DCM Infotech LimitedRemote
Senior Microsoft Security Architect (Entra ID, Defender & Intune)
Remote
Contract
1 week ago
Key skills
AzureAzure ADEntra IDIdentity ManagementCollaborationZero Trust
About this role
Senior Microsoft Security Architect
Remote
Duration- 12+ months to long term
We are seeking a Senior Microsoft Security Architect to design and implement end-to-end security solutions across the Microsoft ecosystem, focusing on identity, endpoint protection, and threat detection.
Key Responsibilities
- Design and enforce Conditional Access policies (risk-based, device, location) using Entra ID P2
- Implement identity security controls including MFA, passwordless authentication, FIDO2, and Identity Protection
- Manage Privileged Identity Management (PIM) with JIT access, role governance, and approval workflows
- Oversee identity governance including lifecycle workflows and entitlement management
- Deploy and manage Microsoft Defender suite (Endpoint, Office 365, Identity, Cloud Apps)
- Configure Endpoint security via Intune: Autopilot, device enrollment, compliance policies, and security baselines
- Implement Threat & Vulnerability Management and Attack Surface Reduction (ASR) strategies
- Lead Endpoint Detection & Response (EDR/XDR) investigations, response actions, and automation (AIR)
- Integrate MDE, Intune, and Sentinel for centralized monitoring and incident management
- Manage application deployment and BYOD protection (Win32 apps, MAM policies)
- Implement CASB controls, session policies, and shadow IT monitoring via Defender for Cloud Apps
Ideal Candidate
Hands-on architect with deep expertise in Zero Trust security, capable of integrating identity, endpoint, and threat protection controls into a scalable and automated enterprise security framework.
Skill Area
Key Capabilities
Conditional Access
Design policies (risk-based, device, location)
Entra ID P2 Features
Risk-based MFA, Identity Protection, Access Reviews
Privileged Identity Management (PIM)
JIT elevation, role governance, approval workflows
Authentication
MFA (phishing-resistant), passwordless, FIDO2
External Identity
B2B/B2C collaboration controls
Identity Governance
Lifecycle workflows, entitlement mgmt
Defender for Endpoint (MDE)
Deployment, onboarding, sensor health
Threat & Vulnerability Mgmt
Exposure scoring, remediation planning
Attack Surface Reduction
ASR rules, device control, exploit protection
Endpoint Detection & Response
Investigation, response actions, automation
Integration
MDE + Intune + Sentinel correlations
Device Enrollment
Autopilot, hybrid join, Azure AD join
Compliance Policies
Conditional access integration
Configuration Profiles
Baselines, security hardening
Application Management
Win32, M365 apps, patching strategy
Mobile Application Mgmt (MAM)
BYOD app protection policies
Defender for Office 365
Safe Links, Safe Attachments, anti-phish
Defender for Identity
On-prem AD monitoring, lateral movement detection
Defender for Cloud Apps
CASB, session controls, shadow IT
XDR Integration
Cross-workload correlation, incident mgmt
Automation
Automated investigation and response (AIR)
JIT Access
PIM design and enforcement