Riyadh Onsite | IT Security Engineer – Microsoft 365 Security

About This Role

About the Role: IT Security Engineer – Microsoft 365 Security

Location: Riyadh, Saudi Arabia (Onsite)

Employment Type - One-Year Contract (Extendable)

We are seeking a highly skilled Microsoft 365 Security Engineer to design, implement, and manage enterprise-grade security solutions across Microsoft cloud environments. The ideal candidate will have strong expertise in Microsoft Defender, Microsoft Entra ID (Azure AD), Microsoft Purview, Intune, and Azure Security tools, with hands-on experience in protecting identities, data, endpoints, and cloud workloads.

What You’ll Do:

Key Responsibilities

Microsoft 365 Security Implementation & Management

• Configure, manage, and optimize Microsoft Defender XDR , including: Defender for Endpoint
• Defender for Office 365
• Defender for Identity
• Defender for Cloud Apps
• Implement and maintain Microsoft Purview Compliance solutions , including: Data Loss Prevention (DLP)
• Insider Risk Management
• Information Protection
• eDiscovery
• Secure Microsoft 365 services such as Exchange Online, SharePoint Online, OneDrive, and Microsoft Teams through security policies and best practices.

Identity & Access Management (IAM)

• Deploy and manage Microsoft Entra ID (Azure AD) security features, including: Conditional Access
• Multi-Factor Authentication (MFA)
• Privileged Identity Management (PIM)
• Role-Based Access Control (RBAC)
• Implement and operate: Passwordless authentication
• Single Sign-On (SSO)
• Just-in-Time (JIT) access controls
• Monitor and mitigate identity-based security threats.

Threat Detection & Incident Response

• Monitor, investigate, and respond to security alerts using: Microsoft Sentinel (SIEM)
• Defender XDR
• Microsoft Security Centre
• Perform security incident analysis, containment, remediation, and root cause analysis.
• Develop and improve incident response playbooks and procedures.

Compliance & Risk Management

• Conduct regular security assessments, audits, and risk evaluations.
• Identify vulnerabilities and implement corrective security controls.
• Ensure compliance with organizational and regulatory security standards.
• Design and enforce DLP policies to protect sensitive data across Microsoft 365 workloads.

Endpoint & Cloud Security

• Deploy and manage Microsoft Intune (Endpoint Manager) for: Device compliance
• Endpoint security
• Application and policy management
• Enforce: Windows Defender security baselines
• BitLocker encryption
• Microsoft Edge security configurations
• Harden Azure cloud workloads and ensure alignment with Azure Security Center / Microsoft Defender for Cloud best practices.

Required Skills & Experience

• 5+ years of experience in Microsoft 365 Security, Azure Security, or Cloud Security Engineering .

• Strong hands-on expertise with: Microsoft Defender XDR

• Defender for Endpoint

• Defender for Office 365

• In-depth experience with Azure AD / Microsoft Entra ID , including Conditional Access, MFA, PIM, and RBAC.

• Solid knowledge of Microsoft Intune (Endpoint Manager) and Windows security configurations.

• Experience with Data Loss Prevention (DLP) , Information Protection, and compliance controls.

• Proficiency in PowerShell scripting for automation and security configurations.

• Familiarity with Microsoft Graph API and security integrations.

• Strong troubleshooting, analytical, and communication skills.

Preferred Certifications

• Microsoft Certified: Cybersecurity Architect Expert
• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• Microsoft Certified: Information Protection Administrator Associate (SC-400)
• Microsoft Certified: Identity and Access Administrator Associate (SC-300)
• Microsoft 365 Certified: Enterprise Administrator Expert

Education

• Bachelor’s or master’s degree in Cybersecurity, Computer Science, Information Security , or a related field OR equivalent hands-on professional experience.