Job Summary:

We’re hiring a hands-on Senior Microsoft 365/Entra Engineer to run collaboration services at scale in a multi-business, M&A-heavy environment. You’ll lead tenant-to-tenant migrations and hybrid identity (Entra ID Connect/Cloud Sync) across an 11k+ user estate; keep Exchange Online, SharePoint/OneDrive, Teams, Intune, and hundreds of enterprise apps running smoothly; and make an Okta-federated model play nicely with Microsoft 365. You’ll automate with PowerShell/Graph, tame complex licensing, and turn ambiguous requirements into secure, well-documented, repeatable outcomes. If you love solving challenges and shipping pragmatic improvements fast, we’d like to meet you.

Job Description:

We’re looking for a hands-on Senior Microsoft 365/Entra Engineer who thrives on scale, identity puzzles, and the fun of working in a business that is acquiring, growing and ever changing. You’ll help us run and evolve a large Microsoft 365 estate (11k+ mailboxes, thousands of SharePoint sites and Teams, hundreds of Entra enterprise apps and Azure VMs), with a particular focus on tenant-to-tenant migrations, hybrid identity, and day-to-day engineering excellence across the Microsoft stack. If this sounds like you - read on.

What you’ll do

• Own tenant migrations end-to-end across Exchange Online, OneDrive/SharePoint, and Teams: plan cutovers, run pilots, orchestrate identity moves, remediate coexistence, and validate post-cutover health. You’ll use native cross-tenant capabilities where available and pragmatic tooling where they aren’t.

• Design and run cross-tenant collaboration: implement Entra cross-tenant synchronization and cross-tenant access (B2B collaboration) to safely enable partner/business-unit access and shared channels.

• Build, migrate, and operate hybrid identity: Entra Connect (including migrations), Connect Health, secure service accounts, and resilient agent/server footprint.

• Harden identity & access: lead Conditional Access baselining, Privileged Identity Management (PIM), access reviews, and Lifecycle Workflows for joiner/mover/leaver automation.

• Run the M365 core: Exchange Online (transport, auth, mail flow), SharePoint/OneDrive (sites, permissions), Teams (policy, voice basics), Intune (enrolment/compliance), and Purview DLP guardrails.

• Engineer in an Okta-federated Entra environment: maintain and troubleshoot O365 federation (WS-Fed), understand where policies live (Okta vs Entra), and support staged defederation or coexistence as required.

• Federate third-party SaaS applications to Entra ID: design and implement SSO (SAML/OIDC/OAuth2), SCIM provisioning, claims mapping, token lifetimes, and per-app Conditional Access; standardise app onboarding with templates/runbooks and enforce least-privilege app permissions.

• Migrate select global app SSO/provisioning integrations to Okta: plan and execute app cutovers from Entra enterprise apps to Okta (or vice-versa) including entitlement translation, certificate/secret rotation, JIT/SCIM alignment, testing, and rollback paths; minimise user impact and maintain auditability.

• Automate relentlessly using PowerShell and Graph: ExchangeOnlineManagement, Microsoft Graph PowerShell, Teams and PnP.PowerShell for repeatable changes, reporting, and guardrail checks.

• Operate like an SRE for M365: change control, solid documentation, actionable monitoring/alerts, and post-incident reviews that improve the platform.

What you’ll bring

• Deep Microsoft 365 + Entra engineering experience (5-8+ years), including tenant-to-tenant work in M&A contexts and large-scale production ops.

• Proven Exchange Online/SharePoint/Teams/Intune administration experience and a strong grasp of identity flows (B2B, guest, cross-tenant, and hybrid).

• Hands-on with Entra Connect, Connect Health, Conditional Access, PIM, access reviews, and lifecycle workflows.

• Comfort operating Okta-federated tenants for Microsoft 365 (WS-Fed/SWA), plus experience staging migrations between Okta and Entra where needed.

• Hands-on SSO & provisioning expertise: SAML 2.0, OIDC/OAuth2, SCIM 2.0, claims and attribute mapping, token lifetimes, app registrations & service principals, certificate/secret lifecycle management.

• Cross-IdP app migration: proven experience moving apps between Entra enterprise apps and Okta integrations (including SWA where appropriate), deciding where policies/provisioning should live, and documenting runbooks for repeatability.

• Automation first mindset with PowerShell/Graph.

• Working knowledge of on-prem AD/Windows Server and the realities of hybrid identity.

• Clear, calm communicator who can translate gnarly identity/licensing topics for non-engineers - and who’s happy to jump on a bridge when it matters.

Nice to have

• Experience with Defender for Office 365, Purview Information Protection/Records, Teams voice, Power Platform governance.

• Familiarity with Azure networking & RBAC fundamentals.

• Prior consulting/enablement background and comfort running cutover weekends.

Key selection criteria

• Track record leading cross-tenant migrations (at least one significant, multi-workload project).

• Evidence of onboarding and federating many SaaS apps (double-digits) and of migrating multiple production apps between IdPs with minimal disruption and clear rollback.

• Demonstrable Conditional Access + PIM design/operations experience in production.

• Strong PowerShell/Graph portfolio (samples or stories that show impact).

What we’ll give you in return

• Flexible working and the freedom to ship meaningful improvements quickly

• Exposure to a truly varied, multinational environment and M&A portfolio work

• Coaching from leaders in identity, security, and modern workplace

• Clear line of sight to impact, plus room to grow into architecture roles

• A collaborative team that takes the work seriously, but not itself

Work Conditions

• 40-hour working week

Worker Type:

Regular

Number of Openings Available:    

1