Job Title

About the RoleWe are looking for a Security Engineer/ Senior Security Engineer to join our Managed Security Services team, supporting a key client engagement in the US. You will play a hands-on role in executing a structured security improvement program aligned with industry frameworks. This is a great opportunity for an engineer who wants to move beyond reactive security work and contribute to building a mature, well-governed security program from the ground up. The initial focus will be a structured 9-month client engagement, after which you will continue to contribute to ongoing security work across our client portfolio.What You'll Be Working OnYou will be directly responsible for the technical execution of the following workstreams:Asset & Device Management — Building and maintaining a comprehensive inventory of endpoints, servers, network devices, and cloud resources. Enrolling and managing corporate devices in Microsoft Intune, defining compliance policies, and operationalizing automated discovery and alerting.Software Governance — Cataloguing all software in use, packaging and deploying applications via Intune, and supporting the rollout of a SaaS governance process including shadow IT detection through Defender for Cloud Apps.Secure Configuration — Defining and deploying security baselines for Windows endpoints and servers aligned with industry benchmarks. Managing phased rollouts, monitoring configuration drift, and incrementally hardening critical workloads across the environment.Data Protection — Supporting data flow mapping exercises across key business processes, documenting systems, access points, and protections, and validating encryption and access controls across sensitive data flows.Account Management — Building complete account inventories across Entra ID, Active Directory, and standalone systems. Conducting privileged access reviews, cleaning up dormant accounts, and operationalizing account lifecycle processes.MFA & Password Security — Deploying and enforcing phishing-resistant MFA for privileged accounts via Conditional Access, rolling out SSPR with password writeback to on-premises AD, and deploying Azure AD Password Protection across the domain.We're Looking ForRequired:2–4 years of hands-on experience in a security engineering or roleStrong working knowledge of Microsoft Intune, including:Device enrolment across Windows, macOS, iOS, and AndroidCreating and managing device compliance policies and configuration profilesApplication deployment — packaging Win32 apps, deploying required and available apps, managing the Company PortalManaging software updates via Windows Update for Business and Intune update ringsConditional Access integration — enforcing device compliance as a condition for corporate resource accessIntune reporting, compliance dashboards, and remediation workflowsStrong working knowledge of Microsoft Entra ID (Azure AD), including:User and group lifecycle management — creation, modification, deactivation, and deletionPrivileged role assignments and role-based access control (RBAC)Conditional Access policy design and enforcement — MFA requirements, device compliance, sign-in risk, named locationsMulti-Factor Authentication — deploying and enforcing phishing-resistant MFA methods including FIDO2 security keys, Windows Hello for Business, and Microsoft Authenticator passwordless authenticationSelf-Service Password Reset (SSPR) configuration, including password writeback to on-premises Active DirectoryEntra ID Password Protection — banned password lists, audit and enforcement modesIdentity Protection — risk-based Conditional Access, leaked credential detectionPrivileged Identity Management (PIM) concepts and just-in-time access principlesApplication registrations, service principals, and managed identitiesExperience with Active Directory administration in hybrid identity environments, including group policy, privileged group management, and Entra Connect SyncFamiliarity with the broader Microsoft security stack — Defender for Endpoint, Defender for Cloud Apps, Defender for Identity, and Microsoft PurviewFamiliarity industry security frameworks such as NIST CSF and CIS Critical Security ControlsStrong documentation skills — you will be producing evidence, process guides, and configuration records throughout the engagementAbility to work independently and manage your own workload across parallel workstreamsGood communication skills — you will be collaborating closely with an onshore lead and interfacing with client IT teamsNice to Have:Familiarity with SOC 2 or similar compliance frameworksExperience in a Managed Services Provider (MSP) environmentCertificationsThe following certifications are highly regarded for this role. Candidates who hold one or more of these will be looked upon favourably, though they are not a strict requirement:ISC2 SSCP (Systems Security Certified Practitioner)Microsoft 365 Certified: Endpoint Administrator Associate (MD-102)Microsoft Certified: Identity and Access Administrator Associate (SC-300)Microsoft Certified: Windows Server Hybrid Administrator Associate (AZ-800)Microsoft Certified: Cybersecurity Architect Expert (SC-100)Kindly note that the working hours overlap with the US timeframe: 1:30 PM to 10:30 PM (IST).