Senior IAM Engineer
Company Description
At Enpal, we are pursuing the dream of building the largest renewable community in Europe. How do we make that happen? Enpal finally simplifies providing solar energy: We rent out solar systems, electricity storage, and wall boxes at an all-inclusive rate, supplemented by a favorable green electricity tariff; all intelligently connected to form an integrated overall solution. True to the motto "digital, decentralized, and 100% renewable", our heart beats both for the rapid development of a company and for combating the greatest challenge of our generation - climate change.
Job Description
The Senior IAM Engineer owns and operates Enpal’s workforce Identity & Access Management in Microsoft Entra ID. You ensure secure and scalable access through Conditional Access, a strong admin model, and reliable identity lifecycle (Joiner/Mover/Leaver) processes. You enable least-privilege access via RBAC, PIM/PAM, and recurring access reviews, while supporting secure collaboration and sharing.
Policy Development And Governance
Technical Skills and Experience:
We're offering:
At Enpal, we are pursuing the dream of building the largest renewable community in Europe. How do we make that happen? Enpal finally simplifies providing solar energy: We rent out solar systems, electricity storage, and wall boxes at an all-inclusive rate, supplemented by a favorable green electricity tariff; all intelligently connected to form an integrated overall solution. True to the motto "digital, decentralized, and 100% renewable", our heart beats both for the rapid development of a company and for combating the greatest challenge of our generation - climate change.
Job Description
The Senior IAM Engineer owns and operates Enpal’s workforce Identity & Access Management in Microsoft Entra ID. You ensure secure and scalable access through Conditional Access, a strong admin model, and reliable identity lifecycle (Joiner/Mover/Leaver) processes. You enable least-privilege access via RBAC, PIM/PAM, and recurring access reviews, while supporting secure collaboration and sharing.
Policy Development And Governance
- Define and maintain IAM standards and guardrails for Entra ID (authentication, Conditional Access principles, privileged access, external collaboration).
- Establish and maintain the admin model (role design, separation of duties, privileged role assignment approach) and enforce least privilege through RBAC.
- Own processes for access reviews, exceptions, and evidence for audits related to identity controls.
- Operate and continuously improve Microsoft Entra ID (tenant configuration, role design, groups, identity settings) as the central identity platform.
- Design, implement, and maintain Conditional Access policies (including rollout strategy, exclusions, and safe operations).
- Build and operate Joiner/Mover/Leaver lifecycle processes, ensuring timely provisioning and deprovisioning and reducing manual access handling.
- Own Privileged Access controls:
- Implement and operate PIM/PAM (activation workflows, approval, time-bound access, role eligibility).
- Manage break-glass accounts and emergency access procedures (creation, secure storage, testing cadence).
- Manage and govern identity objects and special cases:
- Guest accounts and external collaboration controls
- Shared mailboxes / mail-enabled objects / Distribution groups
- Service/admin accounts
- Microsoft 365 Groups / Security groups
- Drive operational quality: documentation, runbooks, change planning, and troubleshooting of access/provisioning issues.
- Partner with Corp IT, HR, and app owners to ensure identity data quality and smooth onboarding/offboarding.
- Advise teams on access design: RBAC models, group strategy, and reducing direct user entitlements.
- Coordinate with Security and IT stakeholders to safely deploy IAM changes and minimize business disruption.
- Provide guidance to admins and end users on secure access practices (MFA, Conditional Access behavior, guest collaboration).
- Create and maintain clear internal documentation for access requests, privileged access workflows, and review procedures.
Technical Skills and Experience:
- Strong hands-on experience with Microsoft Entra ID (Azure AD) administration and identity operations.
- Deep practical experience implementing Conditional Access (design, rollout, troubleshooting).
- Experience building and operating Joiner/Mover/Leaver processes and lifecycle automation.
- Strong Experience running access reviews and implementing RBAC (role/group modeling and governance).
- Experience with Privileged Identity Management (PIM) and privileged access patterns (admin model, break-glass).
- Comfortable working with automation and APIs (e.g., PowerShell, Graph API) to scale IAM operations.
- Structured, reliable, and detail-oriented with strong operational ownership.
- Clear communicator who can align stakeholders on guardrails and practical solutions.
- Pragmatic problem-solver with a continuous improvement mindset.
We're offering:
- Work in Germany's first green unicorn and actively shape the solar energy revolution.
- The sun shines all over the world - at Enpal you will find a highly motivated and diverse team with more than 65 different nationalities.
- Would you rather keep your pet company at home or your colleagues at the office? Even after the pandemic, we offer you a hybrid working model
- We fulfill every start-up cliché - in our modern office in Berlin-Friedrichshain or Stuttgart-West, you'll find everything your heart desires, for example a roof terrace and stocked drinks fridges.
- Your kick-start at Enpal - Get to know the company, your team colleagues and our founder Mario on your onboarding day.
- Stay up to date - Whether it's company figures at our monthly all-hands meetings or how a photovoltaic system works at the Lunch & Learn, you'll always know exactly what's going on.
- Energy transition only works together - At Enpal, you can expect a legendary team spirit and unforgettable team events.
- No mistakes, no progress - We live a strong feedback culture and grow with your input, either personally or anonymously via our feedback tool Culture Amp.