Senior Microsoft Security Engineer

Overview

Role Summary

Responsibilities

• **Tenant Build and Configuration:**
• Configure the new Imbono Microsoft 365 E5 tenant from inception, including tenant settings, domain verification, authentication methods, Microsoft Secure Score baseline, and Microsoft licensing configuration.
• Deliver the security hardening phases (Phases A-H) from July 2026 before the first migration wave commences.
• **Identity and Access Management (Entra ID):**
• Design and implement the Imbono Entra ID environment: directory structure, Conditional Access policies (Zero Trust), Multi-Factor Authentication (MFA/SSPR), Entra ID Privileged Identity Management (PIM) for just-in-time role activation, break-glass account procedures, Identity Protection risk policies, and Entra ID Governance (access reviews). Maintain named administrative roles and their lifecycle.
• **Cross-Tenant Federation (XTAP):**
• Configure the Cross-Tenant Access Policy (XTAP) bilaterally between the Imbono and Gemcorp tenants, inbound/outbound trust settings, MFA and device compliance claim trust, B2B direct connect for Teams shared channels, SharePoint and OneDrive cross-tenant sharing, and Global Address List visibility.
• Validate federation baseline quarterly.
• **Endpoint Management (Microsoft Intune):**
• Deploy and operate Intune across the Imbono device estate (Dubai DIFC/DMCC, Angola/Cabinda Refinery, and remote users).
• Configure Windows Autopilot for zero-touch provisioning, device compliance policies, configuration profiles, application deployment, App Protection Policies (BYOD/mobile), and endpoint security baselines.
• Manage device re-enrolment during migration waves.
• Maintain compliance posture for Conditional Access enforcement.
• **Threat Protection (Microsoft Defender XDR Suite):**
• Configure and operate the full Defender suite: (1) Defender for Endpoint (MDE) — EDR, attack surface reduction rules, device compliance; (2) Defender for Office 365 (MDO) — anti-phishing, safe attachments, safe links, native email security replacing any incumbent gateway; (3) Defender for Identity (MDI) — identity-based threat detection and lateral movement alerts; (4) Defender for Cloud Apps (MDCA) — CASB, cloud app governance, in-line session controls; (5) Defender XDR portal — unified incident management and cross-domain correlation.
• **SIEM/SOAR (Microsoft Sentinel):**
• Deploy and operate Microsoft Sentinel as Imbono's central SIEM/SOAR.
• Onboard log sources (Entra ID, Defender suite, firewalls, network infrastructure, Angola office).
• Build and maintain detection rules in KQL (Kusto Query Language).
• Configure analytics rules, watchlists, and automated response playbooks (Logic Apps/SOAR).
• Manage the SOC alert queue, triage, and Level 1–2 incident response.
• Continuously tune rules to reduce false positives.
• **Data Protection (Microsoft Purview):**
• Configure Purview sensitivity labels, DLP policies (endpoint, Teams, Exchange, SharePoint), retention policies, and information governance aligned with Imbono's data classification policy and ISO 27001 Annex A.8 controls.
• Support ROPA maintenance and regulatory evidence production for UAE PDPL and Angola Lei 22/11.
• Configure Compliance Manager and track compliance score.
• **Migration Execution (Waves 0–4):**
• Lead the technical execution of all migration workstreams: identity migration, Exchange Online mailbox migration (coexistence, mail forwarding, cutover), SharePoint and OneDrive content migration, Teams channel migration, device re-enrolment to Imbono Intune, SSO integration reconfiguration (including Together Platform SSO, hard gate for Wave 2), and source-tenant cleanup. Co-ordinate with Options Technology on source-tenant actions. Validate each wave against go/no-go criteria before sign-off. Execute the 4-hour domain cutover window on 27 February 2027 with rollback capability.
• **SOC Operations and Incident Response:**
• Operate as the primary technical responder for security incidents detected via Sentinel and the Defender suite.
• Conduct triage, containment, evidence collection, forensic analysis, and post-incident review.
• Maintain and continuously improve incident response playbooks.
• Co-ordinate cross-tenant incident notification with Gemcorp Capital where cross-tenant impact is detected.
• Provide SOC hypercare coverage during and immediately after the domain cutover window.
• **Platform Governance and Reporting:**
• Manage day-to-day platform health, licence lifecycle, service health monitoring, and configuration change management for all M365 workloads.
• Maintain Microsoft Secure Score and report platform security posture to the Head of Cyber Security.
• Contribute to ISMS evidence (Annex A control evidence, audit artefacts) for ISO 27001:2022 certification audits.

Experience

• 7–10 years of experience in Microsoft 365 security engineering (tenant hardening, admin, operations)
• Proven hands-on experience in Microsoft Sentinel: KQL, analytics rules, Logic Apps playbooks, Log Analytics
• Proven hands-on experience in Microsoft Defender XDR: Endpoint, Office 365, Identity, Cloud Apps
• Proven hands-on experience Intune & Entra ID: device compliance, Autopilot, Conditional Access, PIM, Identity Protection
• Proven hands-on experience in SOC operations: incident triage/response, playbooks; PowerShell & Graph API automation; Microsoft 365 tenant migrations

Qualification

• Bachelor's degree in Computer Science, Information Security, or a related discipline (or equivalent demonstrable experience).

• SC-200: Microsoft Security Operations Analyst

• SC-300: Microsoft Identity and Access Administrator

• MS-102: Microsoft 365 Administrator

• CISSP (Certified Information Systems Security Professional) or equivalent

Skills

• Deep technical expertise across the Microsoft E5 security stack: Entra ID, Defender suite (MDE/MDO/MDI/MDCA/XDR), Microsoft Sentinel, Microsoft Intune, and Microsoft Purview.
• KQL (Kusto Query Language); proficient for detection rule development, threat hunting, and incident investigation in Sentinel and Defender Advanced Hunting.
• PowerShell; scripting and automation of M365 administration tasks, Intune configuration, migration workstreams, and security baseline enforcement.
• Microsoft Graph API; tenant configuration automation, user lifecycle management, and reporting.
• Zero Trust architecture; practical understanding of and ability to implement Zero Trust principles in M365 (Verify Explicitly, Least Privilege, Assume Breach).
• Email security architecture; SPF, DKIM, DMARC, MX routing, mail connectors, transport rules, and coexistence mail flow during migration.
• MITRE ATT&CK framework; familiarity for detection rule mapping and adversary emulation in Sentinel.
• Endpoint security; CIS benchmarks, Microsoft security baselines, attack surface reduction, BitLocker, and Windows Defender Firewall policy.
• Regulatory awareness; ISO/IEC 27001:2022 Annex A controls as they apply to cloud platforms; basic awareness of UAE PDPL and data sovereignty requirements for cloud services.

Competencies

• Technical Excellence

• Problem-Solving Under Pressure

• Collaboration
• Ownership
• Structured Thinking
• Resilience

Our Values

• Client Oriented
• Excellence
• Innovation
• Integrity
• Perseverance
• *We believe that diversity strengthens our organisation and we welcome applications from individuals of all backgrounds and experiences.
• We want every candidate to perform at their best.
• If you need any reasonable adjustments during the application or interview process, please contact us at
• [email protected]
• and we will work with you to meet your needs.*