Senior Azure Active Directory / Entra ID Engineer

Client First Technologies currently is seeking a Senior Azure AD / Entra ID Engineer to provide advanced engineering, integration, and security support for a Federal customer’s Microsoft Entra ID Business-to-Business (B2B) interagency collaboration program. This role is responsible for designing, implementing, securing, and sustaining enterprise B2B identity integrations that enable secure collaboration with external federal agencies and partners. The position combines senior-level identity architecture expertise with site integration engineering, security control implementation, and production of required interconnect documentation (ISA, MOU, MOA, MFR) in support of Authorization to Operate (ATO) and Authorization to Connect (ATC) requirements. Operating within the customer’s governance frameworks and federal security standards, this role ensures secure, scalable, and repeatable B2B enablement while meeting stakeholder coordination and 24-hour support resolution targets.

This is a full-time, remote position. CFT offers a full benefits package, a collaborative work environment and a strong company culture. Veterans and military spouses are encouraged to apply.

This position is contingent upon award.

Responsibilities

Provide senior-level engineering and operational support for Microsoft Entra ID (Azure AD) within a hybrid identity environment, supporting secure interagency B2B collaboration across Federal enterprises.

Lead technical site assessments for new B2B partner integrations, evaluate identity architectures, authentication flows, conditional access policies, cross-tenant access settings, and security posture.

Develop and execute detailed integration and enablement plans aligned to federal security standards, policies, and customer-specific requirements.

Configure and manage Entra ID B2B collaboration settings, cross-tenant access policies, multi-tenant organizations (MTO)/cross-tenant sync, external identities, guest lifecycle governance, conditional access, and authentication controls.

Support intake procedures and enablement workflows to ensure repeatable, scalable onboarding of new partner organizations and programs.

Provide Tier 3 engineering support for B2B authentication, identity federation, provisioning, and access control incidents, ensuring issue resolution within established timeframes.

Design and implement secure authentication integrations, including federation, SSO configurations, external identity governance, and least-privilege access controls.

Draft and maintain required interconnect artifacts per customer/program, including Interconnect Security Agreements (ISA), Memoranda of Understanding (MOU), Memoranda of Agreement (MOA), and Memoranda for the Record (MFR), ensuring documentation reflects actual implemented technical controls.

Support ATO and ATC documentation activities, including security control mapping, risk documentation, architectural diagrams, and stakeholder coordination.

Develop repeatable templates, runbooks, and documentation standards to reduce cycle time and improve consistency across B2B partner enablement.

Coordinate with cybersecurity, infrastructure, and application stakeholders to ensure integrations meet federal cybersecurity requirements and VA Handbook 6500 standards.

Participate in release management activities, ensuring proper communication, coordination, and execution of B2B-related changes across stakeholders.

Develop and maintain knowledge repositories, technical documentation, and training materials supporting B2B operations and enablement.

Support custom identity integration engineering efforts where required to meet agency-specific collaboration needs.

Contribute to continuous improvement initiatives that enhance scalability, automation, and security posture of the B2B program.

Qualifications

Bachelor’s degree in Information Technology, or a related field (or equivalent professional experience).

Minimum 8–12 years of IT experience, with at least 7+ years supporting enterprise Microsoft 365 environments.

Minimum 8–12 years of progressive IT experience, including 7+ years of hands-on Microsoft Entra ID / Azure AD engineering within large-scale enterprise or federal environments.

Demonstrated experience conducting tenant assessments, designing and implementing Entra ID B2B and external identity solutions in hybrid Active Directory environments (on-prem AD authoritative).

Proven ability to lead identity-focused site assessments, develop integration and enablement plans, and execute secure cross-tenant collaboration and synchronization configurations.

Hands-on experience configuring conditional access policies, authentication methods, federation, identity governance controls, and cross-tenant access settings.

Experience supporting ATO and/or ATC processes, including drafting or contributing to interconnect documentation (ISA, MOU, MOA, MFR) aligned to implemented technical controls.

Strong knowledge of RMF principles, federal cybersecurity standards, and secure identity architecture design, with experience resolving complex Tier 3 identity and authentication incidents in SLA-driven environments.

Preferred Technical Qualifications

Certifications: Relevant Microsoft identity and security certifications (e.g., Microsoft Identity and Access Administrator, Azure Solutions Architect Expert, Microsoft 365 Enterprise Administrator Expert) and/or ITIL Foundation; equivalent senior-level enterprise experience supporting Entra ID and federal identity integrations may be accepted in lieu of specific certifications.

Microsoft Entra ID / Azure AD: External Identities (B2B), Cross-Tenant Access Policies, Conditional Access, Identity Protection, Access Reviews, Privileged Identity Management (PIM), Hybrid Identity, Federation Services.

Hybrid Identity Architecture: On-prem Active Directory integration, directory synchronization, identity lifecycle management, and authentication flow design.

Security & Compliance Frameworks: VA Handbook 6500, RMF control mapping, ATO/ATC support documentation, NIST 800-53 familiarity.

B2B Integration Engineering: Identity federation, SSO configurations, secure partner onboarding workflows, guest lifecycle governance, least privilege access models.

Automation & Scripting: PowerShell (AzureAD, Microsoft Graph, Entra modules) for identity configuration, policy deployment, reporting, and repeatable enablement processes.

Service Management & Governance: SLA-driven support models, release management coordination, intake procedures, knowledge repository maintenance.

Documentation & Artifacts: Development of ISA, MOU, MOA, MFR artifacts; security architecture diagrams; integration plans; technical runbooks.

Enterprise Security Engineering: Incident response support, authentication threat mitigation, identity risk monitoring, and secure configuration validation.

Physical Demands

Must be able to sit and stand for extended periods of time

Occasional travel and overtime may be required

Required Clearances and Screenings

This position is subject to a government background investigation and must meet eligibility for a position designated with Moderate Risk sensitivity. Candidates with current Veterans Affairs (VA) Tier 2/Moderate Background Investigation or equivalent (e.g., DoD Tier 3/NACLC, Active Secret) are preferred

Company DescriptionClient First Technologies (CFT) provides Strategic Consulting, Technology and Managed Services to commercial, non-profit and government organizations. Our expertise lies in mobilizing the right people, skills and technologies to help organizations with their most pressing challenges.

As a Service Disabled Veteran Owned Small Business (SDVOSB), CFT is committed to excellence and creating innovative and flexible solutions for our clients.