IT Infra Engineer (Identity and Security)
About the job
About the IT Infra Engineer (Identity and Security) role
The IT Infrastructure Engineer (Identity and Security) is responsible for designing, implementing, and managing enterprise identity and security solutions across cloud and on-premises environments. This role focuses on identity governance, access control, and threat protection by leveraging technologies such as Entra ID, Microsoft Defender, and Microsoft Purview to ensure secure, compliant, and resilient systems. The engineer collaborates with stakeholders to translate business needs into secure architectures, automates processes through scripting and APIs, and monitors system health and security posture. Additionally, the role supports audits, drives security best practices, and leads initiatives that enhance identity management, data protection, and overall cybersecurity capabilities across the organisation.
Key Responsibilities:
1. Identity & Access Governance
- Design and architect Entra ID (Azure AD) solutions, focusing on Conditional Access policies, Privileged Identity Management (PIM), and Identity Protection to enforce least-privileged access
- Manage complex Identity Lifecycle processes, ensuring seamless and secure integration between on-premises Active Directory and cloud-native identity providers
- Implement and maintain Passwordless authentication and Multi-Factor Authentication (MFA) strategies to eliminate credential-based vulnerabilities
2. Security Engineering & Threat Protection
- Work with security team to engineer and operate the Microsoft Defender for Endpoint and Defender for Office 365 suites (EPP/EDR) to proactively hunt for threats and remediate vulnerabilities across the fleet
- Deploy and manage Microsoft Purview for information protection, Data Loss Prevention (DLP), and eDiscovery, ensuring sensitive corporate data remains governed and compliant
- Develop automated response playbooks using PowerShell and Microsoft Graph API to neutralise security incidents in real-time
3. Identity & Access Governance
- Design and architect Entra ID (Azure AD) solutions, focusing on Conditional Access policies, Privileged Identity Management (PIM), and Identity Protection to enforce least-privileged access
- Implement and maintain Passwordless authentication and Multi-Factor Authentication (MFA) strategies to eliminate credential-based vulnerabilities
- Lead the identity and access design for enterprise-wide rollouts, ensuring robust authentication mechanisms are baked into every deployment
- Act as the primary technical liaison for Cybersecurity Audits, providing data-driven evidence of compliance regarding identity lifecycles and access control
- Mentor the team on security best practices, conducting knowledge-sharing sessions on the latest Entra features and identity threat landscapes
4. Automation & Observability
- Automation: Engineer for scalability by building reusable automation and utilising PowerShell scripting and related tools like PowerBI, Dynatrace and Axonius to monitor service health and reporting to derive insights
- Scripting & API: Use PowerShell, Bash, and Python to automate repetitive tasks and interact with the Microsoft Graph API for custom reporting
- Fleet Analytics: Utilise KQL and Endpoint Analytics to monitor device health, battery wear, and application performance across the entire estate
- Self-Service: Develop and maintain “Self-Service” portals for both staff and students to empower users and reduce helpdesk ticket volume
5. General Responsibilities
- Engage stakeholders to translate business requirement into design and services to meet the intended availability, capacity, resiliency, security and continuity requirements
- Forecast budget needed to support the project initiatives and maintenance contracts
- Ensure client’s related Technical Architecture are in compliance with IM8 and Agency’s IT Policies and Standards
- Manage day-to-day delivery and support of application infrastructure services and collaborate with other government agencies and central services teams to facilitate and deliver government-wide services
6. Leadership & Strategic Compliance
- Lead the security design for enterprise-wide software rollouts, ensuring “Security by Design” is baked into every deployment
- Act as the primary technical liaison for Cybersecurity Audits, providing data-driven evidence of compliance with global security standards (e.g., ISO 27001, SOC2)
- Mentor the team on security best practices, conducting regular knowledge-sharing sessions on the latest M365 security features and threat landscapes
Requirements:
- Identity Expertise: Technical mastery of both on-premises Active Directory and cloud-native Entra ID, including B2B/B2C scenarios, App Registrations, and Enterprise Applications
- Security Stack Mastery: Proven experience implementing the full Microsoft 365 Defender suite and Microsoft Purview, encompassing DLP, EDR, EPP, and identity security capabilities
- Automation-First Mindset: Proficiency in PowerShell and MS Graph API for comprehensive security and identity auditing, as well as automated threat remediation
- Analytical Rigor: Ability to synthesise complex security and identity logs into actionable risk recommendations for executive leadership
- Preferred Certifications: SC-100 (Microsoft Cybersecurity Architect), SC-300 (Microsoft Identity and Access Administrator), MS-500 (Microsoft 365 Security Administration), and CISSP or an equivalent security-focused accreditation
- Proactive and dedicated individual with good leadership and multi-tasking capabilities as well as the ability to work independently without the need for close supervision
- Experienced in contract and vendor management
- Good communication skills, both oral and written, with the ability to pitch ideas and communicate effectively with stakeholders
- Team player with strong organisation and people handling skills
