Systems Engineer

• Designs and implements solutions across multiple Microsoft 365 workloads with measurable reliability and security gains.
• Influences standards through engineering, documentation, and peer reviews.
• Partners with Cyber and Network to deliver end-to-end outcomes (identity, device posture, secure access).

• Engineer Intune baselines (compliance, configuration, update rings), Autopilot, app packaging/lifecycle.
• Automate tenant tasks via PowerShell and Microsoft Graph; develop Azure Automation runbooks and schedules.
• Build SharePoint/Teams information architecture and governance (site templates, lifecycle, external access controls).
• Design and manage Exchange Online configurations: transport rules, connectors, accepted domains, anti-spam/phish posture (with Security).

• Integrate applications with OneLogin and/or Entra ID using SAML/OIDC and SCIM; implement role- and group-based access.
• Implement Conditional Access and device-based controls in partnership with Cyber.
• Execute Microsoft 365 Admin Center licensing provisioning at scale; optimize assignments and reclaim unused licenses.

• Author RFCs/CRs; perform impact analysis, pilots, staged rollouts, and backout plans.
• Create monitoring/health dashboards (Intune compliance, device posture, sign-in risk, Exchange mail flow).
• Contribute to audit evidence and control alignment (ISO/NIST/CIS) in collaboration with Cyber.

Required

• 4+ years in enterprise systems engineering focused on Microsoft 365 and Intune.
• Hands-on expertise with Exchange Online administration (mail flow, transport rules, connectors, shared mailboxes).
• Demonstrated automation with PowerShell and Microsoft Graph; experience creating Azure Automation runbooks.
• Experience with OneLogin or Entra ID app integrations (SAML/OIDC/SCIM) and Conditional Access.
• Proven experience with Microsoft 365 Admin Center licensing provisioning and lifecycle management.

Preferred

• SharePoint/Teams governance and lifecycle design.
• AWS WorkSpaces image engineering and policy integration.
• Exposure to DLP/Insider Risk and SIEM integrations (with Security).
• Certifications: MS-102, MD-102, SC-300, AWS Associate (nice-to-have).

• Intune/Autopilot, Windows/macOS/iOS/Android management.
• Exchange Online (mail flow, transport, connectors, anti-spam posture).
• Azure Automation, Azure Monitor, Log Analytics, PowerShell/Graph.
• OneLogin and Entra ID (SAML/OIDC, SCIM, Conditional Access).
• SharePoint/Teams administration and governance.

• Systems thinking; clear problem decomposition and documentation.
• Proactive risk management and crisp communication across teams.
• Bias for automation and measurable outcomes.

• ≥ 95% Intune compliance; ≤ 2% configuration drift across assigned scopes.
• Change success rate ≥ 98% with zero P1s caused by change.
• 30–40% automation coverage for repetitive tenant tasks; monthly health dashboards adopted by the team.
• Measured improvement to Exchange mail flow resiliency and phishing control efficacy (in partnership with Security).

• Microsoft 365 Admin Center, Exchange Admin Center, Intune/Autopilot, SharePoint/Teams Admin.
• Azure Automation, Azure Monitor, Log Analytics, PowerShell, Graph API, Git.
• Entra ID, OneLogin, AWS WorkSpaces, ServiceNow/Jira

.