IDAM EntraID/Azure, Conditional Access Administrator

POSITION SUMMARY
Zoetis, Inc. is the world's largest producer of medicine and vaccinations for pets and livestock. The Zoetis Tech & Digital (ZTD) Global Technology Risk Management Organization is a key building block of ZTD.

Join us at Zoetis India Capability Center (ZICC) in Hyderabad, where innovation meets excellence. As part of the world's leading animal healthcare company, ZICC is at the forefront of driving transformative advancements and applying technology to solve the most complex problems. Our mission is to ensure sustainable growth and maintain a competitive edge for Zoetis globally by leveraging the exceptional talent in India.

At ZICC, you'll be part of a dynamic team that partners with colleagues worldwide, embodying the true spirit of One Zoetis. Together, we ensure seamless integration and collaboration, fostering an environment where your contributions can make a real impact. Be a part of our journey to pioneer innovation and drive the future of animal healthcare.

The global Identity, Directory & Access Management (IDAM) team defines and enforces policies, executes processes, and enables systems to ensure appropriate access management across Zoetis' digital ecosystem. Key IDAM functions at Zoetis include Identity Governance & Administration (IGA), Directory & Authentication Services, Multi-Factor Authentication (MFA), Public Key Infrastructure (PKI), Customer Identity & Access Management (CIAM), and Privileged Access Management (PAM), among others.

The IDAM EntraID Conditional Access Engineer is responsible for the engineering, administration and integration of EntraID, Modern Authentication, Conditional Access, and related MS Azure services from both a technology and operational perspective within the Zoetis India Capability Center (ZICC). By leveraging signals such as user identity, device compliance, location, and real-time risk evaluation, the engineer will enforce policies that grant the right users access to the right resources under the appropriate conditions, including robust Multi-Factor Authentication (MFA) requirements. This role ensures the seamless functioning of mission-critical IDAM services that underpin all Zoetis information systems, emphasizing maximum uptime, security, and operational efficiency. The engineer must possess deep technical proficiency in key areas while maintaining a broad understanding of related technologies. Additionally, the role requires expertise in business processes enabled by IAM solutions, engaging in multiple projects and collaborating with stakeholders across various organizational levels to deliver impactful results.

POSITION RESPONSIBILITIES

• Design, implement, and maintain conditional access policies within the Zoetis digital ecosystem.
• Collaborate with cloud, application, infrastructure, messaging, development, and other teams to ensure seamless interoperability.
• Assist with the maintenance, configuration, and operation of the EntraID and Azure platform, focusing on hands-on implementation and technical engineering.
• Develop and implement custom tools to automate repetitive tasks, ensuring operational efficiency.
• Partner with the Security Operations team to monitor access logs and analytics for suspicious activity or policy violations, initiating timely responses.
• Stay updated on upcoming Microsoft Azure enhancements and changes, ensuring proactive planning to maintain optimal performance across the Zoetis ecosystem.
• Monitor the performance, scalability, and security of all platforms under scope, addressing critical issues or escalations as required.
• Provide Level 2 (L2) and Level 3 (L3) support for access-related issues, troubleshooting complex problems, and delivering superior user experiences.
• Participate in shift rotations to deliver 16x5 operations for IDAM services, while providing off-hours escalation support for high-priority incidents (P1, P2).
• Execute installation, maintenance, and configuration changes across IDAM systems, leveraging coding and engineering expertise for efficient implementation.
• Lead, mentor, and develop a team of L2 and L3 administrators, analysts, and engineers to foster professional growth and operational excellence.
• Act as a technical subject matter expert, offering detailed coding, configuration, and engineering guidance for IDAM programs and initiatives.
• Ensure compliance with global IDAM policies, processes, and regulatory requirements to deliver secure and efficient access to Zoetis information systems.
100%

ORGANIZATIONAL RELATIONSHIPS

• Reports to ZICC Directory & Authentication Technology Lead, with dotted line to US-based Head of IDAM and IDAM Operations & Directory Services Leads
• Be part of the global Technology Risk Management organization, which reports to the Chief Information Security Officer (CISO).
• Collaborate regularly with ZTD application, business partner, and infrastructure teams
• Interact with external vendors or partners providing software, services, or APIs that require integration with IDAM systems, including establishing requirements, negotiating contracts, and facilitating technical integration.
• Collaborate with implementation partners responsible for deploying, configuring, or maintaining integrated solutions within Zoetis’ IT landscape.

EDUCATION AND EXPERIENCE
Education:
• University Degree in Computer Science or Information Systems is required
• MS or advanced security/identity courses or other applicable certifications is desirable, including
o Certified Information Systems Security Professional (CISSP)
Experience:
• Minimum 6+ years of experience in Information Systems
• 6+ years of detailed, hands-on experience with IDAM, especially AD, SSO, PKI, MFA
• 2+ years of experience in the pharmaceutical or other regulated industry, especially Animal Health.
• Experience working with global teams across multiple time zones.
• Proven experience in managing medium to large-scale, global IT projects.
• Demonstrated ability to work within diverse technical teams.
• Proven experience in leading technical teams and managing end-to-end solution delivery.
• Strong experience collaborating with Managed Service Providers (MSPs), with a focus on ensuring quality and alignment.

TECHNICAL SKILLS REQUIREMENTS
This is a detailed, hands-on technical role. The ideal candidate will demonstrate proficiency in these areas and provide leadership with respect to specific technologies:

• Enterprise & Cloud Directories:
o Expertise in creating and administering Modern Authentication and Conditional Access Policies within the EntraID/Azure environment.
o Experience integrating applications with Single Sign-On (SSO) using SAML, OAuth 2.0, and OpenID Connect (OIDC) methodologies.
o Proficiency in PowerShell scripting for automation, troubleshooting, and administrative tasks, with additional expertise in Python and Bash scripting for hybrid directory operations.
o Detailed skills related to mobile device management (MDM) platforms such as Microsoft InTune.
o Strong troubleshooting and debugging skills for resolving authentication failures, replication issues, and service outages.
• Multi-Factor Authentication (MFA), Public Key Infrastructure (PKI), Digital Certificates & Encryption:
o Expertise with MFA solutions such as Microsoft Authenticator and SafeNet MobilePass or similar platforms.
o Experience integrating MFA and PKI solutions with enterprise applications, VPNs, and cloud platforms.
• Application Hosting & Privileged Access Management (PAM):
o Strong understanding of on-premise and IaaS application hosting activities, especially in Azure environments.
• End-User and Technology Team Support:
o Experience providing or supervising Level 2 (L2) and Level 3 (L3) support for access issues for end users and technology teams.
o Knowledge of troubleshooting authentication failures and collaborating with application teams to resolve availability issues.
o Familiarity with incident response and root cause analysis for authentication service outages, identity synchronization issues, and cybersecurity events.
o Experience working with Service Desk, Site Services, and Security Operations teams to enhance IAM support processes.
• Desirable Skills & Additional Expertise:
o Privileged Access Management (PAM): Experience with tools like Delinea Secret Server and Netwrix for JITA is highly desirable.
o Identity Governance & Administration (IGA): Knowledge of SailPoint IdentityIQ for Identity Lifecycle, Access Request & Recertification, and User Provisioning/Deprovisioning is a plus.
o Microsoft Power Apps: Experience building or customizing forms and applications to enhance identity-related workflows is advantageous.
o Database & Data Analytics: Experience with SQL, Alteryx, and data warehousing concepts to streamline workflows and troubleshoot data-related issues is a plus.
o Familiarity with Passwordless Authentication methods, such as FIDO2 and biometric-based solutions, for enhancing enterprise security.Must be fluent in both written and spoken English, with the ability to clearly communicate across technical and non-technical audiences.
• Must be fluent in both written and spoken English, with the ability to clearly communicate across technical and non-technical audiences.

PHYSICAL POSITION REQUIREMENTS

Availability to work between 1 PM IST to 10 PM IST, ensuring a minimum of 3 hours of daily overlap with the US Eastern Time zone. Flexibility to provide off-hours escalation support for high-priority incidents (P1, P2) as needed.