Sr Engineer, IT Security (NTD)

About The Position

Requirements

• 8+ years in enterprise IT/Security engineering with deep hands-on experience in M365 administration, IAM operations, or endpoint security.
• Expert-level experience with M365 & Entra ID: Conditional Access, MFA/SSPR, PIM/PAM, app registrations, service principals, identity lifecycle.
• Expert-level experience with Endpoint Security: CrowdStrike Falcon or equivalent (policy design, RTR, detection tuning) across Win/macOS/Linux.
• Expert-level experience with Logging/SIEM: Splunk or equivalent (search, dashboards, alerting, detection engineering).
• Strong automation skills: PowerShell (Graph modules), Python, REST/Graph APIs; CI/CD and version control (Git).
• Proven track record delivering secure baselines at scale (Intune/Jamf/MDM).
• Proven track record leading incident response involving identity and endpoints.
• Deep understanding of Zero Trust, least privilege, RBAC, token flows (OAuth/OIDC), and modern auth (MSAL).
• Experience with compliance control design and audit support.
• Experience mentoring others and cultivating technical breadth and depth on a team.
• Bachelor or Master of Science degree in Engineering, Information Technology, or related field; or equivalent combination of education and experience.

Nice To Haves

• Fluency in Japanese

Responsibilities

• Implement and optimize Microsoft Entra Conditional Access, tenant security defaults, privileged access policies, and MFA/SSPR at scale.
• Operate and harden Microsoft Entra ID (Azure AD), including lifecycle governance, automated provisioning/deprovisioning, privileged identities (PIM), app registrations, and consent/permission reviews.
• Build and maintain RBAC/least-privilege access models for cloud and SaaS apps, implementing Just-In-Time access for administrators and sensitive roles.
• Integrate HRIS and identity sources for Joiner-Mover-Leaver flows, enforcing identity proofing and MFA step-up for high-risk transactions.
• Design and enforce data governance (labels, DLP, retention, eDiscovery/Legal Hold, insider risk signals) and collaboration controls (external sharing, guest access, B2B/B2C).
• Establish monitoring/alerting/SLAs for tenant and identity related services, leading incident response and developing IR playbooks in conjunction with IT Security Operations.
• Own the migration from an existing endpoint management system to a more robust solution, such as the CrowdStrike Falcon platform, for all endpoints, including sensor deployment/coverage, policy tuning, RTR workflows, and threat hunting guardrails.
• Lead efforts with platform engineers for OS-specific hardening baselines (CIS/NIST) and secure configuration, including BitLocker/FileVault/LUKS, kernel extension/driver policies, local admin control, and application allow/deny lists.
• Lead incident triage and response on endpoints, including containment, forensic collection, and post-incident hardening.
• Build and operationalize Splunk detections and dashboards integrating M365, Entra, CrowdStrike, Defender, Intune, and OS logs.
• Develop automated response playbooks to reduce MTTR.
• Create robust automation and self-service tooling for identity and endpoint operations.
• Maintain IaC for policy-as-code (e.g., Conditional Access, PIM role settings).
• Document runbooks, architecture diagrams, inventories, and SOPs; mentor engineers and drive operational maturity.
• Map controls to regulatory frameworks (SOX, J-SOX etc.) and support audits with evidence and narratives.
• Lead periodic access reviews, admin entitlement recertification, and break-glass account governance.
• Conduct tabletop exercises, disaster recovery testing, and security drills tied to identity and endpoint scenarios.

Benefits

• medical
• dental
• vision
• 401(k)
• paid time off
• semi-annual discretionary performance bonus