Afarax is looking for a freelance Entra ID Engineer – Identity & Access Management. We need you!The project:Our client in the Transportation, Logistics, Supply Chain and Storage sector, is seeking an experienced Entra ID Engineer – Identity & Access Management to strengthen their team.Key responsibilities:Identity & Access EngineeringDesign, implement, and optimize Entra ID (Azure AD) for authentication, federation, and access management.Configure and enforce MFA and SSO policies across enterprise applications and platforms.Implement Privileged Access Management (PAM) controls, including Just-in-Time (JIT) and Just-Enough-Access (JEA).Build and maintain role-based access control (RBAC) models and conditional access rules.Automation & Security-as-CodeAutomate IAM provisioning and governance processes using PowerShell, Terraform, or Azure Automation.Develop scripts and workflows for account lifecycle management, entitlement reviews, and access certifications.Integrate IAM services with CI/CD pipelines to enforce secure authentication patterns by default.Governance, Compliance & RiskEnsure IAM services comply with ISO 27001, NIS2, PCI DSS, and DORA regulatory frameworks.Support identity-related audits, access recertifications, and risk assessments.Monitor and analyze authentication telemetry to identify anomalies and strengthen detection.Advisory & Incident SupportAct as a subject-matter expert for identity-related incidents, supporting SOC in detection and response.Advise application and infrastructure teams on secure integration with Entra ID, SAML, OIDC, and OAuth2.Coach business and IT teams on IAM best practices and identity-first security.Is this you?8+ years in IT/security, with at least 5+ years in IAM engineering.Deep expertise in Microsoft Entra ID, MFA, SSO, Conditional Access, and PAM solutions.Hands-on experience with RBAC, SAML, OAuth2, OpenID Connect, and directory synchronization (AD Connect).Strong scripting/automation skills (PowerShell, Terraform, JSON).Experience delivering IAM solutions at scale in regulated industries (finance, logistics, public sector).Certifications:Required (at least 1):Microsoft Certified: Identity and Access Administrator Associate (SC-300)Microsoft Certified: Azure Security Engineer Associate (AZ-500)Preferred:CISSP, CISM, TOGAF, or vendor-specific PAM certifications (CyberArk, BeyondTrust, Thycotic).How afarax supports you?You benefit from our extensive networkYou will have access to projects that fit your expertiseWe help and support you throughout your projectWe offer the possibility to build a valuable and lasting partnershipCheck out more projects on: https://afarax.be/jobs/type/freelance/