Sr. Microsoft IT Security Engineer

Job Title: Sr. Microsoft IT Security Engineer

About the Role
We are looking for a Senior Microsoft IT Security Engineer to support the assessment, standardization, and implementation of endpoint security and device management initiatives across Microsoft Intune and Microsoft Entra. This role will focus on policy rationalization, device inventory hygiene, Conditional Access enforcement, and macOS endpoint management standardization. The ideal candidate should have strong hands-on experience with Microsoft endpoint security technologies and the ability to plan and execute structured implementation workstreams with minimal operational disruption. The role will also involve readiness assessments related to CASB, DLP, and application control initiatives.

Key Responsibilities

• Assess current Microsoft Intune, Entra, Conditional Access, and endpoint security configurations.
• Rationalize and standardize Intune and Entra policies, reducing redundant, conflicting, or obsolete configurations.
• Support device inventory cleanup across Intune and Entra, including stale, duplicate, orphaned, inactive, or unmanaged device records.
• Design, implement, and validate Conditional Access policies to enforce compliant corporate-managed device access.
• Develop and implement macOS security, compliance, and device management standards within Microsoft Intune.
• Support migration planning and execution for macOS devices moving from Kandji to Intune.
• Create technical documentation, implementation roadmaps, support guides, and rollout validation reports.
• Assess readiness and provide recommendations for future CASB, DLP, binary allowlisting, and application control initiatives.

Must-have Requirements

• Senior-level experience in Microsoft IT security, endpoint security, or endpoint management roles.
• Strong hands-on experience with Microsoft Intune.
• Strong experience with Microsoft Entra device management and enrollment states.
• Experience designing and implementing Conditional Access policies.
• Experience with endpoint compliance policies, device configuration policies, and endpoint security controls.
• Experience with device inventory cleanup, endpoint hygiene, and managed device lifecycle processes.
• Experience documenting technical assessments, implementation plans, support procedures, and security configurations.
• Ability to coordinate rollout sequencing, validation activities, and technical dependencies with stakeholders.

Nice-to-have Requirements

• Experience managing macOS endpoints through Microsoft Intune.
• Experience with Kandji-to-Intune migration projects.
• Knowledge of macOS compliance, encryption, password, lock-screen, update, and patch management policies.
• Exposure to CASB and DLP assessment or readiness initiatives.
• Familiarity with Microsoft and Cisco security capabilities.
• Knowledge of binary allowlisting, application control, or software inventory analysis.
• Experience supporting phased security implementation roadmaps and governance frameworks.