Identity Fabric Principal

At Quento, the ICT arm of the Qualco Group, we deliver comprehensive and innovative solutions across AI, Digital Engineering, Cloud, and Cybersecurity, helping businesses accelerate digital transformation. With a presence in Greece, Luxembourg, and Belgium, and backed by the expertise of the Qualco Group, we combine deep technical knowledge with strategic partnerships to support business growth.

At Quento Technologies S.A., we empower our people to innovate and lead in delivering transformative ICT solutions to our clients worldwide. Quento Technologies seeks a highly motivated and experienced Identity Fabric Principal.

Responsibilities:

• Support project teams in implementing and troubleshooting auth flows (Auth Code + PKCE, Device Code, Client Credentials, OBO), including edge cases and production incidents;
• Review and harden token/session configurations (lifetimes, refresh behaviour, session controls) and advise on mitigations for common auth threats (replay, token theft);
• Design and standardize claims/attributes strategy (least-privilege claims, normalization across IdPs, group/role overage handling) for scalable integrations;
• Define API access models and permission strategy (scopes vs roles, delegated vs app permissions) and govern consent patterns (admin/incremental) for least privilege and auditability;
• Configure and operate federation integrations (IdP/SP), including metadata management, planned rollovers, and resolving common SSO issues;
• Design risk-based access controls and step-up patterns aligned to application sensitivity, using Conditional Access and appropriate MFA/authentication strength;
• Deliver Entra ID tenant-level configurations and operational posture improvements (baseline configuration, governance touchpoints, operational practices);
• Design and guide external identity onboarding patterns (Entra External ID CIAM/B2B/B2C), balancing UX, security controls, and supportability;
• Build, tune and safely roll out Conditional Access / Identity Protection policies (exclusions, break-glass, staged deployment, monitoring and rollback approach);
• Implement and operate Entra ID Governance capabilities (access packages, entitlement management, access reviews, lifecycle workflows) in alignment with delivery timelines;
• Provide application onboarding and integration support (Enterprise Apps, App Registrations, service principals, managed identities), including troubleshooting and configuration reviews;
• Support hybrid identity dependencies involving AD DS (directory design impacts, group structures, delegation models) and advise on sustainable hybrid patterns;
• Operate and troubleshoot AD FS where still required, and contribute to modernization roadmaps toward cloud-native federation patterns;
• Develop and maintain PowerShell automation for identity operations (Graph PowerShell and relevant modules): reporting, bulk changes, baseline checks, and repeatable tasks with robust logging;
• Provide scripted operational support for AD DS/AD FS (user/group lifecycle tasks, reporting, troubleshooting accelerators) within governance and access boundaries;
• Participate in SailPoint-based IGA delivery (IdentityIQ/IdentityNow): requirements translation, design validation, and alignment of governance outcomes with Microsoft identity patterns;
• Implement IGA processes end-to-end (JML, access requests/approvals, certifications/reviews, SoD, role/entitlement modeling) and integrate with delivery/operations;
• Design and improve provisioning and lifecycle integrations (SCIM, authoritative sources, reconciliation, JIT vs managed provisioning), ensuring clean offboarding and access hygiene;
• Embed GDPR/EUDPR requirements into IAM delivery (minimization, purpose, retention, auditability, token/claim hygiene) and extend governance to AI/agent access where applicable;
• Ensuring that all activities and duties are carried out in full compliance with regulatory requirements and supporting the continued implementation of the Group Anti-Bribery and Corruption Policy.