Staff Security Operations Engineer

SandiskIrvine, CA
$124,837 - $206,793Hybrid

About The Position

This role is primarily focused on driving the Microsoft Entra ID device migration and providing Entra ID engineering support across the organization. The Staff Security Operations Engineer serves as a key technical driver for migrating devices into Entra ID and as a hands-on engineering resource for the Entra ID (Azure AD) platform. Supporting identity and access management technologies - multi-factor authentication (Duo MFA and Windows Hello for Business), mobile device management, and Active Directory - make up the secondary scope of the role.

Requirements

  • BA or BS in Information Technology, Computer Science, Information Security, or a related field. Equivalent hands-on experience in IAM may be considered in lieu of a degree.
  • Relevant certifications such as Microsoft Certified: Identity and Access Administrator, Microsoft Certified: Endpoint Administrator, Certified Information Systems Security Professional (CISSP), or DUO Security Administrator are desirable.
  • 6+ years of experience in IT or Information Security, with a focus on identity and access management.
  • 3+ years of direct, hands-on experience with Microsoft Entra ID (Azure AD), including device migration and engineering support.
  • Experience working with Duo MFA, Windows Hello for Business, Microsoft Intune, and Active Directory.
  • Hands-on experience driving device migrations into Entra ID, including Entra ID join and hybrid Entra ID join.
  • Engineering-level experience administering Entra ID, including Conditional Access, Identity Protection, SSO, app registrations, and enterprise applications.
  • Experience with Microsoft Entra Connect (Azure AD Connect) for hybrid identity synchronization between on-prem AD and Entra ID.
  • Ability to configure, enforce, and troubleshoot Entra ID policies across diverse applications, devices, and systems.
  • Experience administering and managing Duo MFA and Windows Hello for Business, or similar authentication platforms.
  • Ability to configure, enforce, and troubleshoot MFA policies across diverse applications and systems.
  • Knowledge of MS Intune platforms and their integration with IAM systems for device security and policy enforcement.
  • Experience managing devices in an enterprise setting, focusing on compliance and access control.
  • Experience managing user accounts, group policies, and organizational units in Active Directory.
  • Familiarity with hybrid identity environments and synchronization between on-prem AD and Entra ID.
  • PowerShell and Microsoft Graph scripting skills to automate identity and device tasks such as provisioning, migration, reporting, and troubleshooting.
  • Familiarity with security information and event management (SIEM) tools for monitoring identity-related logs and events.
  • Experience generating audit reports for compliance purposes.
  • Proficiency in using PowerShell and Microsoft Graph to automate identity and device tasks, generate reports, and troubleshoot issues.
  • Expertise in administering Entra ID for device migration, Conditional Access, SSO, and identity engineering.
  • Experience with synchronization between on-prem AD and Entra ID for seamless hybrid identity management.
  • Experience configuring and maintaining Duo MFA and Windows Hello for Business for secure multi-factor authentication.
  • Experience with leading MDM tools such as Microsoft Intune, or equivalent, for device management and security.
  • Familiarity with SIEM platforms (e.g., Devo) for monitoring and auditing identity events and security logs.

Nice To Haves

  • Equivalent hands-on experience in IAM may be considered in lieu of a degree.
  • Relevant certifications such as Microsoft Certified: Identity and Access Administrator, Microsoft Certified: Endpoint Administrator, Certified Information Systems Security Professional (CISSP), or DUO Security Administrator are desirable.
  • Python (optional): Familiarity with Python for advanced IAM automation and integration tasks.

Responsibilities

  • Drive and lead the migration of devices into Microsoft Entra ID, including Entra ID join and hybrid Entra ID join scenarios.
  • Plan, schedule, and execute device migration waves from on-premises Active Directory / hybrid configurations to Entra ID, with minimal disruption to end users.
  • Develop migration runbooks, rollback plans, validation checklists, and success criteria for each migration phase.
  • Coordinate with endpoint, IT, and security teams to align device readiness, Conditional Access, and compliance requirements ahead of migration.
  • Troubleshoot device join, registration, enrollment, and Conditional Access issues encountered during migration.
  • Track migration progress, report on adoption metrics, and continuously refine the migration approach.
  • Provide engineering-level administration and operational support for the Microsoft Entra ID (Azure AD) platform.
  • Configure and manage Conditional Access policies, Identity Protection, single sign-on (SSO), app registrations, and enterprise applications.
  • Support hybrid identity using Microsoft Entra Connect (Azure AD Connect), ensuring reliable synchronization between on-premises AD and Entra ID.
  • Act as the technical escalation point for Entra ID incidents, identifying root causes and implementing durable solutions.
  • Automate Entra ID administration, reporting, and provisioning tasks using PowerShell and Microsoft Graph.
  • Maintain documentation, runbooks, and operational procedures for the Entra ID environment.
  • Administer and manage the organization’s MFA platforms, including Duo MFA and Windows Hello for Business.
  • Implement and enforce MFA policies across the organization, ensuring integration with various applications and systems.
  • Monitor MFA performance, troubleshoot issues, and handle escalations related to authentication failures or policy violations.
  • Support the administration of the Intune platform security, Conditional Access and Compliance, and RBAC/PIM/MAA Governance.
  • Work with IT teams to ensure all mobile devices comply with organizational security policies and access controls.
  • Provide support for Active Directory, managing user accounts, group policies, and organizational units.
  • Support hybrid identity integration between on-premises AD and Entra ID using Microsoft Entra Connect.
  • Troubleshoot and resolve issues related to AD/Entra ID authentication and access provisioning.
  • Continuously evaluate and improve IAM processes related to Entra ID, device migration, MFA, and AD to enhance security and user experience.
  • Automate routine identity management tasks and workflows to increase efficiency and reduce manual errors.
  • Act as the technical escalation point for identity-related incidents involving Entra ID, device migration, Duo MFA, Windows Hello for Business, and other IAM systems.
  • Investigate, troubleshoot, and resolve IAM issues, working closely with other teams to identify root causes and implement solutions.
  • Ensure IAM solutions meet compliance requirements such as SOX, etc.
  • Generate reports for auditing purposes and provide insights into the security posture of identity systems.
  • Collaborate with security, IT, and compliance teams to define and implement identity governance frameworks.
  • Develop and maintain comprehensive documentation for all IAM solutions, policies, and procedures.
  • Provide training to end-users and technical staff on IAM best practices, focusing on Entra ID, MFA, and other key services.
  • Stay up-to-date with industry trends and emerging technologies to continuously enhance the organization’s IAM capabilities.

Benefits

  • paid vacation time
  • paid sick leave
  • medical/dental/vision insurance
  • life, accident and disability insurance
  • tax-advantaged flexible spending and health savings accounts
  • employee assistance program
  • other voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident and hospital indemnity
  • tuition reimbursement
  • transit
  • the Applause Program
  • employee stock purchase plan
  • Sandisk's Savings 401(k) Plan
  • Short-Term Incentive (STI) Plan
  • annual Long-Term Incentive (LTI) program
  • restricted stock units (RSUs) or cash equivalents
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service