Microsoft 365 Administrator

Candescent•Atlanta, GA

About The Position

Candescent is a forward-thinking technology company transforming how financial institutions deliver Intelligent Banking experiences. We unite digital banking, account opening, and branch solutions that power and connect digital banking, account opening, and branch solutions—creating seamless engagement across digital, remote, and in-person channels. Our Experience-Led, Intelligence-Driven approach combines human-centered design with data, automation, and cloud-based innovation. Built on an API-first architecture, our extensible ecosystem enables institutions to adapt quickly, integrate easily, and unlock new opportunities for growth—turning every customer interaction into a moment of clarity, confidence, and connection. We are seeking a highly skilled Microsoft 365 Administrator / IAM Engineer to manage and secure our commercial Microsoft 365 environment while owning identity governance and access control across the organization. This role administers the full M365 stack (Exchange Online, Teams, SharePoint/OneDrive, Intune) and leads identity engineering in Microsoft Entra ID, including PIM, Conditional Access, SSO/SAML/OIDC integrations, and SCIM-based provisioning for many SaaS applications. This position also supports our Workday-driven identity lifecycle, ensuring accurate and timely provisioning, access changes, and deprovisioning across the enterprise. The ideal candidate will be an organized, proactive professional capable of managing their workload and prioritizing tasks in a fast-paced start-up style / private equity environment.

Requirements

Bachelor’s Degree, IT/IS or equivalent work experience
5 yrs + of experience with administration of the full M365 stack
Must be legally authorized to work in the U.S. without sponsor ship.

Nice To Haves

Experience in SaaS, or high-growth B2B environment.

Responsibilities

Administer core M365 services: Exchange Online, Teams, SharePoint/OneDrive, M365 Groups, and service settings.
Manage tenant-level governance, service health, feature rollouts, and configuration baselines.
Administer Intune/MEM: device compliance, configuration profiles, app protection policies, conditional access integrations, and device onboarding.
Own administration of Microsoft Entra ID: user identities, security groups, dynamic groups, roles, administrative units, and RBAC structures.
Administer Privileged Identity Management (PIM): Role assignments, approval workflows, justification, and time-bound elevation
Implement and maintain SSO integrations (SAML 2.0, OAuth, OIDC) for ~30 SaaS applications in our portfolio.
Manage Enterprise Applications and App Registrations: Work with application owners to implement secure access models using Entra groups, roles, authentication strengths, and conditional access controls.
Configure and support SCIM-based user provisioning for SaaS platforms (via Entra ID and/or vendor connectors).
Maintain accurate attribute mappings from Workday (authoritative HR source) to Azure AD and downstream apps.
Ensure reliable and compliant joiner/mover/leaver automation
Maintain audit-ready documentation for identity and access flows, SSO configurations, and elevated access.
Support compliance, security, and internal audit requests.
Participate in an after-hours on-call rotation.