Senior Technology Specialist Chapter Lead Directory Services
- Kraków, małopolskie
- Stała
- Pełny etat
- supporting strategic roadmap development for directory services platforms, working with senior leadership to align technical solutions with business objectives and HEINEKEN's digital transformation goals
- collaborating in cross-functional teams with Product Owners, Tribe Architects, and business stakeholders to translate requirements into scalable technical solutions
- assisting in evaluating and implementing emerging technologies in Directory Services
- developing advanced automation solutions using PowerShell, Graph API and other scripting languages to optimize operational efficiency
- being responsible for Tier 0 assets
- designing hybrid directory solutions connecting on-premises Active Directory with cloud environments
- implementing enterprise-grade security frameworks including Conditional Access policies, Multi-Factor Authentication (MFA), and Privileged Identity Management (PIM)
- supporting Single Sign-On & Application Integration initiatives, including Entra Application Proxy, Service Principals, and application registrations for global applications
- reducing security risks through proactive governance
- collaborating with security, infrastructure, and application teams.
- Bachelor's degree in computer science, engineering, or related field (or equivalent experience)
- 8+ years' experience in a similar role within an international environment or FMCG industry
- expertise in one or multiple technologies:
- Microsoft Active Directory (AD)
- Microsoft Entra ID (Azure AD)
- Active Directory Domain Services (AD DS)
- Azure AD Connect
- Microsoft Entra External ID
- Microsoft Entra ID Governance
- Microsoft Entra Workload ID
- Privileged Access Management (PIM)
- Conditional Access policies
- Multi-Factor Authentication (MFA)
- Zero Trust security frameworks
- Administrative Units (AUs)
- Role-based access control (RBAC)
- Single Sign-On (SSO)
- Microsoft Entra Application Proxy
- Service Principals
- Application registrations
- SAML (Security Assertion Markup Language)
- OAuth 2.0
- OpenID Connect
- Kerberos
- LDAP (Lightweight Directory Access Protocol)
- SCIM (System for Cross-domain Identity Management)
- Public Key Infrastructure (PKI)
- Certificate Authorities (CA)
- Certificate Lifecycle Management
- Microsoft PKI infrastructure
- Certificate-based authentication
- Certificate auto-enrollment and renewal
- DNS - Network Policy Service (NPS)
- API integration and management
- excellent written and verbal English
- strong communication skills for both technical and non-technical audiences.
- experience working in a deadline-driven environment with rapid release cycles
- preferably experienced in Agile environments
- familiarity with ITIL, SCRUM, and DevOps - certifications or training are beneficial.
We offer: