Create Alert
Apply now »

AVP/VP, Entra ID & Identity Security Engineer, Technology Group

Location: 

Singapore, SG

Job Function:  Technology Group
Job Type:  Permanent
Req ID:  17256

GIC is one of the world’s largest sovereign wealth funds. With over 2,000 employees across 11 locations around the world, we invest in more than 40 countries globally across asset classes and businesses. Working at GIC gives you exposure to an extraordinary network of the world’s industry leaders. As a leading global long-term investor, we Work at the Point of Impact for Singapore’s financial future, and the communities we invest in worldwide.

 

Technology Group
The Technology Group (TG) is a key enabler to keep our business moving forward and is constantly exploiting state-of-the-art information technologies to enhance GIC’s ability to be the leading global long-term investment firm. We aim to provide users with empowering and transformational capabilities, and to create an inclusive, innovative and integrated work environment.

 

Infrastructure & Cybersecurity Resilience (ICR)
We design, build, and secure the technology foundations that power GIC’s global investment operations. We aim to deliver resilient, scalable, and secure infrastructure that empowers our people and businesses to perform securely, efficiently, and effectively.

 

What impact can you make in this role?

We are seeking an experienced Entra ID & Identity Security Engineer to lead the security, hardening, and automation of our cloud-first identity platform. This role is centred on Entra ID (Azure AD) — Conditional Access, Identity Protection, Privileged Identity Management (PIM), app and workload identities, and tenant-wide security posture — with on-premises Active Directory addressed in the context of a secure hybrid identity estate.

 

 

What will you do as an Entra ID & Identity Security Engineer? 

Entra ID & Cloud Identity Security (primary focus)

  • Design, secure, and operate the Entra ID tenant as the core of the enterprise identity platform — ensuring resilience, integrity, and threat resistance.

  • Engineer and continuously harden Conditional Access policies, Identity Protection, and risk-based controls aligned to Zero Trust principles.

  • Implement and govern Privileged Identity Management (PIM), administrative units, and least-privilege delegation across the tenant.

  • Secure app registrations, enterprise applications, service principals, managed identities, and workload identities, including consent governance and secret/credential hygiene.

  • Conduct threat modelling and exposure assessments for Entra ID to identify and mitigate identity attack paths (e.g., token theft/replay, consent phishing, illicit grants, privilege escalation).

  • Design Entra ID tenant recovery and identity incident-response automation to improve recovery time objectives (RTO) and operational readiness.

 

Hybrid & Active Directory (secondary / hybrid context)

  • Secure the AD↔Entra ID hybrid surface — synchronization, federation, and Tier 0 protection — to prevent lateral movement between on-prem and cloud.

  • Apply baseline hardening to AD forests, domains, trusts, OU delegation, and GPOs where they impact the hybrid identity security posture.

  • Support AD Forest recovery readiness as part of the broader hybrid resilience plan.

 

Agentic AI & LLM-Driven Engineering

  • Apply Agentic AI and LLMs as core engineering tools to accelerate identity security engineering — code generation, configuration analysis, remediation drafting, and investigation support.

  • Design, orchestrate, and operate AI/AIOps agents (single and multi-agent) for identity hygiene, posture analysis, anomaly triage, and automated remediation workflows.

  • Build agent-ready interfaces and context so AI agents can reliably and safely act against identity systems, with appropriate guardrails, evaluation, and human-in-the-loop controls.

  • Champion responsible, secure use of LLMs (prompt/secret hygiene, data handling, validation of AI output) within the identity engineering team.

 

DevOps & Platform / API Engineering

  • Develop in a DevOps model using Git and GitHub, with automated CI/CD via GitHub Actions for testing, validation, and safe deployment of identity controls and automation.

  • Design and engineer API-based frameworks that provide an abstraction-as-a-service layer over identity capabilities (e.g., Microsoft Graph), giving consumers and agents clean, governed, reusable interfaces.

  • Build automation frameworks (PowerShell, Python, Graph API) to audit and report configurations, enforce baseline hardening, and automate remediation, monitoring, and hygiene tasks.

  • Apply infrastructure-as-code / policy-as-code practices to make identity configuration versioned, reviewable, and auditable.

 

Documentation-as-Code & Machine-Readable Repository

  • Model and maintain a repository in which code and documentation-as-code form a single conceptual model — versioned, reviewed, and treated as a source of truth.

  • Ensure the repository is machine-readable so that AI agents (not only humans) can parse, reason over, and act on the documented model and controls.

  • Maintain baselines, runbooks, recovery guides, and assessment reports as living, code-managed artefacts rather than static documents.

 

Collaboration, Detection & Governance

    • Collaborate with Red Team, Penetration Testing, and SOC teams to identify vulnerabilities, validate attack paths, and remediate exposures.

    • Simulate and analyse identity-based attack scenarios (e.g., token replay, consent phishing, illicit consent grants, PIM abuse; and AD-side techniques such as Kerberoasting, Pass-the-Hash, DCSync where hybrid-relevant).

    • Integrate detection and response capabilities with SIEM/SOC tooling (e.g., Microsoft Sentinel, Splunk, QRadar) and Microsoft Defender for Identity.

    • Collaborate with IAM teams to integrate identity workflows (provisioning, deprovisioning, access reviews) into enterprise identity lifecycle and governance processes.

 

What qualifications or skills should you possess in this role? 

  • Deep, hands-on Entra ID expertise — Conditional Access, Identity Protection, PIM, app/workload identities, administrative units, and tenant hardening.
  • Practical experience applying Agentic AI / LLMs and AIOps agents to engineering work, including orchestrating agent workflows with appropriate guardrails.
  • Strong DevOps engineering skills: Git, GitHub, GitHub Actions / CI/CD, and version-controlled, automated delivery.
  • Demonstrated ability to design and build API-based abstraction/service layers (e.g., over Microsoft Graph) for reuse by humans and agents.
  • Strong scripting and automation skills (PowerShell and/or Python) and Microsoft Graph API proficiency for auditing, reporting, and enforcement.
  • Experience treating documentation-as-code and maintaining machine-readable repositories as part of an engineering workflow.
  • Working knowledge of hybrid identity and Active Directory (sync, federation, Tier 0, trusts, GPO) sufficient to secure the hybrid surface.
  • Familiarity with identity security tooling such as Microsoft Defender for Identity, BloodHound, PingCastle, and PurpleKnight.
  • Strong understanding of Zero Trust and the Enterprise Access Model (EAM) as applied to cloud-first and hybrid identity.
  • Knowledge of Privileged Access Management (PAM) and SIEM integration for identity threat detection.
  • The following certifications are preferred: Microsoft Certified: Identity and Access Administrator Associate (SC-300), Cybersecurity Architect Expert (SC-100), Windows Server Hybrid Administrator Associate. CISSP or equivalent advanced security certification, relevant DevOps / cloud certifications (e.g., GitHub Actions, Azure DevOps, AZ-400) are advantageous.

 

Work at the Point of Impact
We need to be forward-looking to attract the right people to help us become the Leading Global Long-term Investor. Join our ambitious, agile, and diverse teams - be empowered to push boundaries and pursue innovative ideas, share your views, and be heard. Be anchored on our PRIME Values: Prudence, Respect, Integrity, Merit and Excellence, which guides us in how we make our day-to-day decisions. We strive to inspire. To make an impact.

 

Flexibility at GIC
At GIC, our offices are vibrant hubs for ideation, professional growth, and interpersonal connection.  At the same time, we believe that flexibility allows us to do our best work and be our best selves.  Thus, our teams come into the office four days per week to harness the benefits of in-person collaboration, but have the flexibility to choose which days they work from home and adjust this arrangement as situational needs arise.

 

GIC is an equal opportunity employer 
As an employer, we passionately believe every individual brings with them unique diversity of thought and perspectives to meaningfully enrich perspectives of GIC teams to drive competitive performance. An inclusive environment yields exceptional contribution.

 

Learn more about our Technology Group here:
https://gic.careers/group/technology-group/

Our PRIME Values

Our PRIME Values

GIC is a values driven organization. GIC’s PRIME Values act as our compass, enabling us to fulfil our fundamental purpose and objectives. It is the foundational bedrock which governs our behaviors, our decision making, and our focus. It informs both our long-term strategy as a firm, and the way we relate to our Client, business partners and employees. PRIME stands for Prudence, Respect, Integrity, Merit and Excellence. 

Apply now »