Head of Workplace Engineering

TL;DR

Head of Workplace Engineering (Identity & Modern Workplace): Lead the Workplace Engineering team and own the technical direction across identity, endpoint, and collaboration platforms at SEFE with an accent on Active Directory and Microsoft Entra ID architecture, governance, and lifecycle automation. Focus on steering complex identity initiatives end-to-end while providing architectural oversight for Intune, Microsoft 365, Exchange Online, Teams, SharePoint, and AVD, and ensuring compliance with GDPR and ISO 27001.

Location: Hybrid working model; roles based in United Kingdom (London, Manchester) and Germany (Berlin, Kassel)

Company

SEFE is an international energy company delivering energy solutions across the value chain, including origination, trading, sales, transport, and storage.

What you will do

• Lead, develop, and mentor the Workplace Engineering team; set technical direction aligned with IT I&O strategy and VP Workplace.
• Own identity architecture for Active Directory and Microsoft Entra ID, including identity governance, lifecycle management, Conditional Access, PIM, B2B/guest access, and MFA strategy.
• Provide technical oversight for endpoint and collaboration platforms (Intune, SCCM, Autopilot, AVD, BitLocker; Exchange Online, Teams, SharePoint, OneDrive).
• Drive continuous improvement in automation, standards, and operational efficiency; manage escalation and handover interfaces with Workplace Operations.
• Ensure compliance with internal policies, GDPR, ISO 27001, and regulatory requirements; manage strategic vendor relationships with Procurement.

Requirements

• Several years of experience leading IT engineering teams, ideally in workplace, identity, or infrastructure environments.
• Strong expertise in Microsoft Active Directory (replication, schema, GPO, delegation, migrations, troubleshooting).
• Strong knowledge of Microsoft Entra ID (Conditional Access, PIM, Entra Connect/Cloud Sync, MFA, B2B, Identity Governance).
• Experience with identity lifecycle management, automation, and RBAC.
• Good understanding of the Microsoft 365 / Modern Workplace stack (Intune, Exchange Online, Teams, SharePoint).
• Intermediate PowerShell skills for administration and automation; fluent English.

Nice to have

• German language skills.
• Experience with identity migrations and PAM solutions (e.g., One Identity), Microsoft Defender for Identity, Sentinel, and Purview.
• Microsoft certifications (SC-300, AZ-104, AZ-500, or SC-100).
• Experience with ServiceNow, Terraform, or Ansible in identity/cloud environments.
• Knowledge of ISO 27001, NIST, or BSI IT-Grundschutz frameworks; experience in regulated industries.

Culture & Benefits

• Hybrid working model with flexibility.
• Competitive starting salary plus bonus earning potential.
• 25 days holiday plus bank holidays and volunteering days; buy/sell holidays.
• Non-contributory pension with 10% employer contribution; life assurance.
• Medical and dental insurance with family cover; optional flexible benefits.
• Blended learning approach to support career growth.

Hiring process

• Interviews focused on leadership, identity/Modern Workplace architecture depth, and decision-making under uncertainty.
• Assessment of technical credibility across Active Directory, Entra ID, and platform oversight responsibilities.
• Final discussions on collaboration approach and fit for distributed locations.