Senior Microsoft Security Architect (Entra ID, Defender & Intune)
Posted Today by DCM Infotech Limited
Negotiable
Undetermined
Remote
Remote
Summary: The Senior Microsoft Security Architect will be responsible for designing and implementing comprehensive security solutions within the Microsoft ecosystem, with a focus on identity management, endpoint protection, and threat detection. This role requires a hands-on architect with expertise in Zero Trust security principles. The position is remote and expected to last for over 12 months. The ideal candidate will integrate various security controls into a scalable enterprise framework.
Key Responsibilities:
- Design and enforce Conditional Access policies (risk-based, device, location) using Entra ID P2
- Implement identity security controls including MFA, passwordless authentication, FIDO2, and Identity Protection
- Manage Privileged Identity Management (PIM) with JIT access, role governance, and approval workflows
- Oversee identity governance including lifecycle workflows and entitlement management
- Deploy and manage Microsoft Defender suite (Endpoint, Office 365, Identity, Cloud Apps)
- Configure Endpoint security via Intune: Autopilot, device enrollment, compliance policies, and security baselines
- Implement Threat & Vulnerability Management and Attack Surface Reduction (ASR) strategies
- Lead Endpoint Detection & Response (EDR/XDR) investigations, response actions, and automation (AIR)
- Integrate MDE, Intune, and Sentinel for centralized monitoring and incident management
- Manage application deployment and BYOD protection (Win32 apps, MAM policies)
- Implement CASB controls, session policies, and shadow IT monitoring via Defender for Cloud Apps
Key Skills:
- Deep expertise in Zero Trust security
- Experience with Conditional Access policies and Entra ID P2 features
- Knowledge of Privileged Identity Management (PIM) and JIT elevation
- Proficiency in MFA, passwordless authentication, and FIDO2
- Understanding of identity governance and lifecycle workflows
- Experience with Microsoft Defender for Endpoint and Office 365
- Skills in Threat & Vulnerability Management and Attack Surface Reduction
- Ability to lead Endpoint Detection & Response investigations
- Experience integrating MDE, Intune, and Sentinel
- Knowledge of application management and BYOD protection policies
- Familiarity with Defender for Cloud Apps and CASB controls
Salary (Rate): undetermined
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Senior Microsoft Security Architect
Remote
Duration- 12+ months to long term
We are seeking a Senior Microsoft Security Architect to design and implement end-to-end security solutions across the Microsoft ecosystem, focusing on identity, endpoint protection, and threat detection.
Key Responsibilities
- Design and enforce Conditional Access policies (risk-based, device, location) using Entra ID P2
- Implement identity security controls including MFA, passwordless authentication, FIDO2, and Identity Protection
- Manage Privileged Identity Management (PIM) with JIT access, role governance, and approval workflows
- Oversee identity governance including lifecycle workflows and entitlement management
- Deploy and manage Microsoft Defender suite (Endpoint, Office 365, Identity, Cloud Apps)
- Configure Endpoint security via Intune: Autopilot, device enrollment, compliance policies, and security baselines
- Implement Threat & Vulnerability Management and Attack Surface Reduction (ASR) strategies
- Lead Endpoint Detection & Response (EDR/XDR) investigations, response actions, and automation (AIR)
- Integrate MDE, Intune, and Sentinel for centralized monitoring and incident management
- Manage application deployment and BYOD protection (Win32 apps, MAM policies)
- Implement CASB controls, session policies, and shadow IT monitoring via Defender for Cloud Apps
Ideal Candidate
Hands-on architect with deep expertise in Zero Trust security, capable of integrating identity, endpoint, and threat protection controls into a scalable and automated enterprise security framework.
Skill Area | Key Capabilities |
Conditional Access | Design policies (risk-based, device, location) |
Entra ID P2 Features | Risk-based MFA, Identity Protection, Access Reviews |
Privileged Identity Management (PIM) | JIT elevation, role governance, approval workflows |
Authentication | MFA (phishing-resistant), passwordless, FIDO2 |
External Identity | B2B/B2C collaboration controls |
Identity Governance | Lifecycle workflows, entitlement mgmt |
Defender for Endpoint (MDE) | Deployment, onboarding, sensor health |
Threat & Vulnerability Mgmt | Exposure scoring, remediation planning |
Attack Surface Reduction | ASR rules, device control, exploit protection |
Endpoint Detection & Response | Investigation, response actions, automation |
Integration | MDE + Intune + Sentinel correlations |
Device Enrollment | Autopilot, hybrid join, Azure AD join |
Compliance Policies | Conditional access integration |
Configuration Profiles | Baselines, security hardening |
Application Management | Win32, M365 apps, patching strategy |
Mobile Application Mgmt (MAM) | BYOD app protection policies |
Defender for Office 365 | Safe Links, Safe Attachments, anti-phish |
Defender for Identity | On-prem AD monitoring, lateral movement detection |
Defender for Cloud Apps | CASB, session controls, shadow IT |
XDR Integration | Cross-workload correlation, incident mgmt |
Automation | Automated investigation and response (AIR) |
JIT Access | PIM design and enforcement |