We are looking for an IAM Engineer to lead the design and implementation of our Enterprise Credential Tiering Model. In this role, you will be the technical owner responsible for securing privileged identities, isolating high-impact administrative assets within Active Directory Domain Services (AD DS), and extending these security boundaries into Microsoft Entra ID.


Your mission is to strengthen the organisation’s identity security posture by eliminating lateral movement opportunities, protecting the identity control plane, and ensuring that identity architecture aligns with a strict Zero Trust security framework.


You will work at the intersection of Identity & Access Management, cybersecurity, and infrastructure, partnering closely with Security Operations and IT teams to build a secure and future-proof identity environment.


Microsoft Entra ID Control Plane Hardening

  • Translate traditional Active Directory tiering concepts into Microsoft Entra ID.
  • Secure high-impact roles including Global Administrators, Privileged Role Administrators, and other privileged directory roles.
  • Implement governance controls to protect the Entra ID control plane.


Access Control & Privileged Access Management

  • Configure Active Directory Organizational Units (OUs), Group Policy Objects (GPOs), Authentication Policies, and Authentication Silos.
  • Prevent privileged credentials from being exposed on lower-tier systems.
  • Implement modern privileged access solutions, including:
  • Microsoft Entra Privileged Identity Management (PIM)
  • Conditional Access Policies (CAPs)
  • Secure Administrative Workstations (SAWs/PAWs)
  • Tier-specific administrative access models


Identity Security Improvement & Legacy Cleansing

  • Identify and remediate identity security risks, including:
  • Unmanaged service accounts
  • Excessive permissions
  • Over-privileged groups
  • Cross-tier group nesting
  • Legacy configurations that bypass security boundaries
  • Improve overall identity hygiene and reduce attack paths.


Security Collaboration & Governance

  • Work closely with Security Operations (SecOps) teams to align identity controls with SIEM monitoring and security detection capabilities.
  • Support detection and response processes for anomalous authentication behaviour and privileged access risks.
  • Contribute to identity governance standards and security improvements.


Technical Qualifications

Core Identity Expertise

  • Strong hands-on experience with Active Directory Domain Services (AD DS), including:
  • Forests, domains, and trusts
  • Kerberos and NTLM security concepts
  • Group Policy engineering
  • Active Directory Administrative Center
  • Authentication security controls
  • Extensive knowledge of Microsoft Entra ID, including:
  • Directory roles
  • Administrative Units
  • Conditional Access policies
  • Authentication strengths
  • Token protection
  • Privileged Identity Management (PIM)
  • Proven experience implementing:
  • Microsoft Legacy 3-Tier Model
  • Enterprise Access Model (EAM)
  • Privileged Identity Management strategies


Security & Automation Skills

  • Experience designing and deploying:
  • Privileged Access Workstations (PAWs)
  • Secure jump servers
  • Tier-specific administrative environments
  • Strong PowerShell scripting skills for:
  • Identity audits
  • Automation of security controls
  • Compliance reporting
  • Experience with Microsoft Graph API for Entra ID automation and reporting.
  • Familiarity with identity security assessment tools such as:
  • BloodHound
  • PingCastle
  • Microsoft Defender for Identity


What We Offer

  • Competitive salary up to €6,000 gross per month, depending on experience.
  • Lease car as part of your employment package.
  • Attractive bonus scheme based on performance.
  • The opportunity to work on strategic identity security projects with a strong focus on Zero Trust.
  • A challenging role where you can directly influence enterprise security architecture.


Job alert

Je droombaan nog niet gevonden?


Meld je aan voor een job alert en krijg per e-mail bericht zodra de nieuwste vacatures beschikbaar komen!

Open sollicitatie

Vacature details


Locatie

Den Bosch

Uren per week

40

Salaris

6000

Dienstverband

Fulltime

Ben jij er klaar voor?

Ben jij er klaar voor? Solliciteer hieronder direct! Word onderdeel van een dynamisch en gepassioneerd team dat streeft naar succes. Wij bieden jou de kans om jezelf verder te ontwikkelen en bij te dragen aan het groeiende succes van het bedrijf!

Solliciteer
Sollicitatie proces

Hoe werkt solliciteren precies bij ons?

Een vacature gevonden die helemaal bij jou past? Je hoeft alleen nog maar te solliciteren!

😄
01
Stuur je sollicitatie

Vertel ons wie je bent en solliciteer binnen 1 minuut.

Meer weten over
deze vacature?

Neem dan nu contact op met Diederick van der Knaap

Sollicitatie insturen

Contact formulier icoon

Sollicitatie formulier

Door jouw CV te ontvangen via de mail kunnen wij direct de perfecte baan voor je vinden

Upload CV (word of pdf)

Ik ga akkoord met het versturen van bovenstaande gegevens

Chatten met Floris Goldsmeding