Job Description
Senior Identity & Directory Services Engineer

IN SHORT

In the IT Infrastructure and Operations department, we are looking for an IT Directory Service Lead Engineer (m/f/d) – responsible for administration, security, system integration and performance of directory services in the Microsoft and M365 environment. This senior position is for experienced identity specialists who think beyond pure AD administration: You will actively shape the identity architecture at SEFE, provide technical leadership, mentor junior colleagues and be the first point of contact for complex IAM issues, including migration concepts.
We are looking for someone who not only operates systems, but understands why – and who has the energy to make our identity landscape future-proof.

 

WHAT WILL YOU DO

Architecture & Strategy

  • You will design and be responsible for architecture decisions in the identity environment in close coordination with security and cloud architecture.
  • Design and implementation of identity governance: lifecycle management, access reviews, PIM/PAM
  • Evaluation and introduction of new IAM technologies and tools
  • Migration planning and implementation (AD consolidations, cloud migrations, tenant moves)

 

Operation & Security

  • Operation and further development of Active Directory (replication, GPOs, schema, delegation, SPNs)
  • Administration of Entra ID including Cloud Sync, AD Connect, Conditional Access, Entra ID Protection
  • Integration of PAM solutions (One Identity) and ITSM (ServiceNow)
  • Ensuring compliance (GDPR, ISO 27001) and implementation of security best practices
  • Disaster recovery and emergency concepts for all directory services

 

Automation & Tooling

  • Development and maintenance of automations for identity lifecycle processes (PowerShell, Azure Automation)
  • Collaboration on IaC initiatives in the identity environment (Terraform, Ansible) in close coordination with the cloud team

 

Leadership & Collaboration

  • You will take on a technical leadership role in the identity environment and act as a sparring partner for architecture and security teams.
  • Technical mentoring of mid-level engineers in the team
  • Coordination with security, network, cloud and application teams
  • Stakeholder management: requirements gathering, solution consulting, escalation point of contact
  • Documentation of architectures, operating concepts and standards

 

WHAT WILL YOU BRING

Must-have

  • At least 5 years of experience with Microsoft Active Directory (replication, GPOs, schema management, migrations)
  • Very good knowledge of Microsoft Entra ID (AD Connect, Cloud Sync, Conditional Access, Privileged Identity Management – PIM)
  • Experience with Privileged Access Management (PAM), e.g. One Identity or comparable solutions
  • In-depth knowledge of PowerShell for the automation and administration of AD and identity processes
  • Experience in planning and implementing AD or tenant migrations
  • Practical experience in identity governance and identity lifecycle management
  • Fluent German (C1) and confident English (at least B2)

 

Nice-to-have

  • Knowledge of Entra ID Protection, Microsoft Defender for Identity, and Log Analytics/Microsoft Sentinel
  • Experience with ServiceNow, ideally for integrating IAM processes into ITSM workflows
  • Experience with Infrastructure as Code (IaC), e.g. Terraform or Ansible in an identity or cloud environment
  • Microsoft certifications such as AZ-104, SC-300, AZ-500 or SC-100
  • Experience with Microsoft 365 Purview and governance/compliance reporting
  • Knowledge of common security standards and governance frameworks (e.g. ISO/IEC 27001, NIST)
  • Experience in regulated industries (e.g. energy, finance or KRITIS)
  • Experience in technical mentoring, coaching or professional leadership of teams

ABOUT US

SEFE is an international energy company anchored in Europe, delivering energy solutions that ensure reliable and affordable supply. Our activities span the entire energy value chain – from origination and trading to sales, transport and storage. With decades of trading expertise and a growing LNG portfolio, SEFE is one of Europe’s leading suppliers to industrial customers, providing more than 200 TWh of gas and power each year. We supply over 50,000 clients, from small businesses to municipalities and multinational organisations. By investing in clean energies, we support our customers on their decarbonisation journey and contribute to the energy transition. SEFE employs over 2,000 people worldwide and is owned by the Federal Government of Germany.

Our international teams work across locations in Europe, Asia, and North America. We’re passionate about energy and the important role it can play in shaping a better future.  

 

Securing energy – now and for the future.

OUR BENEFITS

We stand for an inclusive environment that promotes diversity and supports and values the development of knowledge and skills. Regardless of your position, we offer you plenty of creative freedom and a pleasant atmosphere that encourages you to get involved and think outside the box. In addition, there are numerous company benefits, such as:

  • Flexible working hours with the option of hybrid working.
  • Attractive remuneration package.
  • Appealing working environment in a central location.
  • Team-oriented environment with an open feedback culture.
  • Company restaurant with a healthy and varied selection of food.
  • Job ticket and bike leasing.
  • Pension and company sports programmes.
  • Company pension scheme.
  • 30 days of holiday plus special leave.

#LI-KP1
Information at a Glance
Apply now
Job Title:  Senior Identity & Directory Services Engineer
Job Country:  Germany
Job Location:  Berlin, Germany | Kassel, Germany
Posting Start Date:  12/01/2026
Business Function:  Information Technology
Contract Type:  Permanent