Identity Fabric Principle for IAM Services (long-term mission, Warsaw) – Frontex
Join Frontex in Warsaw as Identity Fabric Principal for IAM Services: a long-term, hybrid role shaping modern authentication, governance, and EU security.
Identity Fabric Principle for IAM Services (long-term mission, Warsaw) – Frontex
Profile: IAM Engineer – Advanced Level.
Place of performance: Frontex Headquarters in Warsaw. 13% onsite + 87% remote. Candidates must be based within two hours of Warsaw.
Duration of the mission: 48 months.
Security Clearance: Confidential / EU Confidential.
Deadline for profile submissions: 04/06/2026.
Minimum level of education: Level 6.
Minimum English language skills: B2.
Minimum IT relevant experience: 10 years (8 years in relevant IAM roles).
Award Criteria: 50% Price / 50% Quality.
Minimum required scoring for interview: 70%.
Rate: The rate offered depends on the candidate’s level, in accordance with the Frontex’s public grading system. Further details are available upon discusión.
Both (NWH) and (EWH) would need to be taken into account, as per the estimations below:
· Expected NWH: 220 days x 4 years.
· Expected EWH: 20 days x 4 years.
Required certificates: No specific certifications required.
Knowledge and Skills
· Modern authentication standards: solid understanding of OAuth 2.0, OpenID Connect, and SAML, including typical enterprise use cases (applications, APIs, federation).
· Token & session security: knowledge of token/session lifecycles (issuance, validation, lifetimes, refresh tokens), plus common risks and mitigations.
· API permissions & consent: understanding and practical application of scopes vs roles, delegated vs application permissions, and admin/incremental consent models.
· Entra External ID patterns: practical knowledge of CIAM/B2B/B2C onboarding patterns and UX vs security trade-offs.
· Hybrid identity foundations (AD DS): solid understanding of domains/forests, trusts, OU/GPO, delegation, and how AD DS impacts hybrid identity.
· SailPoint IGA exposure: practical experience with SailPoint IdentityIQ and/or IdentityNow concepts, delivery model, and outcomes.
· Provisioning & lifecycle integrations: experience with SCIM, authoritative sources, reconciliation, and JIT vs managed provisioning trade-offs.
· GDPR/EUDPR + AI readiness: ability to apply privacy-by-design in IAM (minimisation, purpose, retention, token/claim hygiene, auditability) and extend governance to AI/agent access where required.
Specific Requirements
· Microsoft-first delivery: primary focus on Entra ID / Entra External ID with consistent integration patterns for enterprise applications and APIs.
· Hybrid environment readiness: ability to operate with AD DS/AD FS dependencies and modernize pragmatically without disrupting services.
· Automation-by-default: preference for repeatable delivery via PowerShell and controlled processes (CI/CD and/or ITSM where applicable).
· Compliance-oriented design: ability to design/operate IAM controls aligned with GDPR/EUDPR and internal audit expectations (traceability and evidence).
· IGA alignment: capability to deliver governance outcomes with SailPoint and align them with Microsoft identity patterns.
· Future-proofing: readiness to cover AI/agent identities and access controls using least privilege and clear governance.
Typical Tasks and Responsibilities
· Define and maintain modern authentication and federation standards for applications and APIs (OAuth2, OIDC, SAML), including reference architectures and enterprise integration patterns.
· Support implementation and troubleshooting of authentication flows (Auth Code + PKCE, Device Code, Client Credentials, OBO), including production incidents and edge cases.
· Design and govern secure identity models, including claims/attributes strategy, API permission models (scopes vs roles, delegated vs application permissions), and consent governance.
· Configure, operate, and troubleshoot federation and identity integrations (IdP/SP), including metadata management, SSO issues, and AD FS operations with migration support to cloud-native approaches.
· Design and implement secure access controls, including Conditional Access, MFA, risk-based access, step-up authentication, and Identity Protection policies with safe rollout practices.
· Deliver and operate Microsoft Entra ID environments, including tenant configuration, enterprise applications, app registrations, service principals, managed identities, and governance improvements.
· Design and implement identity governance and lifecycle management processes, including Entra ID Governance (access packages, access reviews, entitlement management) and end-to-end IGA processes (JML, SoD, certifications).
· Design and implement provisioning and lifecycle integration models (SCIM, authoritative sources, reconciliation, JIT vs managed provisioning) and ensure clean identity lifecycle management.
· Provide hybrid identity support and modernization guidance involving AD DS and AD FS, ensuring sustainable architecture and minimal service disruption.
· Ensure automation, compliance, and scalability through PowerShell-based identity operations, GDPR/EUDPR-aligned IAM design, and integration with SailPoint IGA and governance frameworks (including AI/agent identity considerations).
Travel: By default, travelling in the interest of service is not foreseen for this position/profile.
· Nevertheless, Frontex may exceptionally request to carry out some services at other locations than Frontex Headquarters or other Contracting Authority’s premises.
- Departamento
- IT
- Puesto
- CONSULTOR/A
- Ubicaciones
- Warsaw
- Estado remoto
- Híbrido
¿Qué ofrecemos?
-
Horarios
TheWhiteam ofrece horarios flexibles. Esto se debe a que buscamos cumplir objetivos, no llegar a una cantidad de horas.
-
Tecnologias
Las tecnologías más punteras, para estar actualizados a los cambios del momento.
-
Modalidad de Trabajo
Dada la situación TheWhiteam da la posibilidad de una modalidad de trabajo presencial, teletrabajo o mixta.
-
Ubicaciones
TheWhiteam da la posibilidad de trabajar en ubicaciones situadas por todo el mundo.
Lugar de trabajo
Formar parte de THEWHITEAM es colaborar con una empresa formada por profesionales con una dilatada experiencia en consultoría tecnológica.
Creemos firmemente que las empresas y clientes marcan el camino a seguir en el sector, pero éste lo construyen las personas. Consideramos de vital importancia que nuestra organización se fundamente en nuestro mejor activo y marca de valor añadido que es nuestro equipo humano.
Acerca de The White Team
Fundada en 2012 por consultores experimentados The Whiteam nace como consultora tecnológica de calidad con una misión clara; ayudar a las compañías de todo el mundo a optimizar su rentabilidad empresarial a través de un uso eficiente de las tecnologías de la información.