System Engineer (Identity and Access Management)

Zagreb, Croatia (Hybrid)

Do you want to join a growing team of top professionals who invest time and effort into teaching, career growth, and cultivating employees into the next generation of IT experts? You've come to the right place. Span is a Croatian IT company with a global reach specializing in high-quality information systems design and management services, as well as tech support for customers and enterprises. We're constantly improving, advancing, and adopting new trends, new skills, and new expertise, giving our employees virtually endless opportunities for professional development.




Why join us?

We support a large-scale hybrid identity environment and we’re looking for someone who loves deep technical challenges around Active Directory and IAM. If you enjoy troubleshooting replication quirks, automating identity tasks with PowerShell, or designing secure authentication flows that actually work in practice — this is the role for you.

You won’t be just “keeping the lights on.” You’ll help shape how we manage identity and access across a global enterprise, working side by side with security, cloud, and infrastructure teams.


What you'll do:

  • Engineer and run Active Directory (multi-domain, multi-forest) at enterprise scale
  • Automate routine processes using PowerShell scripting to improve efficiency, enforce policies, and generate reports
  • Keep authentication secure: Kerberos, PKI, MFA, federation, conditional access
  • Support hybrid identity (AD + Entra ID/Azure AD, AD Connect)
  • Help design and enforce tiering / privileged access models
  • Troubleshoot complex issues, including replication errors, trust relationship problems, and authentication failures
  • Collaborate with security engineers on IAM hardening and detection


We could be a perfect fit if you are:

  • Approaching activities in a planned and organized manner, focused on essentials and working quickly and efficiently
  • Showing a strong desire for constant career development and gaining experience
  • Inclined to innovate, always trying out different approaches and looking for new, better and more efficient ways of working
  • Appreciating and accepting differences, respecting other people and their opinions and ideas and readily giving them yourself


What we expect:

  • You’ve spent 3+ years working with Active Directory in production and know it inside out
  • Solid experience with Entra ID / Azure AD and hybrid identity
  • You know your way around PowerShell (and maybe even enjoy it)
  • Comfortable with Windows Server infra (DNS, DHCP, certificate services)
  • Strong understanding of IAM concepts: SSO, federation, MFA, PAM
  • Curiosity, problem-solving, and a willingness to get hands-on


What will bring you extra points:

  • Experience with Saviynt or other IGA platforms
  • Familiarity with MIM, SailPoint, or other IAM/IAG tools
  • Enjoy digging into protocols (LDAP, Kerberos, OAuth, SAML, OIDC)
  • You understand the difference between Passwordless authentication and PasswordNeverExpires (and why one is not the other)
  • Comfortable at enterprise scale (multiple forests, thousands of objects)


What's in it for you:

  • Competitive salary according to your experience
  • A business phone of your choice
  • InHouse testing center- we are giving you an option of gaining professional certificates
  • Mentor - no matter how much experience you've got, we will provide you with an adequate mentor
  • Regular feedback on your performance and personalized career development plan
  • Possibility to earn different types of bonuses
  • Subvention of Multisport card or PassSport- not only brain workout is important
  • Minimum of 25 vacation days
  • Complete health checks- adjusted for men and women
  • Psychological counseling- we care about your well-being
  • Lunch and transportation compensations
  • Benefits for children of employees




System Engineer (Identity and Access Management)

Job description

System Engineer (Identity and Access Management)

Personal information
Add
Professional data
Details