JOB SUMMARY

This role could be based in India, Poland, Malaysia and Singapore. When you start the application process you will be presented with a drop down menu showing all countries, Please ensure that you select a country where the role is based.

• We are seeking an experienced Entra ID Security Engineer to design, implement, security standards. The Entra ID Security Engineer will collaborate with cross-functional teams to deliver identity and access management (IAM) solutions that support business requirements and meet security compliance standards. Key delivery would be to Manage and secure Microsoft Entra ID, ensuring proper configuration of users, groups, roles, and applications.
• Implement and maintain security policies, including Conditional Access Policies, Identity Protection, and Privileged Identity Management (PIM).
• Define security standards, ensuring compliance with security best practices and corporate policies.
• Implement and manage multi-factor authentication (MFA), single sign-on (SSO), and identity governance strategies.
• Perform security assessments and audits on Entra ID configurations and ensure compliance with relevant standards (e.g., NIST, CIS, ISO).

Automation & Scripting:

• Automate routine identity management processes, such as user provisioning, deprovisioning, and access reviews, using PowerShell, Microsoft Graph API, or other automation tools.
• Develop self-service workflows for user requests (e.g., password resets, application access) using Microsoft Power Automate, Azure DevOps or other automation platforms.
• Streamline identity lifecycle management (ILM) tasks and ensure smooth integration with on-premises systems and other cloud services.
• Automate security and compliance reporting for identity-related activities.

Integration & Collaboration:

• Integrate Entra ID with other systems and applications, ensuring secure and seamless identity management across platforms (e.g., Office 365, third-party SaaS).
• Collaborate with the IT and security teams to ensure proper identity management for cloud and hybrid environments.
• Support integration with on-premises Active Directory (AD) using Azure AD Connect, ensuring synchronization and secure hybrid identity management.

Monitoring & Compliance:

• Monitor the health, performance, and security of Entra ID using tools such as Azure AD Identity Protection and Azure Monitor.
• Conduct regular reviews of Entra ID security posture, addressing vulnerabilities and ensuring continuous improvement.
• Implement governance solutions for access reviews, entitlement management, and auditing to ensure compliance with internal and external regulations.

Support & Troubleshooting:

• Provide tier-3 support for Entra ID-related issues, resolving complex technical challenges around authentication, security, and identity federation.
• Assist in incident response and root cause analysis for identity-related security incidents.
• Maintain documentation on Entra ID configurations, policies, and automation processes.

Technical Skills:

• Expertise in managing and securing Microsoft Entra ID (Azure AD), including user roles, groups, and Conditional Access Policies.
• Strong understanding of identity protocols such as OAuth, SAML, OpenID Connect, and Kerberos.
• Proficiency in automating identity management processes using PowerShell, Microsoft Graph API, or similar scripting tools.
• Experience with tools such as Azure AD Connect, Azure AD Identity Protection, and Privileged Identity Management (PIM).
• Familiarity with identity governance solutions and role-based access control (RBAC).

Preferred Qualifications:

• Microsoft certifications such as Microsoft Certified: Identity and Access Administrator Associate or Azure Security Engineer Associate.
• Hands-on experience with integrating on-premises AD and Entra ID (Azure AD) for hybrid identity management.
• Knowledge of Zero Trust security models and implementation within an identity platform.
• Familiarity with Microsoft Power Automate, Azure Logic Apps, or other workflow automation tools.
   

Soft Skills:

• Strong problem-solving abilities and attention to detail.
• Excellent written and verbal communication skills.
• Ability to collaborate across teams, manage projects, and work independently in a fast-paced environment.
• A proactive mindset, always looking for ways to improve security and efficiency

RESPONSIBILITIES

• The Engineer is responsible for alignment of IT strategy to Digital transformation goals of the organization. The lead is one of the design authorities to certify the induction of various technology solutions into the Bank. 
• This role is also responsible for providing leadership direction and strategic solutions related to Entra ID Services and work with various engineering streams within Workspace and all Workspace team members in Poland, Chennai and Bangalore, Malaysia locations. 
• The Engineer is accountable for the ownership of TIP documents, Test cases, Low level design documents, all the artefacts created by him/her during the design phase.  The lead should be responsible for tracking all the work items and act on those on-time and set the delivery timeline for each task.  Also, the lead is responsible to create/track and monitor all the CRISP items and accountable for audit items and RFP related queries. 
• The Engineer should consult all the engineering decision /activities/tracker with reporting manager, if any BAU related activities or publishing any new product should be consulted with product owner and refer to product road map.
• The Engineer should inform regular Engineering Road map details and product releases coming from Microsoft.  Any change in the O365 workload or feature announcement related to Entra ID Services should be tested fully in the R & D lab and inform to key stake holder, BAU team and management team about the rollouts.
   

Strategy

• We are seeking an experienced Entra ID Security Engineer to design, implement, security standards. The Entra ID Security Engineer will collaborate with cross-functional teams to deliver identity and access management (IAM) solutions that support business requirements and meet security compliance standards. Key delivery would be to Manage and secure Microsoft Entra ID, ensuring proper configuration of users, groups, roles, and applications.

Business

• Technology and Operations 

Processes

• Manage the appropriate Product Lifecycle Management process to ensure.
• Monitor End-Of-Sale, End-Of-Manufacturer-Support, End-Of-Life etc.
• Maintaining the Invest, Contain & Disinvest state of each product.
• Update all this information in the Product Roadmap Portal.
• Product Selection and PoC: Play a key role in the selection of relevant Products to be used in the Bank.  The Engineering lead must be involved in the final decision-making process to ensure that decisions made are in line with the Banks’s strategic direction.
• Innovation and R&D Lab Environment.  The Lead Engineer, Directory Services & Cloud role will have the overall ownership R&D, PoC and testing activities carried out in the Hybrid Cloud Lab environments, this includes managing;
• Funding requests for additional lab equipment (software, hardware, etc)
• Annual maintenance costs
• The Lead Engineer, Directory Services & Cloud is responsible to manage the workload to track the deliverables.
• Maintain an Engineering Book of Work.
• Provide Reporting information to management & other domains (i.e. key items delivered).
• Resource management – identifying & justifying need for new resources.

• Collaboration and internal training: Provide expertise to internal groups on AD and Hybrid Cloud Products.  
• Document, track, and mitigate relevant risks related to products (if any).
• Work closely with Bank’s internal security teams to address security concerns.

People & Talent 

• Responsible Responsible for a team of high performing Directory services Engineering function. 
• Responsible to ensure career paths are offered to employees to help internal mobility and improve employee engagement and motivation 
• Lead through example and build the appropriate culture and values. Set appropriate tone and expectations from their team and work in collaboration with risk and control partners.
• Ensure the provision of ongoing training and development of people and ensure that holders of all critical functions are suitably skilled and qualified for their roles ensuring that they have effective supervision in place to mitigate any risks.
• Set and monitor job objectives for direct reports and provide feedback and rewards in line with their performance against those responsibilities and objectives

Risk Management

• Manage all the Risk control and should be responsible for the audit and review the products owned by Engineering team. 

Governance 

• Should create Governance document for the products owned by Active Directory team and manage the governance document for the life cycle  

Regulatory & Business Conduct 

• Display exemplary conduct and live by the Group’s Values and Code of Conduct. 
• Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
• Lead to achieve the outcomes set out in the Bank’s Conduct Principles
• Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key Stakeholders

• Domain Architects of all Business functions
• Engineering & Hive Leads of all Business functions
• Operation Leads of all Business functions
• ICS teams
• CISO teams

Other Responsibilities

• Lead the engineering streams related to Azure Directory services, provide leadership direction and strategy to the engineering functions spread across Poland, Chennai, Malaysia.
• Work with engineering work stream to certify the various technology solutions and business applications based on business requirement. Create and maintain various artefacts before rolling out a new solution into the Bank, maintain Secure by design principles. 
• Technical Security Standards 
• High Level Design, Low Level Design 

• Configuration Standard Documents
• Create the Technology On-boarding process for new tools on-boarding.
• Create Solution Design Documents
• Create Artefacts related to new tools/Software/SaaS application On-boarding
• Test Plan, Test Cases, Test evidence and Test Summary report for all the production on-boarding
• Participate SIA, RAT, Risk Assessment Forum, ETTC, SACA, ITRG discussion and provide necessary information for on-boarding the tools.
• Create necessary Technical Implementation Procedure for the Technical Security Standards for the products own by Content Engg Team
• Initiate Annual Review of TIP, RBAC for all the products 
• Creating Application Installation Guide, implementation Plan

​​​​​​Qualification

• Bachelor's degree in computer science, Information Security, or related field (or equivalent experience).

Experience: 

• 10+ years overall experience, of which 5+ in managing and securing Microsoft Entra ID / Azure AD in enterprise environments.
• Experience with identity and access management (IAM) solutions, automation, and security best practices.
• Proven experience with PowerShell scripting and automation of identity management tasks

Role Specific Technical Competencies

• Entra ID technologies, including authentication models, federation, Multifactor Authentication (MFA), SSO, Enterprise applications, conditional access policies, Identity protections, Azure Secure Administration practices, IAM disciplines like PIM PAM solutions., Entra ID App Proxy management
• Good exposure in Solution Design/Integration of Entra ID with Access Review ( Onecert /Entra ID Access review, Third Party MFA (ForgeRock), Third party Vaulting solution (Hashicorp)
• MCAS, Compliance and Security Monitoring.  
• Work experience with Azure DevOps.
• Secure Score, Security Monitoring, Proactive reviews.
• Migration experiences. Should have strong experience on migrating applications from other IAM to Entra ID. Migrating application from ADFS to Entra ID. Rehosting legacy applications from on prem to Entra ID.
• Strong knowledge on Entra DS architecture and preparing solution design for application migration from ON-Prem to ADDS in cloud.
• Expert in Entra ID services/features and Administration and Entra ID Portal Management
• Directory Services, Entra ID, ADFS, Entra Connect Sync. 
• Mobile Device Management (MobileIron, Intune and Air watch etc)
• Exposure on at least two major O365 application (Exchange online, SharePoint online, Teams) with a proven track-record of designing complex, large O365 transformational programmes, including hybrid configuration and Identity and Access management.
• Designing complex Identity solutions, leading work-streams on transformational programs and ensuring conformance to agreed design standards, methods and tools, including prototyping new tools and applications where appropriate
• A good working knowledge of the entire O365 stack, including their interactions and use cases.
• Strong understanding of Multi-Cloud Services (Azure, AWS, Google Cloud), and Security and Compliance.
• Shaping O365 technical proposals whilst making solution/service trade-offs where appropriate and providing support to project management for RFP process to ensure solution and cost alignment based on the requirements 

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.