Skill Set
- IAM expertise: RBAC, access reviews, identity lifecycle, SSO, MFA, conditional access, PAM, Zero Trust
- Endpoint security: EDR/XDR, MDM/UEM, hardening, patching, compliance, and incident response
- Data protection: DLP, data classification, sensitivity labelling, retention policies, regulatory compliance
- Email & collaboration security: phishing/BEC detection, malware analysis, URL protection, SharePoint/OneDrive security
- Automation: user/device provisioning & deprovisioning, security workflows, basic scripting (PowerShell/Python)
- Incident response: ransomware, phishing, malware, identity threats, and data loss events
- Governance & risk: security metrics, reporting, audits, risk assessments, and policy enforcement
- Strong analytical skills, problem-solving, cross-team collaboration, and continuous security improvement
Responsibilities
Identity Security
Implement and support identity and access management (IAM) processes, including:
- Role-based access control (RBAC) assignments
- Access reviews and certifications
- Group and permission management
Support and maintain:
- Single Sign-On (SSO) integrations
- Multi-Factor Authentication (MFA) enforcement
- Conditional access policies
Assist in the administration of:
- Privileged Access Management (PAM) solutions
- Identity Governance processeS
- Perform periodic access reviews and identify excessive or inappropriate privileges.
- Support the enforcement of least privilege and Zero Trust principles.
- Collaborate with all teams to ensure correct access provisioning and governance.
Endpoint Security
Operate and maintain endpoint security tools including:
- Endpoint Detection and Response (EDR/XDR)
- Anti-malware solutions
- Mobile Device Management (MDM) / UEM platforms
- Assist with endpoint hardening and configuration baselines.
- Support patching and vulnerability remediation efforts in collaboration with infrastructure teams.
- Ensure endpoint compliance with organizational security policies.
- Assist in device onboarding, provisioning, and secure configuration.
- Support incident response activities related to compromised or non-compliant devices.
Drive automation of:
- Endpoint provisioning and de-provisioning
- User provisioning and de-provisioning
- Compliance monitoring
- Threat containment and isolation workflows
Data Protection
Implement and operate Data Loss Prevention (DLP) capabilities across endpoints, email, and collaboration platforms
Assist in the implementation and management of:
- Data classification and sensitivity labelling
- Data protection policies across email, file storage, and endpoints
- Data lifecycle and retention controls
- Support enforcement of data protection policies aligned with business and regulatory requirements.
Email Security
Operate and maintain email security controls (e.g. Mimecast or similar platforms), including:
- Anti-phishing and impersonation protection
- Anti-malware and attachment scanning
- URL protection and link rewriting
Monitor and investigate email security alerts, including:
- Phishing attempts
- Business Email Compromise (BEC)
- Malicious attachments and links
- Assist in tuning email security policies to improve detection and reduce false positives.
Collaborate across the business to reduce risks associated with account compromise and email-based attack vectors.
Collaboration & Data Exposure Controls
Assist in securing collaboration platforms (e.g. SharePoint, OneDrive, file shares), including:
- External sharing controls
- Data access restrictions
- Misconfiguration and exposure risk identification
- Investigate and respond to security incidents and escalations across identity, endpoint, data protection, and email domains, including ransomware, malware outbreaks, device compromise investigations, DLP events, and phishing attempts.
Governance, Metrics & Risk
Assist in tracking and reporting on key metrics such as:
- MFA adoption
- Endpoint compliance
- Patch status
- Access review completion
- Data classification and labelling
- Email security statistics
- Document incidents, findings, and remediation actions
- Support audit activities and provide evidence for identity and endpoint controls
- Identify opportunities for automation and process improvements
- Stay up to date with emerging threats and vulnerabilities related to identity and endpoints
- Conduct risk assessments related to identity systems and endpoint environments
- Research and conduct proof of concepts for new identity and endpoint security technologies
- Continuously assess emerging threats such as identity-based attacks, phishing, token theft, ransomware, and zero-day exploits
Qualifications
Required Qualifications
- 3–5 years of experience in identity security, endpoint security, or IT security roles.
Hands-on experience with:
- Microsoft Entra ID / Azure AD or equivalent IAM platforms
- Active Directory (on-prem and hybrid)
- SSO and MFA implementations
- PAM solutions
- EDR/XDR platforms
- MDM/UEM solutions
- Endpoint hardening and security baselines
- Data Loss Prevention (DLP) technologies
- Email security platforms (e.g. Mimecast or similar)
Solid understanding of:
- Zero Trust Concepts
- Identity and access management principles
- Endpoint security and hardening
- Access control models (RBAC, ABAC)
- Scripting/automation (PowerShell, Python, Bash, etc.)
- Log analysis, security monitoring, and incident response
- Experience with incident investigation and troubleshooting