Entra ID Administrator

At the MBTA, we envision a thriving region enabled by a best-in-class transit system. Our mission is to serve the public by providing safe, reliable, and accessible transportation. MBTA’s Core Values are built around safety, service, equity, sustainability, and culture. Each employee that works for the MBTA performs their roles based on our vision, mission, and values. This includes attendance, participation, and contribution in local safety committee meetings as needed.

Job Summary

The Entra ID Administrator ensures the secure, reliable, and efficient management of identity and access services through the administration of Entra ID (formerly Azure Active Directory) and Microsoft 365 environments. This position plays a critical role in maintaining the organization’s security posture, enabling seamless user collaboration, and supporting IT operations by managing authentication systems, directory services, and cloud-based productivity tools. The individual in this role will serve as a subject matter expert for identity and access management, contributing to both day-to-day operations and strategic initiatives.

Duties & Responsibilities

• Entra ID Configuration: Configure and maintain Entra ID, including user accounts, groups, roles, and policies to ensure secure and efficient access to resources.
• Identity and Access Management: Implement and manage authentication and authorization mechanisms, such as Multi-Factor Authentication (MFA) and Conditional Access, to enhance security.
• Security and Compliance: Monitor Entra ID for security threats and compliance issues and take appropriate actions to mitigate risks.
• Integration: Collaborate with other IT teams to integrate Entra ID with various applications and services, both on-premises and in the cloud.
• Troubleshooting: Investigate and resolve identity and access-related issues promptly, providing excellent support to end-users.
• Documentation: Maintain clear and comprehensive documentation of Entra ID configurations, Microsoft Office 365 architecture, processes, and procedures.
• Upgrades and Patch Management: Stay up to date with Entra ID features and updates, and plan and execute necessary upgrades and patch management activities.
• Microsoft 365 Configuration: Configure and maintain Microsoft 365 services, including Exchange Online, SharePoint Online, Teams, and OneDrive for Business, to ensure seamless communication and collaboration.
• Troubleshooting: Investigate and resolve Microsoft 365-related issues, providing support to end-users and optimizing system performance.
• Provide escalation and support to the Desktop Support Group for Entra ID, M365, and Cloud-related issues.
• Participate in weekend maintenance activities, as required.
• Enforce change management and compliance processes.
• Respond to each inquiry whether from a customer, vendor or co-worker in a courteous and professional manner.
• Perform all other duties and projects that may be assigned.

• No direct reports.

Minimum Requirements & Qualifications

• Bachelor’s Degree in Information Technology, Computer Science, Cybersecurity, or a related field.
• Four (4) years of hands-on experience administering Microsoft Entra ID (formerly Azure AD), including identity lifecycle management, security policies, and integration with cloud and on-premises systems.
• Three (3) years of experience managing and supporting Microsoft 365 services.
• Proven experience implementing and managing Multi-Factor Authentication (MFA), Conditional Access, and other security controls.
• Experience troubleshooting complex identity, access, and authentication issues in a hybrid environment.
• Ability to provide internal and external customers with courteous and professional service.

Substitutions Include

• A High School Diploma or GED with an additional seven (7) years of directly related experience substitutes for the bachelor’s degree requirement.
• An Associate’s Degree from an accredited institution and an additional three (3) years of directly related experience substitutes for the bachelor’s degree requirement.
• A Master’s Degree in a related subject substitutes for two (2) years of general experience.
• A nationally recognized certification, or statewide/professional certification in a related field substitutes for one (1) year of experience.

Preferred Experience and Required Skills

• Experience with migrating on-premises applications to Azure.
• Experience with OnPrem Active Directory including EntraConnect.
• Experience with process/procedure documentation to establish standards.
• Experience with setting up applications for SSO across Entra ID.

Job Conditions:

• Ability to effectively read, comprehend, communicate, and respond to instructions, orders, signs, notices, inquiries, etc. in English.
• Be at least eighteen (18) years of age, except if participating in an approved high school internship / co-op program.
• Ability to commute to assigned work locations in the Boston, MA metro area, as required by the role.
• Ability to provide internal and external customers with courteous and professional experiences.
• Ability to work effectively, independently, and as part of a diverse workforce team (or supervise, if required).
• Ability to uphold the rights and interests of the MBTA while building and maintaining effective relationships with employees and co-workers.
• Ability to adhere to rules, regulations, collective bargaining agreements (if applicable), and policies of the MBTA, including the EEO, anti-discrimination, anti-harassment, and anti-retaliation policies.
• Have a satisfactory work record for the two (2) years immediately prior to the closing date of this posting (unless if current student or recent graduate), including overall employment, job performance, discipline, and safety records (infractions and/or offenses occurring after the closing of the posting and before the filling of a vacancy may preclude a candidate from consideration for selection).
• Ability to pass a Criminal Offender Record Information (CORI) check, comprehensive background screening, and / or medical Clinic screening, potentially including physical examination and drug and alcohol screenings.
• Ability to work all shifts and / or locations assigned, directed, or necessary for this position, including (for some transit / operations roles) up to twenty-four (24) hours per day, seven (7) days per week as necessary to accommodate severe weather conditions, emergencies, or any other circumstances that may potentially impact service or the safety of service.
• Intern / co-op staff must be enrolled full or part-time in an accredited educational program and maintain a cumulative GPA of at least 2.5 for the entire duration of the internship / co-op. Additionally, interns / co-ops must have valid work authorization and U.S. Social Security Number prior to starting pre-employment screenings / pre-boarding, working in their positions, and throughout the duration of their program.

Disclaimers and Definitions:

• General Disclaimer: The statements contained in this job description are intended to describe a summary, general nature, and complexity of typical job functions and do not represent an exhaustive list of all duties, tasks, and responsibilities required of staff assigned to this position.

• Application Completion: It is each applicant’s responsibility to ensure application details are entered completely and correctly, including updated work and education histories (past and current). Incomplete applications may not be considered. Attachments do not substitute for application fields. The recruitment team does not have access to existing employee data / history.

• Application Deadlines: Applicants should apply as soon as possible, as the MBTA may stop considering applicants after a sufficiently large applicant pool is established.

• Work Environment: The physical demands and work environment characteristics described here-in are representative of those an employee may encounter while performing the essential functions of this job. Reasonable accommodations can be made to enable individuals with disabilities to perform essential functions. See job description for role-specific requirements.

• Work Eligibility: All employees must be legally authorized to work in the United States and on an unrestricted basis. The MBTA does not have an employer work sponsorship program. However, if you have unrestricted work authorization, or are sponsored by a separate entity, you are welcome to apply. Further, all persons hired will require a U.S. Social Security Number prior to starting the position and employees will be required to complete a Form I-9 to verify their identity and eligibility to work in the U.S.

• Interviews: Candidates should ensure they arrive on time, are prepared, can remain for the duration, and if remote, are in a quiet place without distraction, for the interview. Candidates who do not attend their interview without advance authorization, including an email confirmation of a rescheduled time/date from Human Resources, will be considered a no-show and disqualified from consideration for the position. Related to rescheduling, on a one-time basis, and due to something emergent, you may be allowed to reschedule the interview. In addition, Human Resources may require documentation supporting the request. However, should you need to reschedule, you will need to contact your Recruiter directly by email.

• Safety Sensitive Positions: Employees working in this classification will be subject to periodic physical examinations plus random drug and alcohol testing.

• On-call or 24/7 Positions: Employees working in this classification must be available to respond to page / text / call and report to work as determined by assigned department or the Authority.

• Essential / Emergency Staff: During declared "states of emergency," employees working in this classification are required to report to work for their assigned work hours or as directed by management.

• ADA Accommodations: The MBTA makes reasonable accommodations for applicants with disabilities. If you require an accommodation during this process, please contact the MBTA's ADA Unit at 617-222-5751 or [email protected].

• Diversity, Equity, and Inclusion: The MBTA is an Equal Employment Opportunity Employer. For terms, descriptions, and definitions related to diversity, equity, inclusion, veteran status, and immediate family members that you may find on the application form, please visit mbta.com/careers-app-definitions.

• Intern / Co-Op Benefits: Employees taking part in an internship or co-op at the MBTA are eligible to receive accrued paid sick leave as well as a monthly transportation pass, based on the city from which the intern / co-op commutes to work, at no cost. However, no additional benefits are currently offered for interns or co-ops.