Senior Engineer- IT Security

Overview
We are seeking a highly skilled and motivated Senior Engineer specializing in IT Security to join our dynamic technology team. In this pivotal role, you will lead efforts to safeguard our organization's information assets by designing, implementing, and maintaining robust security measures across our IT infrastructure. Your expertise will ensure compliance with industry standards such as NIST, ISO 27000 series, and FedRAMP, while proactively identifying vulnerabilities and responding to security incidents. This is an exciting opportunity for a cybersecurity professional eager to make a significant impact in a fast-paced environment that values innovation and excellence.

DESCRIPTION OF DUTIES

• M365 Tenant, Identity & Access Management
• Implement and optimize Microsoft Entra Conditional Access, tenant security defaults, privileged access policies, and MFA/SSPR at scale.
• Operate and harden Microsoft Entra ID (Azure AD): lifecycle governance, automated provisioning/deprovisioning, privileged identities (PIM), app registrations, consent/permission reviews.
• Build and maintain RBAC/least-privilege access models for cloud and SaaS apps; implement Just-In-Time access for admins and sensitive roles.
• Integrate HRIS and identity sources for Joiner-Mover-Leaver flows, enforce identity proofing and MFA step-up for high-risk transactions.
• Design and enforce data governance (labels, DLP, retention, eDiscovery/Legal Hold, insider risk signals) and collaboration controls (external sharing, guest access, B2B/B2C).
• Establish monitoring/alerting/SLAs for tenant and identity related services; lead incident response and help develop IR playbooks in conjunction with IT Security Operations.
• Endpoint Security (Windows, macOS, Linux)
• Own the migration from an existing endpoint management system to a more robust solution, such as the CrowdStrike Falcon platform, for all endpoints: sensor deployment/coverage, policy tuning, RTR workflows, and threat hunting guardrails.
• Lead efforts with platform engineers for OS-specific hardening baselines (CIS/NIST) and secure configuration: BitLocker/FileVault/LUKS, kernel extension/driver policies, local admin control, application allow/deny lists.
• Lead incident triage and response on endpoints, including containment, forensic collection, and post-incident hardening.
• Observability, Detection & Response
• Build and operationalize Splunk detections and dashboards integrating M365, Entra, CrowdStrike, Defender, Intune, and OS logs.
• Develop automated response playbooks to reduce MTTR.
• Automation & Engineering Excellence
• Create robust automation and self-service tooling for identity and endpoint operations.
• Maintain IaC for policy-as-code (e.g. Conditional Access, PIM role settings).
• Document runbooks, architecture diagrams, inventories, and SOPs; mentor engineers and drive operational maturity.
• Compliance & Risk
• Map controls to regulatory frameworks (SOX, J-SOX etc.); support audits with evidence and narratives.
• Lead periodic access reviews, admin entitlement recertification, and break-glass account governance.
• Conduct tabletop exercises, disaster recovery testing, and security drills tied to identity and endpoint scenarios.
• Up to 10% travel; domestic and international.

SUMMARY OF REQUIREMENTS

• 8+ years in enterprise IT/Security engineering with deep hands-on experience in: M365 administration, IAM operations, or endpoint security.
• Expert-level experience with:
• M365 & Entra ID: Conditional Access, MFA/SSPR, PIM/PAM, app registrations, service principals, identity lifecycle.
• Endpoint Security: CrowdStrike Falcon or equivanet (policy design, RTR, detection tuning) across Win/macOS/Linux.
• Logging/SIEM: Splunk or equivalent (search, dashboards, alerting, detection engineering).
• Strong automation skills: PowerShell (Graph modules), Python, REST/Graph APIs; CI/CD and version control (Git).
• Proven track record delivering secure baselines at scale (Intune/Jamf/MDM), and leading incident response involving identity and endpoints.
• Deep understanding of Zero Trust, least privilege, RBAC, token flows (OAuth/OIDC), and modern auth (MSAL).
• Experience with compliance control design and audit support.
• Experience mentoring others and cultivating technical breadth and depth on a team.
• Fluency in Japanese a plus.
• Bachelor or Master of Science degree in Engineering, Information Technology, or related field; or equivalent combination of education and experience.

Pay: $145,150.00 - $261,200.00 per month

Work Location: In person