Humana Inc. is a leading U.S. healthcare company, and they are seeking a Lead Entra Security Engineer to drive the architectural vision and hands-on engineering implementation of enterprise identity services. The role involves designing and building modern identity controls while collaborating with security, platform, and application teams to deliver secure identity solutions.
Responsibilities:
- Engineer, implement, and help design identity controls across multiple Entra tenants, including Conditional Access, MFA, Identity Protection, and governance capabilities
- Implement and standardize cross-tenant access patterns, partnering on design decisions for B2B collaboration, Multi-Tenant Organizations (MTO), and external identity controls
- Lead implementation of Privileged Identity Management (PIM), access reviews, and least privilege access models
- Engineer and optimize authentication and SSO integrations (SAML, OAuth, OIDC) across SaaS and enterprise applications
- Execute tenant standardization efforts, ensuring consistent policies, authentication methods, and governance controls
- Troubleshoot and resolve complex authentication, authorization, and provisioning issues
- Develop automation using PowerShell, Microsoft Graph, Terraform, Azure Logic Apps, etc. to scale identity operations
- Partner with application and platform teams to embed identity-security-by-design into solutions and integrations
- Contribute to and operationalize identity security baselines aligned to Zero Trust principles
- Identify, engineer, and implement improvements to strengthen identity posture, reduce risk, and improve user experience
- Create and maintain reusable engineering patterns, scripts, and documentation for Entra security controls
Requirements:
- 7+ years of experience in identity engineering, IAM architecture, or cloud identity security in large environments
- Deep expertise in Microsoft Entra ID (Azure AD) across multi-tenant environments
- Strong hands-on experience with: Conditional Access and MFA strategy, Privileged Identity Management (PIM), Identity Protection and governance, B2B, Multi-Tenant Org (MTO) and cross-tenant access configurations, Entra ID Sign-In, Audit, and other security log analysis, Azure RBAC
- Some hands-on experience or commensurate knowledge of: Datacenter technologies and topologies, Azure IaaS/PaaS Infrastructure, Common Enterprise User Networking Technologies (i.e. VPN, SASE/ZTNA), Intune and Microsoft 365 suite, Virtual Desktop Infrastructure technologies, Microsoft Purview / DLP technologies
- Strong understanding of modern identity protocols (OIDC, OAuth2, SAML)
- Experience integrating identity into SaaS, APIs, and enterprise platforms
- Proven ability to design, implement, and standardize identity controls at scale
- Strong automation skills (PowerShell, Microsoft Graph, Terraform or similar)
- Ability to translate architectural vision into executable engineering outcomes
- Ability to influence cross-functional teams
- Hands-on problem solver capable of supporting complex identity escalations
- Experience with multi-tenant governance or identity transformation initiatives
- Familiarity with hybrid identity (Entra Connect / Cloud Sync) and identity monitoring tools
- Experience operating in regulated environments (SOX, HIPAA, etc.)
- Relevant certifications (e.g., SC-300, SC-100, CISSP)