IT-Directory Service Lead Ingenieur (m/w/d)

About

In the IT Infrastructure and Operations department, we are looking for an IT Directory Service Lead Engineer (m/f/d) responsible for the administration, security, system integration, and performance of directory services in the Microsoft and M365 environment. This senior position is for experienced identity specialists who think beyond pure AD administration: You will actively shape SEFE's identity architecture, provide technical leadership, mentor junior colleagues, and be the first point of contact for complex IAM questions up to migration concepts.

We are looking for someone who not only operates systems but understands why – and who brings the energy to make our identity landscape future-proof.

Responsibilities

Architecture & Strategy

• You will design and be responsible for architectural decisions in the identity environment in close coordination with Security and Cloud Architecture.
• Conception and implementation of Identity Governance: Lifecycle Management, Access Reviews, PIM/PAM
• Evaluation and introduction of new IAM technologies and tools
• Migration planning and execution (AD consolidations, cloud migrations, tenant moves)

Operations & Security

• Operation and further development of Active Directory (replication, GPOs, schema, delegation, SPNs)
• Administration of Entra ID including Cloud Sync, AD Connect, Conditional Access, Entra ID Protection
• Integration of PAM solutions (One Identity) and ITSM (ServiceNow)
• Ensuring compliance (GDPR, ISO 27001) and implementation of Security Best Practices
• Disaster recovery and emergency concepts for all directory services

Automation & Tooling

• Development and maintenance of automations for identity lifecycle processes (PowerShell, Azure Automation)
• Contribution to IaC initiatives in the identity environment (Terraform, Ansible) in close coordination with the Cloud team

Leadership & Collaboration

• You will take on a technically leading role in the identity environment and act as a sparring partner for architecture and security teams.
• Technical mentoring of the mid-level engineer in the team
• Coordination with security, network, cloud, and application teams
• Stakeholder management: Requirements gathering, solution consulting, escalation point
• Documentation of architectures, operational concepts, and standards

Qualifications

Must-have

• At least 5 years of experience with Microsoft Active Directory (replication, GPOs, schema management, migrations)
• Very good knowledge of Microsoft Entra ID (AD Connect, Cloud Sync, Conditional Access, Privileged Identity Management – PIM)
• Experience with Privileged Access Management (PAM), e.g., One Identity or comparable solutions
• Sound PowerShell skills for automation and administration of AD and identity processes
• Experience in planning and implementing AD or tenant migrations
• Practical experience in Identity Governance and Identity Lifecycle Management
• Fluent German (C1) and proficient English (min. B2)

Nice-to-have

• Knowledge of Entra ID Protection, Microsoft Defender for Identity, and Log Analytics / Microsoft Sentinel
• Experience with ServiceNow, ideally for integrating IAM processes into ITSM workflows
• Experience with Infrastructure as Code (IaC), e.g., Terraform or Ansible in the identity or cloud environment
• Microsoft certifications such as AZ-104, SC-300, AZ-500, or SC-100
• Experience with Microsoft 365 Purview and governance or compliance reporting
• Knowledge of common security standards and governance frameworks (e.g., ISO/IEC 27001, NIST)
• Experience in regulated industries (e.g., energy, finance, or critical infrastructure)
• Experience in technical mentoring, coaching, or technical leadership of teams

About Us

SEFE is an internationally active energy company anchored in Europe, ensuring reliable and affordable supply with its energy solutions. SEFE is active along the entire energy value chain – from procurement and trading to sales, transport, and storage. Thanks to decades of trading experience and the continuous expansion of its LNG offering, SEFE is one of the most important suppliers for industrial customers in Europe with an annual sales volume of more than 200 TWh of gas and electricity. We supply over 50,000 companies, from small businesses to municipal utilities and multinational corporations. Through investments in clean energies, we support our customers in decarbonization and actively contribute to the energy transition. SEFE employs over 2,000 people worldwide and is a company of the Federal Republic of Germany.

Securing energy – now and for the future.

Benefits

We stand for an inclusive environment that promotes diversity and supports and values the development of knowledge and skills. Regardless of position, we offer you great scope for design and a pleasant atmosphere that encourages you to contribute and think innovatively. In addition, there are numerous company benefits, such as:

• Flexible working hours with the possibility of hybrid working
• Attractive remuneration package
• Appealing work environment in a central location
• Team-oriented environment with an open feedback culture
• Company restaurant with healthy and diverse food selection
• Job ticket and bike leasing
• Pension and company sports offers
• Company pension scheme
• 30 days of vacation plus special leave