AvePoint - IT Infra Engineer (Identity and Security)

• Identity & Access Governance • Design and architect Entra ID (Azure AD) solutions, focusing on Conditional Access policies, Privileged Identity Management (PIM), and Identity Protection to enforce least-privileged access. • Design and architect Entra ID (Azure AD) • Manage complex Identity Lifecycle processes, ensuring seamless and secure integration between on-premises Active Directory and cloud-native identity providers. • Identity Lifecycle • Active Directory • Implement and maintain Passwordless authentication and Multi-Factor Authentication (MFA) strategies to eliminate credential-based vulnerabilities. • Passwordless authentication • Security Engineering & Threat Protection • Work with security team to engineer and operate the Microsoft Defender for Endpoint and Defender for Office 365 suites (EPP/EDR) to proactively hunt for threats and remediate vulnerabilities across the fleet. • Microsoft Defender for Endpoint • Defender for Office 365 • Deploy and manage Microsoft Purview for information protection, Data Loss Prevention (DLP), and eDiscovery, ensuring sensitive corporate data remains governed and compliant. • Microsoft Purview • Develop automated response playbooks using PowerShell and Microsoft Graph API to neutralize security incidents in real-time. • PowerShell and Microsoft Graph API • Lead the identity and access design for enterprise-wide rollouts, ensuring robust authentication mechanisms are baked into every deployment. • Act as the primary technical liaison for Cybersecurity Audits, providing data-driven evidence of compliance regarding identity lifecycles and access control. • Cybersecurity Audits • Mentor the team on security best practices, conducting knowledge-sharing sessions on the latest Entra features and identity threat landscapes. • Automation & Observability • Automation: Engineer for scalability by building reusable automation and utilizing PowerShell scripting and related tools like PowerBI, Dynatrace and Axonius to monitor service health and reporting to derive insights. • Automation: • Scripting & API: Use PowerShell, Bash, and Python to automate repetitive tasks and interact with the Microsoft Graph API for custom reporting. • Scripting & API: • PowerShell • Python • Microsoft Graph API • Fleet Analytics: Utilize KQL and Endpoint Analytics to monitor device health, battery wear, and application performance across the entire estate. • Fleet Analytics: • Endpoint Analytics • Self-Service: Develop and maintain "Self-Service" portals for both staff and students to empower users and reduce helpdesk ticket volume. • Self-Service: • Engage stakeholders to translate business requirement into design and services to meet the intended availability, capacity, resiliency, security and continuity requirements. • Engage stakeholders • Forecast budget needed to support the project initiatives and maintenance contracts. • Forecast budget • Ensure MOE’s related Technical Architecture are in compliance with IM8 and Agency’s IT Policies and Standards. • Manage day-to-day delivery and support of application infrastructure services and collaborate with other government agencies and central services teams to facilitate and deliver government-wide services. • Leadership & Strategic Compliance • Lead the security design for enterprise-wide software rollouts, ensuring "Security by Design" is baked into every deployment. • Act as the primary technical liaison for Cybersecurity Audits, providing data-driven evidence of compliance with global security standards (e.g., ISO 27001, SOC2). • Mentor the team on security best practices, conducting regular knowledge-sharing sessions on the latest M365 security features and threat landscapes.