• Protect the organization’s identity infrastructure by designing, implementing, and operating secure authentication, authorization, and access controls • Focus on Microsoft Entra ID–centric identity security, including Conditional Access, privileged access, identity lifecycle automation, and identity-driven phishing protection • Serve as the first responder for identity-based security events and partner closely with Security Engineering and GRC to reduce breach risk while enabling secure business growth • Design, implement, and maintain secure identity architectures using Microsoft Entra ID • Manage user, group, device, and service-principal identity lifecycle controls • Enforce least-privilege access using role-based access control (RBAC) • Design and operate Conditional Access policies (MFA, device trust, location, risk-based access) • Implement passwordless and phishing-resistant authentication (FIDO2, TAP) • Maintain emergency access and break-glass account controls • Implement and operate Privileged Identity Management (PIM) • Reduce standing administrative privileges across Entra ID and Azure • Conduct periodic access and privilege reviews • Automate joiner/mover/leaver processes using PowerShell and Microsoft Graph • Support access reviews and entitlement management • Integrate identity controls with HR and IT provisioning systems • Design and maintain email authentication controls (SPF, DKIM, DMARC) • Implement and manage Microsoft Defender for Office 365 anti-phishing policies • Lead identity-focused response to phishing events: Token revocation and forced sign-out • Monitor identity-related alerts and risky sign-in activity • Support investigations involving credential theft or unauthorized access