MisuJob - AI Job Search Platform MisuJob
Login Sign Up

Identity Fabric Principal

Qualco Group

Warsaw, Masovian Voivodeship, Poland permanent

Posted: April 29, 2026

Interested in this position?

Create a free account to apply with AI-powered matching

Register to Apply

Quick Summary

We are seeking a highly motivated and experienced professional to lead our Identity Fabric team in delivering innovative solutions to deliver businesses.

Required Skills

Identity Management Authentication Services Security Configuration Access Control Conditional Access Identity Protection Finance Governance Automation Token Management Federation Integrations

Job Description

At Quento, the ICT arm of the Qualco Group, we deliver comprehensive and innovative solutions across AI, Digital Engineering, Cloud, and Cybersecurity, helping businesses accelerate digital transformation. With a presence in Greece, Luxembourg, and Belgium, and backed by the expertise of the Qualco Group, we combine deep technical knowledge with strategic partnerships to support business growth.

At Quento Technologies S.A., we empower our people to innovate and lead in delivering transformative ICT solutions to our clients worldwide. Quento Technologies seeks a highly motivated and experienced Identity Fabric Principal.

Responsibilities:

• Support project teams in implementing and troubleshooting auth flows (Auth Code + PKCE, Device Code, Client Credentials, OBO), including edge cases and production incidents;
• Review and harden token/session configurations (lifetimes, refresh behaviour, session controls) and advise on mitigations for common auth threats (replay, token theft);
• Design and standardize claims/attributes strategy (least-privilege claims, normalization across IdPs, group/role overage handling) for scalable integrations;
• Define API access models and permission strategy (scopes vs roles, delegated vs app permissions) and govern consent patterns (admin/incremental) for least privilege and auditability;
• Configure and operate federation integrations (IdP/SP), including metadata management, planned rollovers, and resolving common SSO issues;
• Design risk-based access controls and step-up patterns aligned to application sensitivity, using Conditional Access and appropriate MFA/authentication strength;
• Deliver Entra ID tenant-level configurations and operational posture improvements (baseline configuration, governance touchpoints, operational practices);
• Design and guide external identity onboarding patterns (Entra External ID CIAM/B2B/B2C), balancing UX, security controls, and supportability;
• Build, tune and safely roll out Conditional Access / Identity Protection policies (exclusions, break-glass, staged deployment, monitoring and rollback approach);
• Implement and operate Entra ID Governance capabilities (access packages, entitlement management, access reviews, lifecycle workflows) in alignment with delivery timelines;
• Provide application onboarding and integration support (Enterprise Apps, App Registrations, service principals, managed identities), including troubleshooting and configuration reviews;
• Support hybrid identity dependencies involving AD DS (directory design impacts, group structures, delegation models) and advise on sustainable hybrid patterns;
• Operate and troubleshoot AD FS where still required, and contribute to modernization roadmaps toward cloud-native federation patterns;
• Develop and maintain PowerShell automation for identity operations (Graph PowerShell and relevant modules): reporting, bulk changes, baseline checks, and repeatable tasks with robust logging;
• Provide scripted operational support for AD DS/AD FS (user/group lifecycle tasks, reporting, troubleshooting accelerators) within governance and access boundaries;
• Participate in SailPoint-based IGA delivery (IdentityIQ/IdentityNow): requirements translation, design validation, and alignment of governance outcomes with Microsoft identity patterns;
• Implement IGA processes end-to-end (JML, access requests/approvals, certifications/reviews, SoD, role/entitlement modeling) and integrate with delivery/operations;
• Design and improve provisioning and lifecycle integrations (SCIM, authoritative sources, reconciliation, JIT vs managed provisioning), ensuring clean offboarding and access hygiene;
• Embed GDPR/EUDPR requirements into IAM delivery (minimization, purpose, retention, auditability, token/claim hygiene) and extend governance to AI/agent access where applicable;
• Ensuring that all activities and duties are carried out in full compliance with regulatory requirements and supporting the continued implementation of the Group Anti-Bribery and Corruption Policy.


Requirements:
• Bachelor's degree;
• Minimum 10 years of IT professional experience;
• Minimum 8 years of experience in similar position;
• Hybrid environment readiness: ability to operate with AD DS/AD FS dependencies and modernize pragmatically without disrupting services;
• Automation-by-default: preference for repeatable delivery via PowerShell and controlled processes (CI/CD and/or ITSM where applicable);
• Compliance-oriented design: ability to design/operate IAM controls aligned with GDPR/EUDPR and internal audit expectations (traceability and evidence);
• IGA alignment: capability to deliver governance outcomes with SailPoint and align them with Microsoft identity patterns;
• Future-proofing: readiness to cover AI/agent identities and access controls using least privilege and clear governance;
• Token & session security: knowledge of token/session lifecycles (issuance, validation, lifetimes, refresh tokens), plus common risks and mitigations;
• API permissions & consent: understanding and practical application of scopes vs roles, delegated vs application permissions, and admin/incremental consent models;
• Entra External ID patterns: practical knowledge of CIAM/B2B/B2C onboarding patterns and UX vs security trade-offs;
• Hybrid identity foundations (AD DS): solid understanding of domains/forests, trusts, OU/GPO, delegation and how AD DS impacts hybrid identity;
• SailPoint IGA exposure: practical experience with SailPoint IdentityIQ and/or IdentityNow concepts, delivery model and outcomes;
• Provisioning & lifecycle integrations: experience with SCIM, authoritative sources, reconciliation, and JIT vs managed provisioning trade-offs;
• GDPR/EUDPR + AI readiness: ability to apply privacy-by-design in IAM (minimisation, purpose, retention, token/claim hygiene, auditability) and extend governance to AI/agent access where required;
• Flow implementation & troubleshooting: ability to implement and debug Auth Code + PKCE, Device Code, Client Credentials and OBO flows in real applications;
• Claims & identity context: ability to design claim sets, mapping/normalization across IdPs, least-privilege claims, and handle group/role overage patterns;
• Federation operations: experience configuring IdP/SP integrations, metadata management, rollover planning, and resolving common SSO failures;
• Assurance & risk-based access: capability to apply step-up patterns, MFA trust models, phishing-resistant readiness, and Conditional Access alignment to sensitivity;
• Microsoft Entra ID delivery: hands-on experience with Entra ID tenant configuration, authentication posture, and operational governance;
• Conditional Access & Identity Protection: experience designing/tuning CA policies, MFA enforcement, risk signals, exclusions/break-glass, and safe rollout practices;
• Entra ID Governance: working capability with access packages, entitlement management, access reviews, and lifecycle workflows in delivery contexts;
• App integration engineering: strong experience with Enterprise Apps, App Registrations, service principals, managed identities, and integration support;
• Federation legacy (AD FS): ability to operate/troubleshoot AD FS (claims rules, relying parties) and contribute to modernization planning;
• PowerShell automation (Entra/M365): ability to automate reporting and bulk ops using Microsoft Graph PowerShell and relevant modules with reliable logging;
• PowerShell (AD DS/AD FS): capability to script user/group operations and operational reporting/troubleshooting within governance constraints;
• IGA process delivery: ability to implement JML, access requests/approvals, certifications/reviews, SoD concepts, and role/entitlement modeling;
• Very good knowledge of the English language (B2).


Benefits:
This role is an on - site opportunity Poland.

CV submitted in English.

Your race, gender identity and expression, age ethnicity or disability make no difference in Quento we want to attract, develop, promote, and retain the best people based only on their ability and behavior.

Disclaimer: Quento collects and processes personal data in accordance with the EU General Data Protection Regulation (GDPR). We are bound to use the information provided within your job application for recruitment purposes only and not to share these with any third parties. For more details on the processing of your personal data during the Recruitment procedure, please be informed in the Recruitment Notice, before the submission of your application.

Why Apply Through MisuJob?

AI-Powered Job Matching: MisuJob uses advanced artificial intelligence to analyze your skills, experience, and career goals. Our matching algorithm compares your profile against thousands of job requirements to find positions where you have the highest chance of success. This saves you hours of manual job searching and ensures you only see relevant opportunities.

One-Click Applications: Once you create your profile, applying to jobs is effortless. Your resume and cover letter are automatically tailored to highlight the most relevant experience for each position. You can apply to multiple jobs in minutes, not hours.

Career Intelligence: Beyond job matching, MisuJob provides valuable career insights. See how your skills compare to market demands, identify skill gaps to address, and understand salary benchmarks for your experience level. Make data-driven decisions about your career path.

Frequently Asked Questions

How do I apply for this position?

Click the "Register to Apply" button above to create a free MisuJob account. Once registered, you can apply with one click and track your application status in your dashboard.

Is MisuJob free for job seekers?

Yes, MisuJob is completely free for job seekers. Create your profile, get matched with jobs, and apply without any cost. We help you find your dream job without any hidden fees.

How does AI matching work?

Our AI analyzes your resume, skills, and experience to understand your professional profile. It then compares this against job requirements using natural language processing to calculate a match percentage. Higher matches mean better fit for the role.

Can I apply to jobs in other countries?

Absolutely. MisuJob features jobs from companies worldwide, including remote positions. Filter by location or look for remote opportunities to find jobs that match your preferences.

Ready to Apply?

Join thousands of job seekers using MisuJob's AI to find and apply to their dream jobs automatically.

Create Free Account Sign In
← Browse all jobs
Register to Apply