Active Directory and Entra Specialist (Freelance/Contract) Purpose of the Role: The Active Directory / Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity lifecycle automation across all in scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security, and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Key Technical Responsibilities Hybrid Active Directory Operations: Administer multi forest on premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker / WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto updating) including sync rules, source anchor, password hash sync / pass through authentication, seamless SSO, staging mode validation, and re permission / re baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign in risk, user risk, named locations, device compliance, session controls), Multi Factor Authentication, passwordless sign in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just in time role activation, approval workflows, access reviews and break glass account governance; work with the on premises PAM solution for tier 0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32 / LOB / Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (legacy), AzureAD (legacy), and ActiveDirectory modules - including JML (Joiner Mover Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR / ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity related tickets, achieving the contractual SLAs: P1 1 hour response / 4 hour resolution, P2 4 hour response / 1 working day resolution, P3 1 working day response / 3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end to end device and application management, including Autopilot pre provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell scripting (intermediate to advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read / debug / extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS Federation, certificate based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (e.g., ServiceNow, Jira Service Management). Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier 0 PAM solutions (CyberArk, BeyondTrust, Delinea) on premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC 300) - mandatory. Microsoft Certified: Endpoint Administrator Associate (MD 102) - mandatory. Microsoft 365 Certified: Administrator Expert (MS 102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC 100) - desirable. ITIL 4 Foundation - preferred.
11/05/2026
Full time
Active Directory and Entra Specialist (Freelance/Contract) Purpose of the Role: The Active Directory / Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity lifecycle automation across all in scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security, and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Key Technical Responsibilities Hybrid Active Directory Operations: Administer multi forest on premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker / WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto updating) including sync rules, source anchor, password hash sync / pass through authentication, seamless SSO, staging mode validation, and re permission / re baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign in risk, user risk, named locations, device compliance, session controls), Multi Factor Authentication, passwordless sign in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just in time role activation, approval workflows, access reviews and break glass account governance; work with the on premises PAM solution for tier 0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32 / LOB / Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (legacy), AzureAD (legacy), and ActiveDirectory modules - including JML (Joiner Mover Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR / ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity related tickets, achieving the contractual SLAs: P1 1 hour response / 4 hour resolution, P2 4 hour response / 1 working day resolution, P3 1 working day response / 3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end to end device and application management, including Autopilot pre provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell scripting (intermediate to advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read / debug / extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS Federation, certificate based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (e.g., ServiceNow, Jira Service Management). Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier 0 PAM solutions (CyberArk, BeyondTrust, Delinea) on premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC 300) - mandatory. Microsoft Certified: Endpoint Administrator Associate (MD 102) - mandatory. Microsoft 365 Certified: Administrator Expert (MS 102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC 100) - desirable. ITIL 4 Foundation - preferred.
Active Directory and Entra Specialist 2.2 Purpose of the Role The Active Directory / Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on-premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity lifecycle automation across all in-scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post-holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Requirements 2.3 Key Technical Responsibilities Hybrid Active Directory Operations Administer multi-forest on-premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker / WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto-updating) including sync rules, source anchor, password hash sync / pass-through authentication, seamless SSO, staging mode validation, and re-permission / re-baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time-skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign-in risk, user risk, named locations, device compliance, session controls), Multi-Factor Authentication, passwordless sign-in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just-in-time role activation, approval workflows, access reviews and break-glass account governance; work with the on-premises PAM solution for tier-0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external-facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR-driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32 / LOB / Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co-manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (legacy), AzureAD (legacy), and ActiveDirectory modules - including JML (Joiner-Mover-Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity-related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR / ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity-related tickets, achieving the contractual SLAs: P1 1-hour response / 4-hour resolution, P2 4-hour response / 1 working day resolution, P3 1 working day response / 3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post-incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign-in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. 2.4 Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign-in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end-to-end device and application management, including Autopilot pre-provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell scripting (intermediate-to-advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read / debug / extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS-Federation, certificate-based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (e.g., ServiceNow, Jira Service Management). 2.5 Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier-0 PAM solutions (CyberArk, BeyondTrust, Delinea) on-premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. 2.6 Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft Certified: Endpoint Administrator Associate (MD-102) - mandatory. Microsoft 365 Certified: Administrator Expert (MS-102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - desirable. ITIL 4 Foundation - preferred.
10/05/2026
Full time
Active Directory and Entra Specialist 2.2 Purpose of the Role The Active Directory / Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on-premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity lifecycle automation across all in-scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post-holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Requirements 2.3 Key Technical Responsibilities Hybrid Active Directory Operations Administer multi-forest on-premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker / WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto-updating) including sync rules, source anchor, password hash sync / pass-through authentication, seamless SSO, staging mode validation, and re-permission / re-baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time-skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign-in risk, user risk, named locations, device compliance, session controls), Multi-Factor Authentication, passwordless sign-in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just-in-time role activation, approval workflows, access reviews and break-glass account governance; work with the on-premises PAM solution for tier-0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external-facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR-driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32 / LOB / Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co-manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (legacy), AzureAD (legacy), and ActiveDirectory modules - including JML (Joiner-Mover-Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity-related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR / ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity-related tickets, achieving the contractual SLAs: P1 1-hour response / 4-hour resolution, P2 4-hour response / 1 working day resolution, P3 1 working day response / 3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post-incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign-in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. 2.4 Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign-in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end-to-end device and application management, including Autopilot pre-provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell scripting (intermediate-to-advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read / debug / extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS-Federation, certificate-based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (e.g., ServiceNow, Jira Service Management). 2.5 Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier-0 PAM solutions (CyberArk, BeyondTrust, Delinea) on-premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. 2.6 Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft Certified: Endpoint Administrator Associate (MD-102) - mandatory. Microsoft 365 Certified: Administrator Expert (MS-102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - desirable. ITIL 4 Foundation - preferred.
Maidenhead, United Kingdom Posted on 07/05/2026 VE3 is a technology and business consultancy focused on delivering end-to-end technology solutions and products. We have successfully serviced enterprises across multiple markets, including the public and private sectors. Our services span all aspects of business, providing a holistic approach to managing an organization. We are committed to providing technical innovations and tools that empower organizations with critical information to facilitate decision-making that results in business transformation through cost savings and increased operational efficiency. Our commitment to quality is adopted throughout the organization and sets the foundation for delivering our full suite of capabilities. Job Description Active Directory and Entra Specialist Purpose of the Role The Active Directory / Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on-premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity lifecycle automation across all in-scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post-holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Requirements Key Technical Responsibilities Hybrid Active Directory Operations Administer multi-forest on-premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker / WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto-updating) including sync rules, source anchor, password hash sync / pass-through authentication, seamless SSO, staging mode validation, and re-permission / re-baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time-skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign-in risk, user risk, named locations, device compliance, session controls), Multi-Factor Authentication, passwordless sign-in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just-in-time role activation, approval workflows, access reviews and break-glass account governance; work with the on-premises PAM solution for tier-0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external-facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR-driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32 / LOB / Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co-manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (legacy), AzureAD (legacy), and ActiveDirectory modules - including JML (Joiner-Mover-Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity-related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR / ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity-related tickets, achieving the contractual SLAs: P1 1-hour response / 4-hour resolution, P2 4-hour response / 1 working day resolution, P3 1 working day response / 3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post-incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign-in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign-in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end-to-end device and application management, including Autopilot pre-provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell scripting (intermediate-to-advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read / debug / extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS-Federation, certificate-based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (e.g., ServiceNow, Jira Service Management). Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier-0 PAM solutions (CyberArk, BeyondTrust, Delinea) on-premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft 365 Certified: Administrator Expert (MS-102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - desirable.
09/05/2026
Full time
Maidenhead, United Kingdom Posted on 07/05/2026 VE3 is a technology and business consultancy focused on delivering end-to-end technology solutions and products. We have successfully serviced enterprises across multiple markets, including the public and private sectors. Our services span all aspects of business, providing a holistic approach to managing an organization. We are committed to providing technical innovations and tools that empower organizations with critical information to facilitate decision-making that results in business transformation through cost savings and increased operational efficiency. Our commitment to quality is adopted throughout the organization and sets the foundation for delivering our full suite of capabilities. Job Description Active Directory and Entra Specialist Purpose of the Role The Active Directory / Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on-premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity lifecycle automation across all in-scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post-holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Requirements Key Technical Responsibilities Hybrid Active Directory Operations Administer multi-forest on-premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker / WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto-updating) including sync rules, source anchor, password hash sync / pass-through authentication, seamless SSO, staging mode validation, and re-permission / re-baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time-skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign-in risk, user risk, named locations, device compliance, session controls), Multi-Factor Authentication, passwordless sign-in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just-in-time role activation, approval workflows, access reviews and break-glass account governance; work with the on-premises PAM solution for tier-0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external-facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR-driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32 / LOB / Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co-manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (legacy), AzureAD (legacy), and ActiveDirectory modules - including JML (Joiner-Mover-Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity-related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR / ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity-related tickets, achieving the contractual SLAs: P1 1-hour response / 4-hour resolution, P2 4-hour response / 1 working day resolution, P3 1 working day response / 3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post-incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign-in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign-in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end-to-end device and application management, including Autopilot pre-provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell scripting (intermediate-to-advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read / debug / extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS-Federation, certificate-based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (e.g., ServiceNow, Jira Service Management). Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier-0 PAM solutions (CyberArk, BeyondTrust, Delinea) on-premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft 365 Certified: Administrator Expert (MS-102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - desirable.
Purpose of the Role The Active Directory/Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on-premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity life cycle automation across all in-scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post-holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Requirements 2.3 Key Technical Responsibilities Hybrid Active Directory Operations Administer multi-forest on-premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker/WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on Legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto-updating) including sync rules, source anchor, password hash sync/pass-through authentication, seamless SSO, staging mode validation, and re-permission/re-baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time-skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign-in risk, user risk, named locations, device compliance, session controls), Multi-Factor Authentication, passwordless sign-in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just-in-time role activation, approval workflows, access reviews and break-glass account governance; work with the on-premises PAM solution for tier-0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external-facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR-driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32/LOB/Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co-manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (Legacy), AzureAD (Legacy), and ActiveDirectory modules - including JML (Joiner-Mover-Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity-related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR/ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity-related tickets, achieving the contractual SLAs: P1 1-hour response/4-hour resolution, P2 4-hour response/1 working day resolution, P3 1 working day response/3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post-incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign-in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign-in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end-to-end device and application management, including Autopilot pre-provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell Scripting (intermediate-to-advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read/debug/extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS-Federation, certificate-based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (eg, ServiceNow, Jira Service Management). Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier-0 PAM solutions (CyberArk, BeyondTrust, Delinea) on-premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft Certified: Endpoint Administrator Associate (MD-102) - mandatory. Microsoft 365 Certified: Administrator Expert (MS-102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - desirable. ITIL 4 Foundation - preferred.
08/05/2026
Purpose of the Role The Active Directory/Entra Specialist is the technical authority for the customer's hybrid identity platform. The role owns the design, operation, security, and continuous improvement of on-premises Active Directory Domain Services, Group Policy, ADFS, Entra ID (P2), Azure AD Connect, B2B and B2C flows, Conditional Access, MFA, Intune, and identity life cycle automation across all in-scope business programmes. Identity is the foundation of every other workload in the estate. This role therefore underwrites the availability, security and compliance of M365, SharePoint, Power Platform, Dynamics 365, Fabric and Azure services. The post-holder is on the front line for any P1 authentication outage, Conditional Access misconfiguration, or directory replication failure. Requirements 2.3 Key Technical Responsibilities Hybrid Active Directory Operations Administer multi-forest on-premises Active Directory Domain Services (modern schema, WS2016+ functional level), including domain controllers, FSMO roles, sites and services, replication topology, DNS, DHCP, time service (NT5DS), and trust relationships. Maintain and harden Group Policy Objects across the estate, including baseline security GPOs, audit policies, AppLocker/WDAC, BitLocker, Windows Update for Business, and computer/user configuration drift detection. Operate and patch ADFS on Legacy Windows Server (where present), administer claims rules, relying party trusts, certificate rotation, and plan migration of relying parties to Entra ID where commercially appropriate. Manage Azure AD Connect (auto-updating) including sync rules, source anchor, password hash sync/pass-through authentication, seamless SSO, staging mode validation, and re-permission/re-baseline activities. Diagnose and remediate replication failures, lingering objects, USN rollback, tombstone issues, NTLM/Kerberos auth failures, SPN duplication, and time-skew problems using repadmin, dcdiag, klist, KDCDiag, ADReplStatus and Microsoft 365 Connectivity Analyzer. Entra ID and Identity Lifecycle Administer Entra ID P2 tenants including users, groups, dynamic groups, administrative units, application registrations, enterprise applications, service principals, managed identities, and consent workflows. Configure and operate Conditional Access (sign-in risk, user risk, named locations, device compliance, session controls), Multi-Factor Authentication, passwordless sign-in (Windows Hello for Business, FIDO2, Authenticator), and Temporary Access Pass for onboarding. Operate Privileged Identity Management (PIM) for just-in-time role activation, approval workflows, access reviews and break-glass account governance; work with the on-premises PAM solution for tier-0 administration. Manage Entra ID B2B (guest collaboration) and B2C (custom policies, user flows, identity providers, custom branding, application integrations) for both internal and external-facing tenants. Implement Identity Governance: Entitlement Management, Access Packages, Access Reviews, Lifecycle Workflows, and HR-driven inbound provisioning where in scope. Endpoint Management with Intune Administer Microsoft Intune including device enrolment (Autopilot, Apple ABM, Android Enterprise), configuration profiles, compliance policies, app protection policies (MAM), Conditional Access integration, and Endpoint Privilege Management. Define and maintain Windows update rings, feature update profiles, driver update profiles, and Defender for Endpoint baselines via Intune Security Baselines. Operate Win32/LOB/Microsoft Store app deployment, package authoring (intunewin), update rings, and supersedence chains. Co-manage devices with Configuration Manager where present, troubleshoot enrolment failures using IME logs, MDM Diagnostics Tool, and the Intune Troubleshooting portal. Identity Automation and Tooling Author and maintain PowerShell automation using Microsoft Graph PowerShell SDK, Az PowerShell, ExchangeOnlineManagement, MSOnline (Legacy), AzureAD (Legacy), and ActiveDirectory modules - including JML (Joiner-Mover-Leaver) workflows, group membership reconciliation, stale object cleanup, and licence assignment. Build and operate identity-related runbooks in Azure Automation, Logic Apps, or Power Automate where appropriate. Use Microsoft Graph (REST + SDK) for advanced reporting, bulk operations, and integration with HR/ITSM platforms. Service Operations Own L2/L3 incident, problem and change resolution for identity-related tickets, achieving the contractual SLAs: P1 1-hour response/4-hour resolution, P2 4-hour response/1 working day resolution, P3 1 working day response/3 working days resolution. Lead root cause analysis (RCA) for P1 identity incidents and produce post-incident review reports within five working days. Contribute to monthly service reports with identity KPIs (sign-in success rate, MFA coverage, Conditional Access policy hits, privileged role activations, sync health, AAD Connect latency, certificate expiry watchlist). Participate in CAB review, change scheduling, and change risk assessment for identity changes; produce rollback plans and pre/post implementation checks. Mandatory Technical Skills Active Directory Domain Services on Windows Server 2016+ including schema management, sites and services, GPO design, ADFS, AD CS, AD Recycle Bin, and DR/recovery procedures (authoritative restore). Entra ID P2 deep configuration: Conditional Access, MFA, PIM, Identity Protection (sign-in risk, user risk, risky users), Identity Governance, Application Proxy, External Identities (B2B, B2C custom policies), and Hybrid Identity (AAD Connect). Microsoft Intune end-to-end device and application management, including Autopilot pre-provisioning, compliance, configuration, and Endpoint Security baselines. PowerShell Scripting (intermediate-to-advanced) using Microsoft Graph SDK, Az, and ActiveDirectory modules; ability to read/debug/extend existing scripts under change control. Working knowledge of Microsoft Defender for Identity (formerly Azure ATP) signals and integration with Defender XDR. Networking fundamentals: DNS, Kerberos, NTLM, OAuth 2.0, OpenID Connect, SAML 2.0, WS-Federation, certificate-based authentication, TLS/SSL troubleshooting, and modern auth flows. Working knowledge of ITIL v4 incident, problem, change and configuration management, and ITSM ticketing (eg, ServiceNow, Jira Service Management). Desirable Technical Skills Entra Permissions Management (CIEM). Microsoft Entra ID Verified ID (decentralised identity) familiarity. Group Policy Analytics in Intune for cloud migration. Experience operating tier-0 PAM solutions (CyberArk, BeyondTrust, Delinea) on-premises. Familiarity with FIDO2 hardware tokens, Windows LAPS (cloud), and Authentication Methods migration. Exposure to Azure VPN Gateway, ExpressRoute, and hybrid connectivity for identity authentication paths. Required Certifications Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft Certified: Endpoint Administrator Associate (MD-102) - mandatory. Microsoft 365 Certified: Administrator Expert (MS-102) - preferred. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - desirable. ITIL 4 Foundation - preferred.
Role: Solution Architect ServiceNow Contract Type: Full-time, Permanent Location: Sunbury-upon-Thames, London, or Livingston (Kinly operates a hybrid working model, allowing for a mix of home and office working), but you will be expected to be on site at least 1 day per week in one of these locations Salary: Excellent salary (dependent on experience), plus bonus and company benefits Kinly is a unified global leader in collaboration, systems integration, and managed services. We focus on transforming workspaces, simplifying complexity, and empowering people. Our in house expertise includes AI powered room monitoring, 24/7 support, and a unique enterprise service layer, enabling us to operate with even greater agility, efficiency, and precision. As we continue to grow and expand, we have a new opportunity for a proven ServiceNow Solution Architect, who will be responsible for focusing on process and system optimisation and on supporting and improving our consolidated current and new application landscape. You'll collaborate with a team of colleagues, designing, implementing, and maintaining the landscape. Your expertise will focus on the ServiceNow Customer Service Management application; including case management, advanced work assignment, virtual agent, chatbots, knowledge management, SLA & entitlements, CSM/FSM workspace, customer service portal & mobile app. Moreover, you will be responsible for delivering customer integrations as well as supporting internal business integrations. Other applications on the platform where experience is preferred are Field Service Management (FSM), IT Service Management (ITSM) and Strategic Portfolio Management (SPM). You will work closely with key users to identify, specify, and implement system enhancements and with your analytical mindset and strong communication skills, you'll drive meaningful change through well founded and convincing solutions. Key Responsibilities Support the adoption and expansion of ServiceNow CSM, FSM, ITSM & SPM across Kinly Continuously enhance the existing ServiceNow applications Develop automations and support system integrations Create innovative solutions to drive efficiencies for business stakeholders Manage and coordinate technical projects Skills and Experience Functional Strong expertise and an understanding of customer service business processes Skilled in requirements analysis, functional and technical design, testing, and agile methodologies Strong analytical and problem solving abilities Knowledge of ITIL (preferred) Technical Proven expertise as a ServiceNow Application Manager or Consultant Advanced knowledge of client and server side scripting, workflows/flows, integration hub & Access control lists and policies NowAssist skill building Excellent understanding of JavaScript scripting within ServiceNow Understanding of JSON and XML Good experience with either UI Builder or mobile app development in ServiceNow Knowledge of the ServiceNow table API and creating scripted APIs. Willing to work outside regular hours, be on standby periodically, and travel internationally as needed If you are selected for interview, and need any reasonable adjustments made for your interview, please let the Talent Acquisition team know, at the point of scheduling. If you do require details of the vacancy or the application process in an alternative format, please email outlining your requirements. Equal Opportunities Kinly is committed to providing equal opportunities in employment, all qualified applicants will receive consideration for employment without regard to sex, age, gender identity, pregnancy, colour, race, national origin, sexual orientation, disability, religion or any other 'protected characteristics. We welcome your application.
07/05/2026
Full time
Role: Solution Architect ServiceNow Contract Type: Full-time, Permanent Location: Sunbury-upon-Thames, London, or Livingston (Kinly operates a hybrid working model, allowing for a mix of home and office working), but you will be expected to be on site at least 1 day per week in one of these locations Salary: Excellent salary (dependent on experience), plus bonus and company benefits Kinly is a unified global leader in collaboration, systems integration, and managed services. We focus on transforming workspaces, simplifying complexity, and empowering people. Our in house expertise includes AI powered room monitoring, 24/7 support, and a unique enterprise service layer, enabling us to operate with even greater agility, efficiency, and precision. As we continue to grow and expand, we have a new opportunity for a proven ServiceNow Solution Architect, who will be responsible for focusing on process and system optimisation and on supporting and improving our consolidated current and new application landscape. You'll collaborate with a team of colleagues, designing, implementing, and maintaining the landscape. Your expertise will focus on the ServiceNow Customer Service Management application; including case management, advanced work assignment, virtual agent, chatbots, knowledge management, SLA & entitlements, CSM/FSM workspace, customer service portal & mobile app. Moreover, you will be responsible for delivering customer integrations as well as supporting internal business integrations. Other applications on the platform where experience is preferred are Field Service Management (FSM), IT Service Management (ITSM) and Strategic Portfolio Management (SPM). You will work closely with key users to identify, specify, and implement system enhancements and with your analytical mindset and strong communication skills, you'll drive meaningful change through well founded and convincing solutions. Key Responsibilities Support the adoption and expansion of ServiceNow CSM, FSM, ITSM & SPM across Kinly Continuously enhance the existing ServiceNow applications Develop automations and support system integrations Create innovative solutions to drive efficiencies for business stakeholders Manage and coordinate technical projects Skills and Experience Functional Strong expertise and an understanding of customer service business processes Skilled in requirements analysis, functional and technical design, testing, and agile methodologies Strong analytical and problem solving abilities Knowledge of ITIL (preferred) Technical Proven expertise as a ServiceNow Application Manager or Consultant Advanced knowledge of client and server side scripting, workflows/flows, integration hub & Access control lists and policies NowAssist skill building Excellent understanding of JavaScript scripting within ServiceNow Understanding of JSON and XML Good experience with either UI Builder or mobile app development in ServiceNow Knowledge of the ServiceNow table API and creating scripted APIs. Willing to work outside regular hours, be on standby periodically, and travel internationally as needed If you are selected for interview, and need any reasonable adjustments made for your interview, please let the Talent Acquisition team know, at the point of scheduling. If you do require details of the vacancy or the application process in an alternative format, please email outlining your requirements. Equal Opportunities Kinly is committed to providing equal opportunities in employment, all qualified applicants will receive consideration for employment without regard to sex, age, gender identity, pregnancy, colour, race, national origin, sexual orientation, disability, religion or any other 'protected characteristics. We welcome your application.
Security Clearance: To be successfully appointed to this role, must be eligible to obtain Security Check (SC) clearance. To obtain SC clearance, the successful applicant must have resided continuously within the United Kingdom for the last 5 years, along with other criteria and requirements. Throughout the recruitment process, you will be asked questions about your security clearance eligibility such as, but not limited to, country of residence and nationality. Some posts are restricted to sole UK Nationals for security reasons; therefore, you may be asked about your citizenship in the application process. Hybrid working: The places that you work from day to day will vary according to your role, your needs, and those of the business; it will be a blend of Company offices, client sites, and your home; noting that you will be unable to work at home 100% of the time. If you are successfully offered this position, you will go through a series of pre-employment checks, including identity, nationality (single or dual) or immigration status, employment history going back three continuous years, and unspent criminal record check (known as Disclosure and Barring Service) What we will offer you You will be encouraged to have a positive work-life balance. Our hybrid-first way of working means we embed hybrid working in all that we do and make flexible working arrangements the day-to-day reality for our people. All UK employees are eligible to request flexible working arrangements. You will be empowered to explore, innovate, and progress. You will benefit from Capgemini's 'learning for life' mindset, meaning you will have countless training and development opportunities from thinktanks to hackathons, and access to 250,000 courses with numerous external certifications from AWS, Microsoft, Harvard Manage Mentor, Cybersecurity qualifications and much more. Why we are different At Capgemini, we help organisations across the world become more agile, more competitive, and more successful. Smart, tailored, often ground-breaking technical solutions to complex problems are the norm. But so, too, is a culture that is as collaborative as it is forward thinking. Working closely with each other, and with our clients, we get under the skin of businesses and to the heart of their goals. You will too. Capgemini is proud to represent nearly 130 nationalities and its cultural diversity. Our holistic definition of diversity extends beyond gender, gender identity, sexual orientation, disability, ethnicity, race, age, and religion. Capgemini views diversity as everything that makes us who we are as an organization, including our social background, our experiences in life and work, our communication styles and even our personality. These dimensions contribute to the type of diversity we value the most: diversity of thought. Who you will be working with You will join the Data Trust Capability in Capgemini's Insights and Data (I&D) business unit. Insights and Data is a global business unit covering Enterprise Data Management, Cloud Platforms, Enterprise Content Management and AI & Analytics. Our team is one of the largest and most successful Data Management teams in the UK delivering innovative Data Management and Governance thought leadership to our clients. The Enterprise Data Management provides services on Information Strategy, Data Governance, Master Data Management, Data Architecture, Data Migration and Lifecycle Management. We help our clients build an enterprise-class data platform that allows them to move ahead in their journey of data and insights. Primarily working with leading software vendors like SAP, Informatica, IBM, Oracle et al, the team are primarily Consultants, putting client requirements and industry best practices at the heart of delivery. The focus of your role Configure and maintain Microsoft Purview features, including: Information Protection (sensitivity labels, auto-labelling), Data Loss Prevention (M365, Endpoint, Cloud Apps), Data Governance (catalogue, scanning, classification), Records Management (retention labels & policies), Insider Risk Management, eDiscovery (Standard & Premium) Manage scanning rules, data connectors, metadata sources, and catalog assets. Support integration with M365, Azure, Power Platform, and on premises data sources Monitor Purview alerts, DLP incidents, policy matches, and governance activity logs Perform investigation of policy violations, insider risk alerts, and data protection events Track and escape issues to engineering or architecture teams as required Maintain audit trails, compliance dashboards, and monthly reporting Assist with maintaining data classification schemas, taxonomy, and metadata models Support data owners and stewards in cataloguing and tagging data assets Run data scans, quality checks, and lineage validation tasks Produce and maintain operational runbooks, configuration documentation, and governance processes Create user guides for end users, compliance officers, and IT support teams Document incident response processes related to Purview alerts Work closely with Compliance, Security, Data Governance, and IT teams to implement policies into Purview Support end users by troubleshooting classification, labelling, and access issues Provide training sessions and knowledge transfer on Purview features Identify gaps in data governance and compliance processes; recommend improvements You may also offer insights to the wider community through blogs, articles, and social media. At Capgemini, we believe in bringing your whole self to work. Equity, diversity, and inclusion are woven into our everyday culture, creating a welcoming and supportive environment for everyone. What You Will Bring As a Technical Purview Analyst, you will have 7 years plus experience in data governance, security, compliance, or Microsoft 365 administration. You will have hands on experience with Microsoft Purview or related compliance/security platforms, with exposure to operational support, incident management, or compliance monitoring. Experience Microsoft Purview Information Protection - labels, policies, auto labelling, encryption Data Loss Prevention - endpoint, SharePoint/OneDrive/Teams, Exchange, cloud apps Purview Data Governance - cataloguing, scanning, metadata management Records Management & Retention Labelling eDiscovery workflows and case management Defender for Cloud Apps Wider integration with SharePoint, OneDrive, Exchange, Azure Storage, SQL, Synapse, Data Factory, and Power BI Understanding of classification, metadata, and governance principles Knowledge of Microsoft 365 security & compliance capabilities Basic understanding of Azure Active Directory / Entra ID identity and access concepts Familiarity with ITSM/incident management processes Understanding of regulatory compliance basics How compliance and data protection teams use Purview outputs Data sensitivity models and how they map to business processes Governance best practices, including cataloguing and lineage use cases Ability to configure and manage Purview policies and scanning tools Strong analytical and troubleshooting skills Familiarity with KQL, PowerShell, or Microsoft Graph Ability to interpret logs, alerts, and governance reporting Strong documentation and verbal communication skills Ability to work collaboratively with cross functional teams Good organisational and time management abilities Certifications (Desirable)
05/05/2026
Full time
Security Clearance: To be successfully appointed to this role, must be eligible to obtain Security Check (SC) clearance. To obtain SC clearance, the successful applicant must have resided continuously within the United Kingdom for the last 5 years, along with other criteria and requirements. Throughout the recruitment process, you will be asked questions about your security clearance eligibility such as, but not limited to, country of residence and nationality. Some posts are restricted to sole UK Nationals for security reasons; therefore, you may be asked about your citizenship in the application process. Hybrid working: The places that you work from day to day will vary according to your role, your needs, and those of the business; it will be a blend of Company offices, client sites, and your home; noting that you will be unable to work at home 100% of the time. If you are successfully offered this position, you will go through a series of pre-employment checks, including identity, nationality (single or dual) or immigration status, employment history going back three continuous years, and unspent criminal record check (known as Disclosure and Barring Service) What we will offer you You will be encouraged to have a positive work-life balance. Our hybrid-first way of working means we embed hybrid working in all that we do and make flexible working arrangements the day-to-day reality for our people. All UK employees are eligible to request flexible working arrangements. You will be empowered to explore, innovate, and progress. You will benefit from Capgemini's 'learning for life' mindset, meaning you will have countless training and development opportunities from thinktanks to hackathons, and access to 250,000 courses with numerous external certifications from AWS, Microsoft, Harvard Manage Mentor, Cybersecurity qualifications and much more. Why we are different At Capgemini, we help organisations across the world become more agile, more competitive, and more successful. Smart, tailored, often ground-breaking technical solutions to complex problems are the norm. But so, too, is a culture that is as collaborative as it is forward thinking. Working closely with each other, and with our clients, we get under the skin of businesses and to the heart of their goals. You will too. Capgemini is proud to represent nearly 130 nationalities and its cultural diversity. Our holistic definition of diversity extends beyond gender, gender identity, sexual orientation, disability, ethnicity, race, age, and religion. Capgemini views diversity as everything that makes us who we are as an organization, including our social background, our experiences in life and work, our communication styles and even our personality. These dimensions contribute to the type of diversity we value the most: diversity of thought. Who you will be working with You will join the Data Trust Capability in Capgemini's Insights and Data (I&D) business unit. Insights and Data is a global business unit covering Enterprise Data Management, Cloud Platforms, Enterprise Content Management and AI & Analytics. Our team is one of the largest and most successful Data Management teams in the UK delivering innovative Data Management and Governance thought leadership to our clients. The Enterprise Data Management provides services on Information Strategy, Data Governance, Master Data Management, Data Architecture, Data Migration and Lifecycle Management. We help our clients build an enterprise-class data platform that allows them to move ahead in their journey of data and insights. Primarily working with leading software vendors like SAP, Informatica, IBM, Oracle et al, the team are primarily Consultants, putting client requirements and industry best practices at the heart of delivery. The focus of your role Configure and maintain Microsoft Purview features, including: Information Protection (sensitivity labels, auto-labelling), Data Loss Prevention (M365, Endpoint, Cloud Apps), Data Governance (catalogue, scanning, classification), Records Management (retention labels & policies), Insider Risk Management, eDiscovery (Standard & Premium) Manage scanning rules, data connectors, metadata sources, and catalog assets. Support integration with M365, Azure, Power Platform, and on premises data sources Monitor Purview alerts, DLP incidents, policy matches, and governance activity logs Perform investigation of policy violations, insider risk alerts, and data protection events Track and escape issues to engineering or architecture teams as required Maintain audit trails, compliance dashboards, and monthly reporting Assist with maintaining data classification schemas, taxonomy, and metadata models Support data owners and stewards in cataloguing and tagging data assets Run data scans, quality checks, and lineage validation tasks Produce and maintain operational runbooks, configuration documentation, and governance processes Create user guides for end users, compliance officers, and IT support teams Document incident response processes related to Purview alerts Work closely with Compliance, Security, Data Governance, and IT teams to implement policies into Purview Support end users by troubleshooting classification, labelling, and access issues Provide training sessions and knowledge transfer on Purview features Identify gaps in data governance and compliance processes; recommend improvements You may also offer insights to the wider community through blogs, articles, and social media. At Capgemini, we believe in bringing your whole self to work. Equity, diversity, and inclusion are woven into our everyday culture, creating a welcoming and supportive environment for everyone. What You Will Bring As a Technical Purview Analyst, you will have 7 years plus experience in data governance, security, compliance, or Microsoft 365 administration. You will have hands on experience with Microsoft Purview or related compliance/security platforms, with exposure to operational support, incident management, or compliance monitoring. Experience Microsoft Purview Information Protection - labels, policies, auto labelling, encryption Data Loss Prevention - endpoint, SharePoint/OneDrive/Teams, Exchange, cloud apps Purview Data Governance - cataloguing, scanning, metadata management Records Management & Retention Labelling eDiscovery workflows and case management Defender for Cloud Apps Wider integration with SharePoint, OneDrive, Exchange, Azure Storage, SQL, Synapse, Data Factory, and Power BI Understanding of classification, metadata, and governance principles Knowledge of Microsoft 365 security & compliance capabilities Basic understanding of Azure Active Directory / Entra ID identity and access concepts Familiarity with ITSM/incident management processes Understanding of regulatory compliance basics How compliance and data protection teams use Purview outputs Data sensitivity models and how they map to business processes Governance best practices, including cataloguing and lineage use cases Ability to configure and manage Purview policies and scanning tools Strong analytical and troubleshooting skills Familiarity with KQL, PowerShell, or Microsoft Graph Ability to interpret logs, alerts, and governance reporting Strong documentation and verbal communication skills Ability to work collaboratively with cross functional teams Good organisational and time management abilities Certifications (Desirable)
Role: Solution Architect ServiceNow Contract Type: Full-time, Permanent Location: Sunbury-upon-Thames, London, or Livingston (Kinly operates a hybrid working model, allowing for a mix of home and office working), but you will be expected to be on site at least 1 day per week in one of these locations Salary: Excellent salary (dependent on experience), plus bonus and company benefits Kinly is a unified global leader in collaboration, systems integration, and managed services. We focus on transforming workspaces, simplifying complexity, and empowering people. Our in house expertise includes AI powered room monitoring, 24/7 support, and a unique enterprise service layer, enabling us to operate with even greater agility, efficiency, and precision. As we continue to grow and expand, we have a new opportunity for a proven ServiceNow Solution Architect, who will be responsible for focusing on process and system optimisation and on supporting and improving our consolidated current and new application landscape. You'll collaborate with a team of colleagues, designing, implementing, and maintaining the landscape. Your expertise will focus on the ServiceNow Customer Service Management application; including case management, advanced work assignment, virtual agent, chatbots, knowledge management, SLA & entitlements, CSM/FSM workspace, customer service portal & mobile app. Moreover, you will be responsible for delivering customer integrations as well as supporting internal business integrations. Other applications on the platform where experience is preferred are Field Service Management (FSM), IT Service Management (ITSM) and Strategic Portfolio Management (SPM). You will work closely with key users to identify, specify, and implement system enhancements and with your analytical mindset and strong communication skills, you'll drive meaningful change through well founded and convincing solutions. Key Responsibilities Support the adoption and expansion of ServiceNow CSM, FSM, ITSM & SPM across Kinly Continuously enhance the existing ServiceNow applications Develop automations and support system integrations Create innovative solutions to drive efficiencies for business stakeholders Manage and coordinate technical projects Skills and Experience Functional Strong expertise and an understanding of customer service business processes Skilled in requirements analysis, functional and technical design, testing, and agile methodologies Strong analytical and problem solving abilities Knowledge of ITIL (preferred) Technical Proven expertise as a ServiceNow Application Manager or Consultant Advanced knowledge of client and server side scripting, workflows/flows, integration hub & Access control lists and policies NowAssist skill building Excellent understanding of JavaScript scripting within ServiceNow Understanding of JSON and XML Good experience with either UI Builder or mobile app development in ServiceNow Knowledge of the ServiceNow table API and creating scripted APIs. Willing to work outside regular hours, be on standby periodically, and travel internationally as needed If you are selected for interview, and need any reasonable adjustments made for your interview, please let the Talent Acquisition team know, at the point of scheduling. If you do require details of the vacancy or the application process in an alternative format, please email outlining your requirements. Equal Opportunities Kinly is committed to providing equal opportunities in employment, all qualified applicants will receive consideration for employment without regard to sex, age, gender identity, pregnancy, colour, race, national origin, sexual orientation, disability, religion or any other 'protected characteristics. We welcome your application.
03/05/2026
Full time
Role: Solution Architect ServiceNow Contract Type: Full-time, Permanent Location: Sunbury-upon-Thames, London, or Livingston (Kinly operates a hybrid working model, allowing for a mix of home and office working), but you will be expected to be on site at least 1 day per week in one of these locations Salary: Excellent salary (dependent on experience), plus bonus and company benefits Kinly is a unified global leader in collaboration, systems integration, and managed services. We focus on transforming workspaces, simplifying complexity, and empowering people. Our in house expertise includes AI powered room monitoring, 24/7 support, and a unique enterprise service layer, enabling us to operate with even greater agility, efficiency, and precision. As we continue to grow and expand, we have a new opportunity for a proven ServiceNow Solution Architect, who will be responsible for focusing on process and system optimisation and on supporting and improving our consolidated current and new application landscape. You'll collaborate with a team of colleagues, designing, implementing, and maintaining the landscape. Your expertise will focus on the ServiceNow Customer Service Management application; including case management, advanced work assignment, virtual agent, chatbots, knowledge management, SLA & entitlements, CSM/FSM workspace, customer service portal & mobile app. Moreover, you will be responsible for delivering customer integrations as well as supporting internal business integrations. Other applications on the platform where experience is preferred are Field Service Management (FSM), IT Service Management (ITSM) and Strategic Portfolio Management (SPM). You will work closely with key users to identify, specify, and implement system enhancements and with your analytical mindset and strong communication skills, you'll drive meaningful change through well founded and convincing solutions. Key Responsibilities Support the adoption and expansion of ServiceNow CSM, FSM, ITSM & SPM across Kinly Continuously enhance the existing ServiceNow applications Develop automations and support system integrations Create innovative solutions to drive efficiencies for business stakeholders Manage and coordinate technical projects Skills and Experience Functional Strong expertise and an understanding of customer service business processes Skilled in requirements analysis, functional and technical design, testing, and agile methodologies Strong analytical and problem solving abilities Knowledge of ITIL (preferred) Technical Proven expertise as a ServiceNow Application Manager or Consultant Advanced knowledge of client and server side scripting, workflows/flows, integration hub & Access control lists and policies NowAssist skill building Excellent understanding of JavaScript scripting within ServiceNow Understanding of JSON and XML Good experience with either UI Builder or mobile app development in ServiceNow Knowledge of the ServiceNow table API and creating scripted APIs. Willing to work outside regular hours, be on standby periodically, and travel internationally as needed If you are selected for interview, and need any reasonable adjustments made for your interview, please let the Talent Acquisition team know, at the point of scheduling. If you do require details of the vacancy or the application process in an alternative format, please email outlining your requirements. Equal Opportunities Kinly is committed to providing equal opportunities in employment, all qualified applicants will receive consideration for employment without regard to sex, age, gender identity, pregnancy, colour, race, national origin, sexual orientation, disability, religion or any other 'protected characteristics. We welcome your application.
Enterprise Application Architect Hybrid working. London 2 days a week, remainder remote. Are you ready to shape the future of digital transformation at a leading organisation? We are looking for an Enterprise Application Architect to play a pivotal role in defining, developing, and governing their application architectures. This is an opportunity to lead on embedding automation and AI, modernising systems, and ensuring alignment with the TOGAF Standard as they deliver an ambitious digital strategy. The role - As Enterprise Application Architect, you will: Lead the development of application architectures that are fully aligned with business, data, and technology domains. Drive application rationalisation and the retirement of Legacy systems. Integrate automated, AI, and cloud-smart approaches at the heart of their digital estate. Create TOGAF-aligned deliverables including architecture principles, roadmaps, and gap analyses. Partner with senior stakeholders to translate business needs into effective, future-proof technology solutions. Provide thought leadership, mentoring, and consultancy across the organisation. Deputise for the Head of Enterprise Architecture when required. This is a senior, strategic position where you'll combine leadership and technical expertise with the ability to influence and guide key decisions across the client. What's on Offer? This role comes with an attractive package, including: Salary c. £80,000 - £84,500 pa. Generous pension scheme. 30 days' annual leave (plus bank holidays). Flexible hybrid working arrangements. Comprehensive personal and professional development opportunities, including support for TOGAF v10 certification. Inclusive employment policies that support diversity and work-life balance. Duration/Type: Full-Time, Permanent. What we're looking for, You'll bring a blend of vision, experience, and influence. Essential skills and experience include: A degree in Computer Science, IT, Engineering, or equivalent professional experience. Professional knowledge of TOGAF and related frameworks (eg ArchiMate). At least 5 years' experience in Enterprise Architecture within a complex environment. Strong knowledge of application rationalisation, automation, and AI integration. Expertise with Enterprise Application Architecture tooling (eg ArchiMate, Sparx, Ardoq, BizzDesign). Significant cloud experience - Azure is essential (AWS/GCP desirable). A solid understanding of SaaS, PaaS, IaaS, APIs, SOA, microservices, and event-driven services. Excellent analytical, planning, and communication skills, with the ability to influence both technical and non-technical stakeholders. Leading small teams of architects. Desirable experience includes: Integration platform improvements. Cloud-smart strategies and automation platforms. Familiarity with ITSM/ITIL and system development life cycle methodologies. Why join ? This is more than a technical role - it's an opportunity to make a lasting impact. You'll be central to shaping the clients digital future, embedding innovative solutions that improve experiences for staff, students, and stakeholders alike. In return, we offer a collaborative, forward-thinking environment with excellent benefits and career development opportunities. Diversity The client values diversity and is committed to creating an inclusive environment for all employees and their aim is to become the most inclusive organisation of its kind, anywhere. In line with this mission, they have set up a Women in Technology network to encourage collaboration with cross-functional teams to support the professional development, mentorship, and leadership opportunities for women in IT Services. Recognising the underrepresentation of women in IT Services, the Network aims to promote the growth and advancement of women in their technology workforce. Note: Reasonable adjustments will be made throughout the recruitment process for candidates with disabilities. Applications from individuals seeking flexible working arrangements are welcome. How to Apply If you are an experienced Enterprise Architect with a passion for innovation and business impact, we'd love to hear from you. Apply now by sending your CV to Simon at (see below) Services advertised are those of an Employment Agency.
03/10/2025
Full time
Enterprise Application Architect Hybrid working. London 2 days a week, remainder remote. Are you ready to shape the future of digital transformation at a leading organisation? We are looking for an Enterprise Application Architect to play a pivotal role in defining, developing, and governing their application architectures. This is an opportunity to lead on embedding automation and AI, modernising systems, and ensuring alignment with the TOGAF Standard as they deliver an ambitious digital strategy. The role - As Enterprise Application Architect, you will: Lead the development of application architectures that are fully aligned with business, data, and technology domains. Drive application rationalisation and the retirement of Legacy systems. Integrate automated, AI, and cloud-smart approaches at the heart of their digital estate. Create TOGAF-aligned deliverables including architecture principles, roadmaps, and gap analyses. Partner with senior stakeholders to translate business needs into effective, future-proof technology solutions. Provide thought leadership, mentoring, and consultancy across the organisation. Deputise for the Head of Enterprise Architecture when required. This is a senior, strategic position where you'll combine leadership and technical expertise with the ability to influence and guide key decisions across the client. What's on Offer? This role comes with an attractive package, including: Salary c. £80,000 - £84,500 pa. Generous pension scheme. 30 days' annual leave (plus bank holidays). Flexible hybrid working arrangements. Comprehensive personal and professional development opportunities, including support for TOGAF v10 certification. Inclusive employment policies that support diversity and work-life balance. Duration/Type: Full-Time, Permanent. What we're looking for, You'll bring a blend of vision, experience, and influence. Essential skills and experience include: A degree in Computer Science, IT, Engineering, or equivalent professional experience. Professional knowledge of TOGAF and related frameworks (eg ArchiMate). At least 5 years' experience in Enterprise Architecture within a complex environment. Strong knowledge of application rationalisation, automation, and AI integration. Expertise with Enterprise Application Architecture tooling (eg ArchiMate, Sparx, Ardoq, BizzDesign). Significant cloud experience - Azure is essential (AWS/GCP desirable). A solid understanding of SaaS, PaaS, IaaS, APIs, SOA, microservices, and event-driven services. Excellent analytical, planning, and communication skills, with the ability to influence both technical and non-technical stakeholders. Leading small teams of architects. Desirable experience includes: Integration platform improvements. Cloud-smart strategies and automation platforms. Familiarity with ITSM/ITIL and system development life cycle methodologies. Why join ? This is more than a technical role - it's an opportunity to make a lasting impact. You'll be central to shaping the clients digital future, embedding innovative solutions that improve experiences for staff, students, and stakeholders alike. In return, we offer a collaborative, forward-thinking environment with excellent benefits and career development opportunities. Diversity The client values diversity and is committed to creating an inclusive environment for all employees and their aim is to become the most inclusive organisation of its kind, anywhere. In line with this mission, they have set up a Women in Technology network to encourage collaboration with cross-functional teams to support the professional development, mentorship, and leadership opportunities for women in IT Services. Recognising the underrepresentation of women in IT Services, the Network aims to promote the growth and advancement of women in their technology workforce. Note: Reasonable adjustments will be made throughout the recruitment process for candidates with disabilities. Applications from individuals seeking flexible working arrangements are welcome. How to Apply If you are an experienced Enterprise Architect with a passion for innovation and business impact, we'd love to hear from you. Apply now by sending your CV to Simon at (see below) Services advertised are those of an Employment Agency.
ServiceNow Technical Architect - Contract - Hybrid - London Opportunity: Contract Salary: £650/day inside Hybrid: 3 days per week onsite (Non-negotiable) Office Location: Central London Client Sector: Financial Services About the Role My client, a global trading organisation is looking, is looking for ServiceNow Architect. Key Responsibilities Architect and configure a brand-new ServiceNow platform from the ground up, creating a scalable, enterprise-ready solution aligned with technical standards and business goals. Take full ownership of building pre-production and live environments, ensuring integrations are verified and the platform is production-ready. Establish and lead the Technical Design Authority, defining coding standards, enforcing best practices, and maintaining quality control. Build and mentor an internal ServiceNow team, providing hands-on technical direction to grow in-house capability. Act as the technical gatekeeper for the external implementation partner, ensuring deliverables meet quality benchmarks throughout all phases. Implement critical modules including ITSM workflows, CMDB, and Discovery tools with a focus on long-term stability and scalability. Engineer integrations with core enterprise systems using APIs and Integration Hub to enable seamless data exchange. Partner with Information Security and Compliance to embed security controls, audit trails, and regulatory requirements into platform architecture. Monitor platform health, proactively plan upgrades, and manage technical debt to ensure sustained performance. Champion continuous enhancement post-launch, identifying automation opportunities and evaluating new ServiceNow capabilities. Essential Requirements Degree in IT, Computer Science, or related field (or equivalent professional experience). Minimum two ServiceNow Certified Implementation Specialist certifications (ITSM/ITOM) plus Certified Application Developer. ServiceNow Certified Technical Architect accreditation strongly preferred. Proven greenfield ServiceNow implementation experience in complex, global enterprises. Successfully delivered six or more full ServiceNow implementations, including minimum two ITSM and two ITOM projects. 10+ years IT experience with 7+ years focused on ServiceNow platform engineering and development. At least 2 years as a ServiceNow Architect OR 4 years as a Senior ServiceNow Developer in a global organisation. Expert-level hands-on knowledge of ServiceNow architecture including Now Platform, ITSM, CMDB, Discovery, Flow Designer, Integration Hub, Scoped Applications, and CSDM. Demonstrated experience establishing and operating technical governance frameworks and design authorities. Experience working with external delivery partners, providing technical assurance from design through go-live. Understanding of regulatory frameworks and operational resilience, particularly in financial services or regulated sectors. Strong technical leadership with ability to influence stakeholders across IT, Security, and Business functions. To be considered, please ensure you complete your application on the Computappoint website. Services offered by Computappoint Limited are those of an Employment Business and/or Employment Agency in relation to this vacancy.
01/10/2025
Full time
ServiceNow Technical Architect - Contract - Hybrid - London Opportunity: Contract Salary: £650/day inside Hybrid: 3 days per week onsite (Non-negotiable) Office Location: Central London Client Sector: Financial Services About the Role My client, a global trading organisation is looking, is looking for ServiceNow Architect. Key Responsibilities Architect and configure a brand-new ServiceNow platform from the ground up, creating a scalable, enterprise-ready solution aligned with technical standards and business goals. Take full ownership of building pre-production and live environments, ensuring integrations are verified and the platform is production-ready. Establish and lead the Technical Design Authority, defining coding standards, enforcing best practices, and maintaining quality control. Build and mentor an internal ServiceNow team, providing hands-on technical direction to grow in-house capability. Act as the technical gatekeeper for the external implementation partner, ensuring deliverables meet quality benchmarks throughout all phases. Implement critical modules including ITSM workflows, CMDB, and Discovery tools with a focus on long-term stability and scalability. Engineer integrations with core enterprise systems using APIs and Integration Hub to enable seamless data exchange. Partner with Information Security and Compliance to embed security controls, audit trails, and regulatory requirements into platform architecture. Monitor platform health, proactively plan upgrades, and manage technical debt to ensure sustained performance. Champion continuous enhancement post-launch, identifying automation opportunities and evaluating new ServiceNow capabilities. Essential Requirements Degree in IT, Computer Science, or related field (or equivalent professional experience). Minimum two ServiceNow Certified Implementation Specialist certifications (ITSM/ITOM) plus Certified Application Developer. ServiceNow Certified Technical Architect accreditation strongly preferred. Proven greenfield ServiceNow implementation experience in complex, global enterprises. Successfully delivered six or more full ServiceNow implementations, including minimum two ITSM and two ITOM projects. 10+ years IT experience with 7+ years focused on ServiceNow platform engineering and development. At least 2 years as a ServiceNow Architect OR 4 years as a Senior ServiceNow Developer in a global organisation. Expert-level hands-on knowledge of ServiceNow architecture including Now Platform, ITSM, CMDB, Discovery, Flow Designer, Integration Hub, Scoped Applications, and CSDM. Demonstrated experience establishing and operating technical governance frameworks and design authorities. Experience working with external delivery partners, providing technical assurance from design through go-live. Understanding of regulatory frameworks and operational resilience, particularly in financial services or regulated sectors. Strong technical leadership with ability to influence stakeholders across IT, Security, and Business functions. To be considered, please ensure you complete your application on the Computappoint website. Services offered by Computappoint Limited are those of an Employment Business and/or Employment Agency in relation to this vacancy.
Overview Robert Walters is supporting a central government customer in the recruitment of a Lead ServiceNow Developer to join their national digital function. This is a senior, Grade 7 permanent position that offers the opportunity to lead and shape ServiceNow development across business-critical services that impact thousands of users daily. We are seeking experienced ServiceNow professionals who are passionate about technical leadership, improving public services through smart technology, and mentoring the next generation of developers. This role sits within a cross-functional product delivery team and combines hands-on development with team leadership, solution design, and collaboration across architecture and delivery disciplines. Key Responsibilities Lead the development and configuration of ServiceNow platforms, covering ITSM, ITOM, and CSM modules. Collaborate with Technical Architects and Product Managers to define long-term technical roadmaps and service strategies. Ensure all development aligns with engineering standards and platform governance. Oversee integrations using REST/SOAP APIs and help modernise connections to heritage systems. Champion documentation and knowledge sharing within and across teams. People & Delivery Line manage and coach junior and mid-level developers, supporting their professional development. Guide the team in backlog refinement, story estimation, and sprint planning. Contribute to product and platform decision-making, balancing user needs with sustainability. Support Delivery Managers in forecasting work, removing blockers, and communicating effort effectively in an Agile setting. Essential Skills & Experience Strong experience in ServiceNow development and administration, ideally across ITSM, ITOM, or CSM modules. Proficiency in JavaScript, Glide Scripting, and ServiceNow's development tools. Experience delivering and maintaining integrations using REST and SOAP APIs. Sound knowledge of ITIL processes and ServiceNow SDLC. Demonstrated ability to lead teams and mentor others in technical practices. Experience of working in large-scale, multi-team environments with Legacy integration. Desirable Knowledge of Agile delivery methodologies (Scrum/Kanban). Experience optimising platform performance and security. Familiarity with authentication and identity management in ServiceNow. Exposure to automated testing frameworks within ServiceNow. What's on Offer Competitive government salary and Civil Service pension with up to 27.9% employer contribution. Flexible hybrid working policy, generous annual leave, and inclusive working culture. Opportunity to work on large-scale digital services that deliver real-world impact. A strong focus on continuous professional development, learning, and progression. If you're a senior ServiceNow developer ready to lead in a highly collaborative public sector environment, we'd love to hear from you. We are committed to creating an inclusive recruitment experience.If you have a disability or long-term health condition and require adjustments to the recruitment process, our Adjustment Concierge Service is here to support you. Please reach out to us at (see below) to discuss further. This position is being recruited on behalf of our client through our Outsourcing service line. Resource Solutions Limited, trading as Robert Walters, acts as an employment business and agency, partnering with top organizations to help them find the best talent. We welcome applications from all candidates and are committed to providing equal opportunities.
29/08/2025
Full time
Overview Robert Walters is supporting a central government customer in the recruitment of a Lead ServiceNow Developer to join their national digital function. This is a senior, Grade 7 permanent position that offers the opportunity to lead and shape ServiceNow development across business-critical services that impact thousands of users daily. We are seeking experienced ServiceNow professionals who are passionate about technical leadership, improving public services through smart technology, and mentoring the next generation of developers. This role sits within a cross-functional product delivery team and combines hands-on development with team leadership, solution design, and collaboration across architecture and delivery disciplines. Key Responsibilities Lead the development and configuration of ServiceNow platforms, covering ITSM, ITOM, and CSM modules. Collaborate with Technical Architects and Product Managers to define long-term technical roadmaps and service strategies. Ensure all development aligns with engineering standards and platform governance. Oversee integrations using REST/SOAP APIs and help modernise connections to heritage systems. Champion documentation and knowledge sharing within and across teams. People & Delivery Line manage and coach junior and mid-level developers, supporting their professional development. Guide the team in backlog refinement, story estimation, and sprint planning. Contribute to product and platform decision-making, balancing user needs with sustainability. Support Delivery Managers in forecasting work, removing blockers, and communicating effort effectively in an Agile setting. Essential Skills & Experience Strong experience in ServiceNow development and administration, ideally across ITSM, ITOM, or CSM modules. Proficiency in JavaScript, Glide Scripting, and ServiceNow's development tools. Experience delivering and maintaining integrations using REST and SOAP APIs. Sound knowledge of ITIL processes and ServiceNow SDLC. Demonstrated ability to lead teams and mentor others in technical practices. Experience of working in large-scale, multi-team environments with Legacy integration. Desirable Knowledge of Agile delivery methodologies (Scrum/Kanban). Experience optimising platform performance and security. Familiarity with authentication and identity management in ServiceNow. Exposure to automated testing frameworks within ServiceNow. What's on Offer Competitive government salary and Civil Service pension with up to 27.9% employer contribution. Flexible hybrid working policy, generous annual leave, and inclusive working culture. Opportunity to work on large-scale digital services that deliver real-world impact. A strong focus on continuous professional development, learning, and progression. If you're a senior ServiceNow developer ready to lead in a highly collaborative public sector environment, we'd love to hear from you. We are committed to creating an inclusive recruitment experience.If you have a disability or long-term health condition and require adjustments to the recruitment process, our Adjustment Concierge Service is here to support you. Please reach out to us at (see below) to discuss further. This position is being recruited on behalf of our client through our Outsourcing service line. Resource Solutions Limited, trading as Robert Walters, acts as an employment business and agency, partnering with top organizations to help them find the best talent. We welcome applications from all candidates and are committed to providing equal opportunities.
