Identity Engineer (Windows Hello for Business)

The IAM Solution Architect – Passwordless & WHfB will lead the design and implementation of modern authentication solutions across the enterprise. This role focuses on assessing the current identity landscape, architecting Windows Hello for Business and passwordless strategies, integrating with Microsoft Entra ID and Intune, and guiding large‑scale rollout and operational readiness. The architect will ensure security, compliance, and user experience are optimized while providing clear documentation, technical leadership, and cross-team enablement.

• Assess current identity and authentication posture (password policies, MFA, PKI, hybrid join, device management).
• Recommend the appropriate Windows Hello for Business (WHfB) trust model (Cloud Kerberos, Hybrid Key, Hybrid Certificate) and define migration paths.
• Design integrations with Microsoft Entra ID, Active Directory, Intune, Conditional Access, Identity Protection, and Defender for Endpoint.
• Define device provisioning and compliance requirements (Autopilot, VDI, TPM, HSTI) and establish backup/recovery strategies.

• Configure WHfB policies (Intune/GPO), Authentication Methods, and Conditional Access for passwordless authentication.
• Implement or integrate PKI components, certificate templates, CRLs/AIA, and support smart card migration/ADFS deprecation where needed.
• Run pilots, evaluate results, and manage phased rollouts across regions and device types.
• Validate SSO/Kerberos flows to on‑prem resources and establish monitoring via Entra logs, Intune reporting, and Log Analytics.

• Build runbooks, break‑glass steps, and tiered support workflows.
• Diagnose WHfB issues (TPM/attestation, PIN reset, dsregcmd, trust model anomalies).
• Optimize user experience, authentication performance, and fallback MFA posture.

• Align solutions with NIST 800‑63/800‑53, ISO 27001, and phishing‑resistant authentication best practices.
• Ensure IAM policies meet governance, audit, and risk‑mitigation requirements.

• Produce HLD/LLD documentation, migration plans, test/UAT guides, and support FAQs.
• Deliver training and communication materials for admins, helpdesk teams, and end users.

Why Simeio?: Simeio is a global managed services provider offering Identity and Access Management solutions delivered as a service and interoperable with leading IAM tools. With 700+ employees worldwide, Simeio secures over 160 million identities globally for large enterprises and government entities.

Services and solutions from Simeio include Customer Identity & Access Management, Privileged Access Management, Identity Proofing, Access Management & Federation, Identity Governance & Administration, Application Onboarding, and Simeio Identity Orchestrator. The company has been recognized for its business and technical leadership and highly rated by Gartner, Forrester, and KuppingerCole, and was ranked by Great Places to Work®. For more information visit simeio.com