Identity and Access Management Specialist (Madrid - Hybrid)

Madrid, Madrid, Spain

Full Time

Experienced

The company: Our customer is a technology-based startup with solid funding that is in the midst of expansion.

They will hire the selected candidate as an internal and permanent employee, based in Madrid, but providing services to their global organization.

Description of the position:
We’re looking for an Identity & Access Management Specialist for its global operations in Madrid. He/She will play a critical role in managing and securing the company’s enterprise identity and access management systems. The primary goal is to ensure that user identities and access rights are effectively managed, integrated, and secured across all platforms. This role involves implementing single sign-on and provisioning solutions, overseeing identity lifecycle processes, and developing strategies to improve identity governance and security posture.

Key Responsibilities and tasks:

Manage Microsoft Entra ID: Oversee the administration of the Microsoft Entra ID platform, including user accounts, security groups, enterprise applications, app registrations, and service principals. Ensure that identity data remains accurate and that Entra ID serves as the single source of truth for all identities within our company.
Implement Single Sign-On (SSO): Configure and maintain Single Sign-On for both internal and external applications, providing a seamless login experience for users across different platforms. This includes managing identity provider integrations (SAML/OAuth/OIDC) and federation between Entra ID and other identity systems.
Provisioning & De-provisioning: Handle the full identity lifecycle by automating user provisioning and de-provisioning processes. Ensure new hires, role changes, and departures are reflected promptly in Entra ID and connected systems, using provisioning technologies (e.g. SCIM or API connectors).
Access Management & Security: Enforce strong access security practices such as Multi-Factor Authentication (MFA) and Conditional Access policies to protect accounts and data. Implement role-based access control (RBAC) and the principle of least privilege for both users and service principals, regularly reviewing permissions and adjusting as needed to minimize risk.
Privileged Access Control: Utilize Microsoft Entra Privileged Identity Management (PIM) or similar tools to manage and audit privileged accounts and roles. Provide just-in-time (JIT) access for administrators when necessary, reducing the number of permanent high-level access rights and ensuring that all elevated access is approved and documented.
Enterprise Application Integration: Coordinate the integration of Entra ID with other enterprise systems and SaaS applications. Manage enterprise application configurations in Entra ID (SSO setups, provisioning mappings), ensuring that Entra ID acts as the central authentication and user provisioning hub for the organization’s cloud services.
Monitoring and Compliance: Monitor identity-related logs and alerts (sign-in activity, audit logs, identity protection alerts) to quickly identify irregularities or security incidents. Conduct periodic access reviews and certification campaigns to ensure compliance with internal policies and regulatory requirements. Ensure that identity management processes meet compliance standards and align with IT governance frameworks.
Collaboration and Support: Work closely with other IT teams (Security, Infrastructure, HR, etc.) to ensure identity management workflows (such as onboarding/offboarding and access requests) are efficient and aligned with ITIL service management practices. Provide expertise and second-line support for any identity and access related issues, troubleshooting SSO or account issues and assisting in incident resolution.
Documentation and Improvement: Develop and maintain clear documentation for identity management configurations and processes. Identify opportunities for process improvement or automation in identity management and lead initiatives to implement these enhancements, continually improving service quality and operational efficiency.
Stay Up To Date with trends: Stay informed on the latest developments in identity and access management, especially updates to Microsoft Entra ID and cloud-native identity technologies. Continuously evaluate new features or tools (for example, improvements in Entra ID, identity governance, or security enhancements) and recommend adoption of those that could benefit Our company’s identity management strategy. Ensure the company’s identity practices evolve with industry best practices and emerging security threats.

Working Experience:

3+ years of professional experience in managing enterprise identity platforms (Azure AD or Microsoft Entra ID).
Hands-on experience with Single Sign-On technologies and protocols (SAML, OAuth2/OIDC, etc.) and integrating applications with Entra ID for SSO2. Familiarity with authentication services and user federation across multiple identity providers (e.g., setting up trust between Entra ID and other IdPs).
Experience with user provisioning and de-provisioning processes across various systems. Knowledge of automation tools or scripting (e.g., PowerShell) to manage identities and streamline IAM tasks. Ability to use or learn identity provisioning frameworks (such as SCIM or Microsoft Graph API) to link Entra ID with external platforms.

Not mandatory but preferred:

- Experience implementing SSO/MFA solutions is highly desirable

Tech skills:

Strong Identity Management Knowledge: Solid understanding of Identity and Access Management (IAM) principles and best practices. In-depth knowledge of Microsoft Entra ID (Azure Active Directory), including experience with its features such as user and group management, application registrations, SSO configurations, MFA, and conditional access.
Security and Compliance Orientation: Strong awareness of IT security practices related to identity management, including Multi-Factor Authentication, privileged access management, and zero-trust principles. Ability to ensure compliance with relevant regulations and internal policies when handling user identities and access rights (e.g., data protection laws, audit requirements).
Cloud-Native Environment Experience: Experience working in cloud-native or hybrid cloud IT environments. Familiarity with Azure ecosystem and potentially other cloud platforms’ identity services (e.g., AWS IAM) is beneficial. Broad understanding of how cloud services integrate with centralized identity providers and the concepts of modern cloud.
ITIL Process Knowledge: Familiarity with ITIL framework and its practices, especially as they relate to service operations and access management.

Soft skills:

Global Mindset: Experience working in a multi-national environment or on international teams.
Collaboration & Communication: Excellent communication and interpersonal skills, with the ability to work effectively with cross-functional teams and explain identity and access concepts to non-technical stakeholders. Experience collaborating with both technical teams and business units to gather requirements and implement IAM solutions that meet organizational needs.
Problem-Solving Ability: Strong analytical and problem-solving skills to diagnose and resolve identity-related issues (such as login failures, access errors, synchronization problems) promptly. Capacity to handle complex technical challenges in a cloud environment and develop reliable solutions.

Education and Training:

Bachelor's Degree or vocational training qualification: In information technology, or a related field.

Certifications: Relevant certifications are a plus.

- SC-300, AZ-104, AZ-500 or ITIL Foundation certifications.

Languages:

Spanish: Very good Business Spanish required (excellent communication skills). B2 level.
English: Very good Business English required (excellent communication skills). B2/C1 level.

Job Conditions:

Job location: Tres Cantos (Madrid). European Union nationality otherwise EU/Spain work permit required as a prerequisite.

Employment Type: Permanent Full Time, as internal employee.

Salary: Depending on qualification and experience.

Work from home: Hybrid working model including the possibility of working from home (70%) but according to the specific needs that may arise from the perspective of project development, department, clients, and/or partners.

If you are interested, please apply here or send an email to [email protected] including in the subject: ‘Identity & Access Management Specialist’ along with your English CV.

Apply for this position

Required*

Apply with Indeed

First Name*

Last Name*

Email Address*

Phone*

Address

Resume*

We've received your resume. Click here to update it.

Attach resume or Paste resume

Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

What is your English level?* Basic - Not used on a daily basis.Good written skills: (B1)Intermediate - Able to speak (B1/B2)Fluent - Full professional competency, used on a daily basis (B2/C1).

Are you allowed to work/live in Spain?*

In order to comply with EU regulations, we need your approval to store your personal data related with that job position. Otherwise we will not be able to proceed with your application and it will be rejected. If you agree we will keep your data and we will contact you again in the future with similar job positions. At any point in time you could request us to update or delete your data sending an email to [email protected] with subject "delete".*

Human Check*

Submit Application