Identity & Access Security Engineer (Azure AD)

BERTRAND AGBOR BESONG

Location: Dallas, TX Email: *************@*****.*** Phone: +1-469-***-****

PROFESSIONAL SUMMARY:

IAM Security Engineer with 5–6 years of experience designing and securing enterprise identity solutions using Microsoft Entra ID (formerly Azure Active Directory). Expertise in Conditional Access, Privileged Identity Management (PIM), SSO (SAML/OIDC), RBAC, and strong authentication methods including MFA and passwordless. Skilled in identity governance, access lifecycle management, and securing hybrid environments across Entra ID and on-prem Active Directory. Active Secret Security Clearance.

EDUCATION:

Bachelor of Science in Computer Science

University of Texas at Dallas – Erik Jonsson School of Engineering and Computer Science

AWS Certified Solutions Architect – Associate

October 2025

Active Secret Security Clearance

Issued 2023

SKILLS:

Identity & Access Management

•Microsoft Entra ID (Azure AD)

•Conditional Access & Multi-Factor Authentication (MFA)

•Privileged Identity Management (PIM)

•Identity Governance & Access Reviews

•Identity Lifecycle Management (ILM)

•SSO (SAML, OAuth 2.0, OpenID Connect)

•Azure AD Connect (Hybrid Identity)

•Identity Protection (Risk-Based Policies)

•Passwordless Authentication (FIDO2, Microsoft Authenticator)

•Enterprise Applications & App Registrations

•SCIM Provisioning & Automated User Provisioning

•Administrative Units & Delegated Administration

Automation & Scripting

•PowerShell (AzureAD / Microsoft Graph)

•Microsoft Graph API Integration

•Azure CLI & Automation

•Terraform (Azure provider)

•ARM Templates

Security & Compliance

•Least Privilege Access & RBAC

•Access Governance & Compliance

•Azure Policy

•Microsoft Defender for Cloud

•Microsoft Sentinel (SIEM)

•Log Analytics & Identity Monitoring

•Zero Trust Architecture

•Authentication Methods Policy & Security Defaults

•Audit Logging & Sign-In Risk Analysis

•Access Reviews & Entitlement Management

EXPERIENCE:

AON -CHICAGO AZURE IAM SECURITY ENGINEER MARCH 2022 – JAN 2026

•Designed and implemented Azure RBAC models across multiple subscriptions and resource groups following leastprivilege principles.

•Configured and enforced Conditional Access policies (MFA, device compliance, location-based access restrictions).

•Implemented Privileged Identity Management (PIM) for just-in-time administrative access.

•Managed Microsoft Entra ID (Azure AD) users, groups, and enterprise applications.

•Configured Service Principals and Managed Identities for secure application authentication.

•Integrated Azure AD Connect for hybrid identity synchronization with on-prem Active Directory.

•Implemented Azure Key Vault for secure storage of secrets, certificates, and encryption keys.

•Enabled Azure Policy to restrict unauthorized role assignments and enforce governance standards.

•Monitored identity events using Azure Monitor, Log Analytics, and Microsoft Sentinel.

•Conducted periodic access reviews to remove stale or excessive privileged accounts.

•Automated IAM provisioning using PowerShell, Azure CLI, and Terraform.

•Supported Zero Trust initiatives by reducing standing admin access and enforcing continuous verification controls.

•Implemented SSO integrations for SaaS applications (e.g., Microsoft 365, Salesforce) using SAML/OIDC, improving user access efficiency

•Enforced MFA, Conditional Access, and risk-based policies, reducing unauthorized login attempts and strengthening Zero Trust posture

•• Implemented passwordless authentication methods (Microsoft Authenticator, FIDO2) to enhance security and user experience

•Optimized Entra ID licensing and group-based access assignments to improve cost efficiency and governance

•Implemented break-glass account procedures with monitoring and alerting controls.

•Configured Administrative Units to delegate scoped administrative control.

•Integrated Azure AD with third-party SaaS applications using SAML and OIDC federation.

•Enforced device-based Conditional Access using Intune compliance policies.

•Implemented sign-in risk policies leveraging Azure AD Identity Protection.

•Designed group-based access control using dynamic group membership rules.

•Hardened tenant security settings including security defaults and authentication methods policy.

•Configured custom Azure AD roles to reduce reliance on Global Administrator privileges.

•Integrated Azure AD audit logs with SIEM for centralized identity threat visibility.

•Assisted in implementing SCIM-based automated user provisioning for enterprise apps.

•Conducted privilege escalation risk assessments and remediated high-risk role assignments.

•Implemented access packages and entitlement management for controlled resource access.

•Administered and maintained Microsoft Entra ID (Azure AD) objects including users, groups, roles, and enterprise applications.

•Designed and managed Conditional Access policies based on user, device, location, and risk signals to enforce Zero Trust principles.

• Supported enterprise MFA initiatives, including deployment of phishing-resistant authentication methods.

•Implemented Single Sign-On (SSO) integrations using SAML, OAuth 2.0, and OpenID Connect across enterprise applications.

•Developed PowerShell automation scripts for user provisioning, access reviews, reporting, and policy enforcement.

•Managed identity lifecycle processes including onboarding, role changes, and offboarding.

•Integrated identity automation using Microsoft Graph APIs and scripting to improve operational efficiency.

• Monitored sign-in and authentication activity to identify anomalies, compliance gaps, and troubleshoot access issues.

•Supported hybrid identity synchronization using Azure AD Connect in cloud and on-prem environments.

•Enforced least-privilege access through role design, access reviews, and continuous validation.

•Maintained documentation to support audit readiness, compliance requirements, and security reviews.

WEHCO Media-Little Rock AR Cloud Security Engineer JULY 2020 – FEB 2022

•Assisted in provisioning and managing Azure AD users, groups, and RBAC role assignments.

•Implemented subscription-level and resource-level access controls for development teams.

•Enforced MFA and identity protection policies for privileged users.

•Configured Azure Key Vault access policies for secure secrets management.

•Managed Service Principals supporting CI/CD pipeline authentication.

•Supported hybrid identity authentication troubleshooting with Azure AD Connect.

•Monitored Azure AD sign-in logs and investigated anomalous login behavior.

•Assisted in implementing Conditional Access baselines aligned with security standards.

•Automated identity configuration tasks using ARM templates and PowerShell.

•Participated in identity-related incident response and access remediation efforts.

•Supported compliance audits by generating identity access and role assignment reports.

•Contributed to access recertification efforts to reduce excessive permissions.

•Assisted in implementing group-based licensing in Microsoft Entra ID.

•Supported migration from legacy authentication methods to modern authentication protocols.

•Monitored failed login attempts and account lockout patterns for anomaly detection.

•Assisted in enforcing password protection policies and banned password lists.

•Supported periodic credential hygiene reviews and stale account cleanup.

•Configured role assignment alerts for high-privilege role changes.

•Assisted in implementing resource locks to prevent accidental privilege modifications.

•Documented identity access workflows for onboarding and role change processes.

•Supported remediation of exposed secrets by migrating to Azure Key Vault storage.

•Assisted in validating least-privilege access during new application onboarding.

•Monitored token expiration and service principal credential lifecycle.

•Participated in tabletop exercises simulating identity-based security incidents.

Contact this candidate