,00 - R750000,00 per year

Work Location: In person