Identity Fabric Principal

In Cyclad we work with top international IT companies in order to boost their potential in delivering outstanding, cutting-edge technologies that shape the world of the future. Currently, we are looking for an experienced Identity Fabric Principal to support enterprise identity platforms and deliver secure authentication, federation, authorization, and governance solutions in complex hybrid environments. The role focuses on Microsoft Entra ID, identity governance, modern authentication standards, hybrid identity integration, and secure access management aligned with compliance and privacy requirements.

Project information:

• Location: Warsaw (hybrid work model)

• Type of employment: B2B contract or CoE

• Project languages: English

Key Responsibilities:

• Defining and maintaining modern authentication standards for applications and APIs using OAuth2, OpenID Connect, and SAML

• Supporting project teams in implementing and troubleshooting authentication flows, including Auth Code + PKCE, Device Code, Client Credentials, and On-Behalf-Of (OBO)

• Reviewing and hardening token and session configurations, including refresh behavior, session controls, and mitigation of authentication threats

• Designing and standardizing claims and attributes strategies for scalable integrations across multiple identity providers

• Defining API access models and permission strategies, including scopes vs roles, delegated vs application permissions, and consent governance

• Configuring and operating federation integrations (IdP/SP), metadata management, rollover planning, and troubleshooting SSO issues

• Designing and implementing risk-based access controls and step-up authentication patterns using Conditional Access and MFA

• Delivering Microsoft Entra ID tenant configurations and operational governance improvements

• Designing external identity onboarding patterns using Entra External ID (CIAM/B2B/B2C)

• Building, tuning, and safely rolling out Conditional Access and Identity Protection policies

• Implementing and operating Entra ID Governance capabilities, including entitlement management, access reviews, lifecycle workflows, and access packages

• Supporting application onboarding and integration using Enterprise Apps, App Registrations, service principals, and managed identities

• Supporting hybrid identity dependencies involving AD DS and AD FS, including modernization initiatives toward cloud-native identity solutions

• Developing and maintaining PowerShell automation for identity operations, reporting, bulk changes, and operational governance

• Participating in SailPoint IdentityIQ / IdentityNow governance delivery and aligning governance outcomes with Microsoft identity patterns

• Implementing IGA processes end-to-end, including Joiner-Mover-Leaver (JML), access requests, approvals, certifications, reviews, SoD, and entitlement modeling

• Designing and improving provisioning and lifecycle integrations using SCIM, reconciliation, authoritative sources, and JIT provisioning approaches

• Embedding GDPR/EUDPR privacy-by-design principles into IAM delivery and extending governance to AI/agent access where applicable

Requirements:

• Minimum 10 years of professional experience after education, including at least 8 years in a similar role

• English proficiency at B2 level

• Strong experience working in enterprise IAM and hybrid identity environments

• Excellent understanding of OAuth 2.0, OpenID Connect, and SAML authentication standards

• Practical experience implementing and troubleshooting authentication flows such as Auth Code + PKCE, Device Code, Client Credentials, and OBO

• Strong knowledge of token and session lifecycle management, including refresh tokens, validation, and security mitigations

• Experience designing claims strategies, identity normalization, and least-privilege access models

• Strong understanding of API permissions and consent governance models

• Practical experience with Microsoft Entra ID tenant configuration, operational governance, and authentication posture management

• Experience designing and managing Conditional Access and Identity Protection policies, including MFA enforcement and phased rollouts

• Experience with Entra ID Governance capabilities, including access reviews, lifecycle workflows, and entitlement management

• Strong experience integrating enterprise applications using Enterprise Apps, App Registrations, service principals, and managed identities

• Knowledge of Entra External ID onboarding models (CIAM/B2B/B2C) and security vs UX trade-offs

• Strong understanding of hybrid identity foundations, including Active Directory Domain Services (AD DS), domains, forests, trusts, GPOs, and delegation

• Practical experience operating and troubleshooting AD FS environments and supporting federation modernization

• Experience with SailPoint IdentityIQ and/or IdentityNow delivery and governance alignment

• Experience implementing IGA processes such as JML, access requests, certifications, reviews, SoD, and entitlement modeling

• Experience with provisioning and lifecycle integrations using SCIM, reconciliation, authoritative sources, and JIT provisioning

• Advanced PowerShell scripting skills using Microsoft Graph PowerShell and related modules

• Strong automation mindset with experience in repeatable operational processes and governance

• Strong understanding of GDPR/EUDPR requirements, privacy-by-design principles, auditability, and access governance

• Experience working in restricted or secure environments

• Strong troubleshooting, analytical, and stakeholder management skills

• Strong documentation discipline (runbooks, SOPs, technical documentation)

We offer:

• Private medical care with dental care (covering 70% of costs). Family package option possible

• Multisport card (also for an accompanying person)

• Life insurance

• Work with talented engineers on large-scale, technically challenging projects