Every year, Air France-KLM inspires 85 million passengers by taking them to 250 destinations, thanks to a fleet of more than 500 aircraft. The Group employs 75,000 people all over the world: there are vast opportunities to put your skills to good use, learn and develop!
Our company is an industry leader with a global presence. We place great importance on the security of our systems and the effective management of access to data and applications. That's why we're need Microsoft IAM experts to be part of our dynamic IT IAM team.
It is an human-sized Air France-KLM team in a stimulating and dynamic environment where you will work closely with the other entities
Position of the function in the organization
The function of IT Specialist Engineering is a function within the team ITDS EM Management- and Security tooling (M&ST). M&ST reports directly to the Director End-User Engineering within Distributed Services (EUE). You will report directly to the Manager M&ST.
End-User Engineering is part of Distributed Services within IS.
M&ST team is in charge to put in place and maintain solutions to manage remotely and secure devices provided by AF KL IT to businesses (using solutions as SCCM, Workspace One, McAfee ENS, Active Directory, Azure AD, etc.). This team is a combined AF/KL team with specialists located in Schiphol-Rijk (Point of View) and Paris (Astrolab).
The proposed position is an expert position on Active Directory (AD) and Azure Active Directory (AAD) solutions; these solutions managed identities, devices and access in Microsoft scope for company users. These directories are high critical environments because all strategies regarding access to Microsoft apps, workstations and accesses are centralized.
- Inventory on groups, roles, and who can access what on ADs and AAD.
- Discussion with the various IT teams to understand their needs and usages in in order to have functional roles definition, related AD associated rights for each of these roles.
- For each of these roles, owners will be identified and through delegation model, they will be responsible to manage associated users.
- Implement least privilege model. And just in time approach when possible.
- Update the list of privileged Groups and Technical Accounts for Domain Controllers.
- Finalize Access criteria and access descriptions
Core activities as IT Specialist Engineering
We are looking for a Microsoft Identity and Access Management (IAM). As a Microsoft IAM expert, you will play a crucial role in:
- Designing, implementing and managing IAM solutions based on Active Directory and Azure Active Directory to meet enterprise security needs;
- Ensure the Global architecture is always state of the art and answering our future needs;
- Authentication and authorization policy management, including privilege and role management;
- Collaborating with other technical teams to embed IAM across our IT infrastructure;
- Management of technical and functional developments;
- AD and AAD lifecycle management;
- Project support;
- Securing AD/AAD with the implementation;
- Engineering Monitoring tools;
- Collaboration with our SOC to ensure constant monitoring of IAM environments to quickly detect and respond to threats and vulnerabilities;
- “Tiering” type architectures;
- Participate in the definition of technical and functional roadmaps of AD / AAD;
- Implement technical solutions to meet ever-changing business needs;
- Lead innovative technical projects such as the implementation of hybrid AD / AAD management;
- Strengthen the security of AD/AAD with ambitious projects such as the implementation of Tiering in AD or the segmentation of rights in AAD;
- Provide training and support to level 1 and 2 administration teams.
You will rely on solid technical skills
- Active Directory environments with significant experience on highly decentralized multi-forest AD;
- Azure AD with management in hybrid mode;
- Securing these environments;
- In PowerShell scripting to automate tasks in AD/AAD.
Good knowledge of third-party tools/solutions related, such as:
- AD management tools such as Quests (Active Role Server) tools;
- Any tools related to improve role modeling, role mining;
- Privileged Access Management solutions;
- AD/AAD monitoring tools: Windows Defender for Identity, etc.;
- The ability to manage cross-functional technical projects would be a plus.
Domains that need a very good level [MUST HAVE]
- You like working in a network, you have a keen sense of communication, you are comfortable exchanging both written and oral in English in any situation: so many indisputable assets for effective collaboration both internally and externally with many external partners, in France and in the Netherlands, but also all over the world within a constantly evolving network;
- Your particular appetite for information technologies, innovation, a great rigor of analysis, pugnacity in the search for solutions as well as a constant curiosity allow you both to react effectively in the moment, and to imagine the attacks of tomorrow. In a operational context, you resist stress very well and find it an additional source of motivation.
Tooling and Software around Windows world that should be known [NICE TO HAVE]
KNOWLEDGE, TRAINING, EXPERIENCE:
- You have a professional or academic educational background and experience in IT;
- Knowledge of the English language (speak & understand fluently and write);
- Knowledge of operational processes (ITIL);
- Knowledge of modern IT engineering methods, techniques, instruments;
- Knowledge of market developments in the field;
- Knowledge of work processes within the own domain;
- Experience with working in a project context;
- At least 5 years of experience in IT;
- Working for at least a few years in a complex ICT environment;
- If you are able to understand and speak French that is a pro.
- Travel to France (CDG / Paray)
Om de betrouwbaarheid en integriteit van kandidaten te toetsen is screening onderdeel van de sollicitatieprocedure. Voor vragen over de screeningprocedure kunt u contact opnemen met de vermelde contactpersoon bij de betreffende vacature of interim opdracht.