Identity Management Consultant

We are looking for a senior Identity Consultant to join the team and lead the technical delivery of a global Microsoft 365 tenant consolidation project. This role is for an expert in Microsoft 365 Identity, with deep hands-on capability in Microsoft Entra ID and proven experience in Okta Identity Engine (OIE). You will be the technical authority for identity architecture, authentication, security controls and migration strategy. You will work closely with the client’s security, platform and business stakeholders to design, implement and transition a secure, scalable identity platform suitable for a global, multi-geo environment. You will also guide engineering teams through implementation and cutover, ensuring the approach is supportable, well-documented and aligned to industry recommended practices.

RESPONSIBILITIES

• TECHNICAL LEADERSHIP AND DELIVERY
  • Lead the Identity Workstream of the Microsoft 365 tenant consolidation programme, owning scope, approach, deliverables, milestones, and technical outcomes.
  • Own the technical design and act as the escalation point for all identity-related decisions across the programme.
  • Lead discovery, architecture workshops and technical design sessions with senior stakeholders.
  • Define the delivery plan for the identity workstream including sequencing, dependencies, cutover, rollback and stabilisation.
  • Produce high-quality technical documentation including HLD/LLD, architecture diagrams, security baselines, runbooks and operational guides.
  • Provide hands-on engineering where needed (proofs of concept, configuration, troubleshooting and performance/security hardening).
• MICROSOFT ENTRA ID (AZURE AD) EXPERTISE
  • Design and implement the target-state Entra ID architecture for a single consolidated tenant, including: Identity and access model (RBAC), administrative units, naming and standards, break-glass access, logging and monitoring.
  • Conditional Access strategy using risk, location, device and session controls aligned to Zero Trust.
  • Identity Protection and security posture improvements (including attack surface reduction for identity).
  • Design cross-tenant collaboration patterns appropriate to the programme, including multi-tenant organisation configurations and cross-tenant access where applicable.
  • Plan and execute identity migration activities across three tenants (domains/UPNs, authentication methods, identities, applications and dependencies).
• OKTA IDENTITY ENGINE (OIE)
  • Lead the design and implementation of Okta Identity Engine components relevant to the programme, including policies, authenticators, sign-in flows, device context and integration patterns.
  • Define and implement federation/SSO approaches between Okta and Microsoft (including coexistence and transition states during migration).
  • Drive technical decision-making around Okta configuration, hardening, and operational supportability.
• AUTHENTICATION AND PASSWORDLESS
  • Define and deliver a modern authentication strategy across Microsoft and Okta, including: Passkeys / FIDO2 approaches (platform and roaming authenticators as appropriate).
  • Okta FastPass design and deployment considerations.
  • Passwordless and strong MFA approaches, including user journeys, enrolment, recovery and support.
  • Ensure authentication methods are suitable for global and regulated environments (availability, resilience and user experience).
• GOVERNANCE AND LIFECYCLE
  • Implement identity lifecycle management principles (joiner/mover/leaver), access governance and controls suitable for a consolidated tenant.
  • Define privileged access controls and operational guardrails (PIM/least privilege principles, access reviews, and audit readiness).
• COMPLIANCE, ASSURANCE AND STAKEHOLDER MANAGEMENT
  • Ensure solutions align with relevant security and compliance standards (for example ISO 27001, NIST, GDPR) and client governance.
  • Collaborate effectively with adjacent workstreams (endpoint, messaging, collaboration, security, network, data and change).
  • Provide clear progress reporting, risk/issue management, and structured technical decision logs.

QUALIFICATIONS AND SKILLS

• English level C1 or above (Required)
• Bachelor’s degree or equivalent experience in Information Technology, Cybersecurity or related field (Required).
• Deep, hands-on expertise in Microsoft Entra ID in enterprise environments, including Conditional Access, Identity Protection, authentication methods, admin governance (Required).
• Proven experience leading Microsoft 365 tenant consolidation (multi-tenant to single tenant), with strong migration planning and cutover capability (Required).
• Proven, practical experience with Okta Identity Engine, including authenticator and policy design and complex sign-in flows (Required).
• Strong experience implementing passwordless authentication, including passkeys/FIDO2 and Okta FastPass (Required).
• Experience designing identity in multi-geo Microsoft 365 and global user environments latency, resilience, support model, data residency constraints (Required).
• Experience designing and implementing a Multi-Tenant Organisation (MTO) for Microsoft 365 (Required).
• Excellent consulting and client-facing skills: facilitating workshops, influencing senior stakeholders, and producing clear written deliverables (Required).
• Microsoft identity and security certifications, for example SC-300, SC-100 or equivalent (Desirable).
• Experience with hybrid identity and legacy dependencies Active Directory, sync patterns, legacy authentication constraints (Desirable).
• Strong PowerShell skills and automation mindset, repeatable, reliable deployments (Desirable).
• Exposure to broader Microsoft security capabilities that intersect with identity e.g. Defender, information protection, governance (Desirable).

PERSONAL ATTRIBUTES

• Motivated self-starter
• Personable and professional manner
• Process orientated
• Humble

We actively encourage applications from individuals with disabilities and try to provide access, adjustments, equipment, or other practical support where required. We welcome applications from people with backgrounds that are traditionally underrepresented in tech and truly believe diversity is the key to creativity and innovation.