Microsoft Identity & Messaging Migration Engineer

Our client is the largest Ukrainian telecommunications operator, providing communications and data services across a broad range of mobile and fixed-line technologies, including 4G. The company's customer base totals over 26 million for mobile and more than 1 mln for broadband internet.

During the migration from a “grey” infrastructure to a fully compliant (“white”) environment through the end of 2026, we require an engineer who will connect corporate systems to new identity and messaging services, configure integrations, troubleshoot authentication, certificate, and mail-flow issues, and ensure all integrations reach stable, production-ready operation.

Requirements:

• Hands-on experience with integrations in a corporate environment (beyond basic user administration).
• Strong troubleshooting skills: ability to quickly identify the problem layer (application / network / identity / PKI), reproduce issues, and collect evidence (logs, traces).
• Solid understanding of protocols: SAML/OIDC, Kerberos/NTLM, LDAP/LDAPS, TLS/PKI, and basic SMTP.
• Proficient in PowerShell (diagnostics collection, configuration validation, report preparation).
• Experience working in migration-driven environments involving multiple systems, cross-functional teams, deadlines, and shifting priorities.

Nice to have:

• Experience with Entra ID (Azure AD) and AAD Connect/Cloud Sync.
• Hands-on experience with Exchange Online/Microsoft 365.
• Knowledge of hardening best practices for AD/ADFS/PKI and familiarity with Zero Trust security principles and approaches.

Responsibilities:

1) Connecting Systems to the “White” Environment

Prepare and support the onboarding of applications and services to:

• AD DS (LDAP/LDAPS, Kerberos/NTLM)
• ADFS (SAML2 / OIDC / WS-Fed, trusts, claims configuration)
• PKI / AD CS (certificates for TLS, mTLS, signing, auto-enrollment)
• Exchange / Hybrid (connectors, routing, relay — where required)

Migrate integrations from “grey” dependencies to compliant (“white”) services, including accounts, groups, endpoints, certificates, DNS, and network routes.

2) Integration Configuration

Configure integration parameters according to established standards:

• Endpoints and metadata
• Token lifetimes
• Cipher suites
• Certificate chain trust
• CRL/AIA configuration
• Validation policies
• -Support multiple integration types:
• Web applications
• APIs
• Windows services
• Linux services
• Coordinate with application, network, and information security teams regarding ports, firewalls, proxies, load balancers, DNS, and time synchronization.

3) Troubleshooting & Issue Analysis (Key Focus)

Diagnose issues related to:

• SSO / authentication (ADFS errors, event logs, tokens/claims, SPN/Kerberos)
• TLS / certificates (certificate chains, EKU, SAN, expiration, revocation/CRL, handshake failures)
• LDAP / LDAPS (bind errors, certificate validation, referral/GC behavior, permissions)
• Mail flow (SMTP errors, connectors, relaying, NDRs — where in scope)
• -Analyze logs and traces using:
• Windows Event Viewer
• ADFS/Admin logs
• Exchange message tracking and protocol logs (as needed)
• Network tracing tools (Wireshark/tcpdump)
• curl / openssl s_client
• Fiddler

Produce a clear Root Cause Analysis (RCA) and actionable recommendations for application teams outlining required changes on their side.

4) Migration Governance & Quality

• Maintain a system registry including connection status, blockers, risks, owners, and timelines.
• Develop reusable integration templates (SAML/OIDC/LDAPS/TLS) and checklists.
• Participate in change windows and cutovers, including rollback planning and execution.

Why this position:

Awesome team, variety of interesting tasks, great experience working with big data.