Job Summary: This opportunity is for an Active Directory and Entra ID specialist to ensure a modern and secure authentication infrastructure across the entire company, solve complex problems, and design robust architectures. Key Highlights: 1. Participation in strategic projects with organizational impact 2. Ensuring modern and secure authentication infrastructure 3. Designing robust architectures and solving complex problems **About Us** XP Inc. is one of Brazil’s largest independent financial institutions, owning brands such as XP, Rico, Clear, XP Educação, InfoMoney, among others. With over 4.6 million active clients and assets under custody exceeding R$ 1.1 trillion, XP Inc. has been transforming the financial market for 24 years to improve people’s lives. Guided by four core values — **Big Dreams, Entrepreneurial Spirit, Customer Focus, and Open Mind** — XP Inc. continuously seeks top talent with the ambition to achieve the impossible. **About the Opportunity** ------------------------ This opportunity is within the Enduser Experience team (Active Directory and Entra ID), whose mission is to ensure that all people, systems, and applications across the company have access to a modern, available authentication infrastructure — delivering maximum security and high availability across our authentication infrastructure. This is a team passionate about robust infrastructure, identity security, and scalable, large-scale solutions; you’ll thrive here if you enjoy solving complex problems, designing solid architectures, and participating in strategic projects impacting the entire organization. Learn more about our day-to-day on Instagram and LinkedIn. Check our reviews on Glassdoor. **What We’re Looking For** -------------------- **Essential Requirements:** * Proven, hands-on experience administering Active Directory in medium- or large-scale environments (multiple domains, thousands of users, multiple sites). * In-depth knowledge and operational expertise of AD: forests, domains, sites and services, OUs, advanced-level GPOs, Global Catalog, trusts, FSMO roles, integrated DNS, replication (repadmin, dcdiag), and authentication (Kerberos/NTLM). * Practical experience with Entra ID (Azure AD): Azure AD Connect/Cloud Sync, SSO for applications, Conditional Access, MFA, user/group/role/application management, and Enterprise Applications. * Knowledge of identity and access security: AD hardening, privileged account protection, MFA, password policies, RBAC, auditing, and Zero Trust best practices applied to identity. * Proficiency in PowerShell for AD and Entra ID administration (ActiveDirectory, AzureAD/Entra, MSOnline modules), including automation experience. * Experience in large-scale identity projects, such as domain migrations, forest consolidations, authentication modernization, and enterprise-wide rollout of MFA/Conditional Access. * Ability to clearly communicate technical solutions to diverse audiences (technical and non-technical) and serve as a technical reference for other teams. **Preferred Qualifications:** * Microsoft certifications such as Microsoft Certified: Identity and Access Administrator (SC-300), Azure Administrator (AZ-104), Security Engineer / Cybersecurity Architect (SC-200, SC-100), or equivalent. * Experience with Intune/Endpoint Manager, Microsoft Defender for Identity, Defender for Cloud Apps, or similar identity-focused security tools. * Prior work in highly critical or highly regulated environments (e.g., financial institutions, capital markets, large enterprises). * Experience with identity protocols (SAML, OAuth 2.0, OpenID Connect, WS-Fed) and integration with SaaS and legacy applications. * Experience with Infrastructure-as-Code and automation (ARM/Bicep, Terraform, pipelines) applied to identity and security resources. * Aptitude for leading technical projects, influencing architectural decisions, and collaborating closely with Security, Networking, Application, and Business teams. **Challenges and Impact** ---------------------- * Serve as the technical authority for on-premises Active Directory and Entra ID (Azure AD), designing, implementing, and evolving the company’s identity and access architecture. * Administer and optimize the Active Directory environment (forests, domains, sites, OUs, GPOs, Global Catalog, trusts, integrated DNS, FSMO roles), ensuring performance, security, and high availability. * Administer and evolve Entra ID (Azure AD), including identity synchronization, SSO configuration, Conditional Access, MFA, Identity Protection, and application access governance. * Act as a technical pillar in major identity projects, such as AD migration/consolidation, authentication modernization, integration of acquired companies, and enabling SSO for critical applications. * Implement and maintain identity security controls, including domain controller hardening, privileged account protection, RBAC, PIM, auditing, and integration with security tools. * Automate administrative and support tasks using PowerShell, developing scripts for provisioning, deprovisioning, auditing, and reporting. * Perform advanced troubleshooting of authentication, GPO, replication, DNS, Kerberos/NTLM, and AD–Entra ID synchronization issues, responding to critical incidents. * Produce and maintain technical documentation, standards, runbooks, and solution diagrams for identity, while supporting and guiding N1/N2 teams and other technology areas. * **Process Steps** * **Initial screening**: Resume review to assess alignment with qualifications and job requirements. * **General assessments**: Cultural fit evaluation via Mindsight test and logical reasoning assessment via Predictive Index. * **Video interview**: An opportunity to get to know each other better and understand your motivations and experiences. * **Recruitment team interview**: Discussion regarding expectations for the role and professional goals. * **Technical assessment**: Interview focused on role-specific skills. * **Leadership interview**: A conversation to discuss your vision and how you can contribute to the team and company. * **Peer interview**: Interaction with future colleagues to evaluate synergy and teamwork. * **Offer**: Presentation of the employment proposal, including remuneration and benefits details. **Benefits:** Health and Well-being: * Comprehensive health insurance plan with no co-payment (including coverage for dependents) * Dental insurance plan * Wellhub (Gympass) * Zenklub * Life insurance * iFood Benefits (flexible VA and VR) * Transportation allowance * New Value (benefits club) * Parental leave: 6-month maternity leave and 20-day paternity leave * Childcare assistance Financial Life * Exclusive investment funds * Investment advisory services * XP Visa Infinite card with no annual fee * Credit solutions (payroll-deductible loans, home equity loans, real estate CCB loans, etc.) **Flexible On-site Work Model** Our work model varies by function — fully on-site for business-facing roles and more flexible for other teams. We follow a model with higher on-site frequency, always guided by flexibility and autonomy, aligned with our entrepreneurial culture. At XP Inc., we value personal interactions and believe the office serves as a tool to strengthen workplace relationships. * *By proceeding with your application, you declare that you have read, understood, and agree to the XP Inc. Group Privacy Policy and those of its vendors and partners supporting the selection process. The XP Inc. Group may use artificial intelligence solutions to assist the recruitment team during the process, which may involve processing your personal data for this purpose, in accordance with the principles of the General Data Protection Law and the XP Inc. Group Privacy Policy.*