JOB
Work, Serve, Thrive. With the City of Durham
Advance in your career while making a real difference in the community you serve.
Hiring Range: $85,653.00 - $132,772.00 Annually
Work Day/Hours: M-F 8:00am - 5:00pm
The City of Durham’s nationally recognized, award-winning Technology Solutions Department builds and aligns the City’s information technology infrastructure so that departments can deliver a superior level of public service. Our team is recognized nationally by the Public Technology Institute, ICMA Center for Performance Measurement and Digital Cities Survey. If you can offer the skills to innovate and the passion to serve, bring your talent to Durham.
The Microsoft Identity Administrator is responsible for overseeing and maintaining the City of Durham’s enterprise identity and access management infrastructure. This position serves as the primary administrator of Microsoft Entra ID (formerly Azure Active Directory) and on-premises Active Directory, ensuring secure, reliable, and compliant access across all City systems and applications. The role encompasses user lifecycle management, access control, identity security monitoring, hybrid identity synchronization, and authentication policy administration. The Microsoft Identity Administrator also functions as the lead for identity governance, privileged access management, and automation of identity workflows, supporting a Zero Trust security posture across the enterprise. The ideal candidate brings deep technical expertise in Microsoft identity platforms, strong analytical judgment, and the ability to collaborate effectively across IT, cybersecurity, and business operations teams.
EXAMPLE OF DUTIES
User and Group Management
-
Create, modify, and deprovision user, service, and group accounts in Microsoft Entra ID and on-premises Active Directory.
-
Maintain group memberships, role assignments, and naming conventions in alignment with organizational standards.
-
Coordinate with Human Resources to ensure identity provisioning aligns with HR data feeds and automated onboarding and offboarding workflows.
Access Control and Permissions
-
Administer Conditional Access policies and Role-Based Access Control (RBAC) across enterprise applications and platforms.
-
Evaluate and process access requests in accordance with least privilege and separation of duties principles.
-
Review and enforce access governance policies to ensure compliance with City security standards.
Identity Security and Compliance Monitoring
-
Monitor sign-in activity, Multi-Factor Authentication (MFA) enforcement, and Identity Protection alerts on a daily basis.
-
Investigate risky users, blocked sign-ins, and compromised accounts; partner with the Security Operations team to contain and resolve identity-based threats.
-
Produce audit reports for compliance, access reviews, and MFA adoption; provide evidence for internal and external audits.
Hybrid Identity Management
-
Manage Microsoft Entra Connect and Cloud Sync configurations to maintain healthy synchronization between on-premises Active Directory and Entra ID.
-
Troubleshoot directory synchronization errors, password writeback issues, and hybrid join failures.
-
Monitor Entra Connect Health dashboards and proactively address replication or connectivity issues.
Authentication and MFA Administration
-
Configure and maintain MFA, passwordless sign-in methods, and FIDO2 authentication keys for City staff.
-
Support end users with MFA registration, authentication troubleshooting, and self-service password reset (SSPR).
-
Manage authentication strengths and configure Windows Hello for Business, Microsoft Authenticator App, and certificate-based authentication.
Privileged Identity Management
-
Administer Privileged Identity Management (PIM) to enforce just-in-time (JIT) role activation for privileged accounts.
-
Review and process privileged access requests, enforce approval workflows, and maintain audit logs of elevated access activity.
-
Conduct periodic access reviews for privileged roles and group memberships to ensure continued appropriateness.
Policy and Configuration Management
-
Develop and enforce identity governance standards, lifecycle management policies, and automation scripts using PowerShell and Microsoft Graph API.
-
Maintain comprehensive documentation of identity configurations, policies, and administrative procedures.
-
Evaluate new Microsoft Entra features and recommend enhancements to improve security posture and operational efficiency.
Troubleshooting and Incident Resolution
-
Serve as Tier 2–3 escalation support for authentication, Conditional Access, Single Sign-On (SSO), and identity-related incidents.
-
Collaborate with IT and cybersecurity teams to resolve incidents efficiently and document root cause and corrective actions.
-
Provide technical guidance to End User Support engineers, systems administrators, and data center personnel on identity-related issues.
Oracle Identity and Device Management
-
Manage provisioning, modification, and deprovisioning workflows using Oracle Identity Manager (OIM) and Oracle Access Manager (OAM).
-
Configure and maintain SSO and federation services across enterprise applications integrated with Oracle IAM.
-
Enroll and manage City endpoints across Windows, macOS, iOS, and Android platforms using Microsoft Intune (Endpoint Manager).
-
Configure device compliance policies, conditional access rules, application protection policies, and security baselines in Intune.
SUPPLEMENTAL INFORMATION
- Experience with Oracle Identity Management (OIM/OAM), including SSO configuration and identity lifecycle automation.
-
Microsoft Intune administration experience including device enrollment, compliance policy configuration, and application deployment.
-
Oracle Certified Professional (OCP) designation or other industry-recognized identity and access management certifications.
-
Familiarity with Microsoft Sentinel, Azure Monitor Workbooks, and SIEM integration for identity log analysis.
-
Experience with Privileged Identity Management (PIM), entitlement management, and lifecycle workflows within Microsoft Entra ID Governance.
-
Knowledge of Zero Trust security principles and their application in a hybrid cloud environment.
-
Strong analytical, written communication, and documentation skills with the ability to translate technical concepts for non-technical audiences.