Senior IT Manager

We are looking for a Senior IT Manager with proven hands-on expertise in Microsoft 365 and Entra ID, who is equally comfortable leading a small team as operating the infrastructure directly. The role owns our cloud productivity and identity stack and carries formal line management responsibility for 2–3 individual contributors, with the team expected to grow to up to 5 as the function matures.

This is not a pure management position: you will remain a working technical lead, serving as the primary subject matter expert for M365 and Entra ID while setting direction, growing your team's capability, and handling escalations that require senior judgement. You will work with considerable autonomy, collaborating closely with security, engineering, and business stakeholders across the organisation.

Key Responsibilities

• Own the Entra ID (Azure AD) tenant: lifecycle management, Conditional Access policies, MFA enforcement, Privileged Identity Management (PIM), and external identity (B2B/B2C where applicable)
• Maintain and evolve RBAC models across M365 workloads
• Administer hybrid identity infrastructure: AD Connect / Entra Connect sync, password hash sync or pass-through authentication, and seamless SSO
• Manage Exchange Online including mail flow rules, connectors, shared mailboxes, distribution groups, and migration tasks
• Configure and maintain mail security controls: DKIM, DMARC, SPF, Defender for Office 365 (anti-phishing, safe links, safe attachments), and quarantine policies
• Monitor and respond to mail security incidents and anomalies
• Manage the Intune environment: device enrolment (Windows, macOS, iOS/Android), compliance policies, configuration profiles, and application deployment
• Maintain Autopilot workflows and co-management configuration where applicable
• Enforce device-based Conditional Access in coordination with identity policies
• Administer on-premises Active Directory: ensure clean synchronisation between on-prem AD and Entra ID; manage schema, attribute filtering, and sync scope
• Participate in and support AD migration initiatives, move to cloud-only environment
• Lead lean IT team, develop runbooks and operational procedures to reduce manual toil and improve consistency
• Set the SLAs and ensure the service levels are consistently improving
• Collaborate with network/infrastructure colleagues on firewall rules, proxy configurations, and Microsoft 365 endpoint optimisation

Professional qualifications

• 5–8 years of hands-on experience administering Microsoft 365 and Azure AD / Entra ID in enterprise or scale-up environments
• Deep, demonstrable expertise in Entra ID: Conditional Access, PIM, identity governance, app registrations, and enterprise application management
• Strong Exchange Online administration experience including Defender for Office 365 and modern mail security standards (DMARC/DKIM/SPF)
• Solid Intune experience covering Windows and at least one mobile platform
• Proven hybrid AD skills: AD Connect, Group Policy, DNS, and on-prem AD administration
• Proficiency in PowerShell for scripting, automation, and administrative tasks, not just running existing scripts, but authoring and maintaining them
• Working knowledge of networking fundamentals relevant to M365 operations (DNS, routing concepts, proxy/firewall, VPN split tunnelling)
• Ability to work independently in a small-team environment, manage priorities of a team, operate without close oversight, and document your own work
• Background in ITIL-aligned change management processes
• Experience with Linux systems administration at a basic operational level (package management, log inspection, SSH, cron, systemd services) is considered an advantage
• Clear written communication: demonstratable experience documenting what you build and being able to explain complex configurations to non-technical stakeholders when needed

What We Offer

• 💻 Choice of work equipment (e.g., laptop, monitor, etc.)
• 🇬🇧 English classes (iTalki – $130 monthly)
• ⏰ Flexible schedule (we usually work between 09:00/10:00 and 18:00/19:00 CET or EET)
• 👶 Newborn bonus (€500 per child)
• 🧠 Patent remuneration
• 🌴 Paid leave
• 🧑‍💻 Remote work in locations without our offices
• Hybrid work in locations with offices (2 days in-office, 3 days remote)

Constructor fosters equal opportunity for people of all backgrounds and identities. We are led by a gender-balanced board committed to building a diverse and inclusive organisation where everyone can become their best self. We do not discriminate based on age, disability, gender identity, sexual orientation, ethnicity, race, religion or belief, parental and family status, or other protected characteristics. We welcome applications from women, men and non-binary candidates of all ethnicities and socio-economic backgrounds. We encourage people belonging to underrepresented groups to apply.