Sr. Staff Technical Program Manager – M365/Endpoint Security

About The Position

Requirements

• Bachelor’s degree from an accredited university or college with 5+ years of professional experience; OR associate’s degree with 8+ years; OR High School Diploma with 10+ years.
• 5+ years in Program Management or IT.
• 3+ years in Cyber Architecture, endpoint management, and/or incident response.
• Legal authorization to work in the U.S. is required.
• Deep experience with Microsoft 365 security in multi‑tenant environments: Defender for Endpoint/XDR, Microsoft Endpoint Manager/Intune, SCCM, Azure AD/Entra ID, Conditional Access..
• Hands‑on leadership in device posture assessment, EDR/XDR tuning, policy baselining, and telemetry integration for Threat/Response operations.
• Strong grasp of Zero Trust principles across identity, device, network, and data; ability to translate them into practical enterprise controls and operating standards.
• Automation/orchestration proficiency (e.g., PowerShell, Intune scripting, Defender workflows; familiarity with Microsoft Sentinel analytics/playbooks/KQL).
• Experience leading risk remediation at scale, with measurable improvements in control coverage, detection quality, and response efficiency.

Nice To Haves

• Architecture/governance experience across SaaS, Private Cloud, and On‑Prem; familiarity with SSPM (SaaS Security Posture Management) concepts.
• Knowledge of security frameworks and controls (e.g., NIST CSF, NIST SP 800‑171, CIS Controls, ISO/IEC 27001) and regulated environments (e.g., aerospace/defense, ITAR).
• Prior experience in large, federated enterprises and complex tenant programs.
• Exposure to SIEM/SOAR (e.g., Microsoft Sentinel/Spunk) and enterprise workflow platforms (e.g., ServiceNow).
• Operates effectively in a large matrixed organization; builds consensus and influences senior stakeholders.
• Strong communicator—able to translate complex technical concepts into clear, outcome‑focused narratives for executives and engineers alike.
• Resourceful and resilient; anticipates obstacles, identifies pragmatic workarounds, and rallies cross‑functional teams.
• Analytical and disciplined problem solver; applies critical thinking to drive high‑value decisions with data.
• Energetic, self‑motivated, and comfortable working with minimal supervision while maintaining high accountability for outcomes.

Responsibilities

• Define the multi‑tenant Microsoft 365 security roadmap and standards, including Defender, Intune/Microsoft Endpoint Manager, SCCM, Purview, and Identity/Conditional Access.
• Lead Zero Trust alignment for identity, device, and data, including device posture assessment, CA policies, risk‑based access, and least‑privilege models.
• Design endpoint security reference architectures and patterns for EDR/XDR modernization (Defender for Endpoint/XDR), telemetry, and response integration.
• Establish security architecture guardrails and reusable patterns for SaaS, Private Cloud, and On‑Prem environments; advise on SSPM (SaaS Security Posture Management) practices.
• Build and run the program operating model (KPI/KRI, roadmaps, intake/backlog, governance), ensuring on‑time delivery across multiple tenants and business units.
• Lead complex, cross‑functional initiatives with clear scope, milestones, funding/budget alignment, and dependency management.
• Drive risk remediation campaigns at scale with Endpoint, Identity, Data Protection, and Cloud Platform teams; ensure policy adoption and operational handoffs.
• Provide hands‑on technical leadership for high‑impact efforts (POCs, control design, tuning, pilot deployments); coach engineering teams on best practices.
• Define policy and configuration guidance for Intune, SCCM, and Defender; oversee change management and production rollout standards.
• Guide automation/orchestration using PowerShell, Intune scripting, Defender workflows, and Sentinel (KQL, analytics, playbooks) to improve signal quality and response.
• Build processes and logical interfaces with Cyber Threat & Response teams to strengthen detection/prevention across endpoints, identity, and data controls.
• Support cyber investigations and enterprise initiatives by ensuring telemetry completeness, control efficacy, and rapid containment pathways.
• Define risk‑based metrics (e.g., device posture compliance, CA policy coverage, EDR/XDR signal quality, and executive reporting.
• Benchmark GE Aerospace capabilities against internal and industry standards; drive continuous improvement via NIST CSF, NIST SP 800-171, CIS Controls, and internal policies.
• Partner with Aerospace CIO teams to align operating models, integrate with ServiceNow/workflows, and sustain operational stability across lifecycle phases.

Benefits

• GE Aerospace offers comprehensive benefits and programs to support your health and, along with programs like HealthAhead, your physical, emotional, financial and social wellbeing.
• Healthcare benefits include medical, dental, vision, and prescription drug coverage; access to a Health Coach from GE Aerospace; and the Employee Assistance Program, which provides 24/7 confidential assessment, counseling and referral services.
• Retirement benefits include the GE Aerospace Retirement Savings Plan, a 401(k) savings plan with company matching contributions and company retirement contributions, as well as access to Fidelity resources and planning consultants.
• Other benefits include tuition assistance, adoption assistance, paid parental leave, disability insurance, life insurance, and paid time-off for vacation or illness.