Senior Security Engineer

Company: Mitra AI
Apply for the Senior Security Engineer
Location:
Job Description:

About the Role

We are looking for a Security Engineer/ Senior Security Engineer to join our Managed Security Services team, supporting a key client engagement in the US. You will play a hands-on role in executing a structured security improvement program aligned with industry frameworks. This is a great opportunity for an engineer who wants to move beyond reactive security work and contribute to building a mature, well-governed security program from the ground up. The initial focus will be a structured 9-month client engagement, after which you will continue to contribute to ongoing security work across our client portfolio.

What You’ll Be Working On

You will be directly responsible for the technical execution of the following workstreams:

  • Asset & Device Management — Building and maintaining a comprehensive inventory of endpoints, servers, network devices, and cloud resources. Enrolling and managing corporate devices in Microsoft Intune, defining compliance policies, and operationalizing automated discovery and alerting.
  • Software Governance — Cataloguing all software in use, packaging and deploying applications via Intune, and supporting the rollout of a SaaS governance process including shadow IT detection through Defender for Cloud Apps.
  • Secure Configuration — Defining and deploying security baselines for Windows endpoints and servers aligned with industry benchmarks. Managing phased rollouts, monitoring configuration drift, and incrementally hardening critical workloads across the environment.
  • Data Protection — Supporting data flow mapping exercises across key business processes, documenting systems, access points, and protections, and validating encryption and access controls across sensitive data flows.
  • Account Management — Building complete account inventories across Entra ID, Active Directory, and standalone systems. Conducting privileged access reviews, cleaning up dormant accounts, and operationalizing account lifecycle processes.
  • MFA & Password Security — Deploying and enforcing phishing-resistant MFA for privileged accounts via Conditional Access, rolling out SSPR with password writeback to on-premises AD, and deploying Azure AD Password Protection across the domain.

We’re Looking For

Required:

  • 2–4 years of hands-on experience in a security engineering or role
  • Strong working knowledge of Microsoft Intune, including:
  • Device enrolment across Windows, macOS, iOS, and Android
  • Creating and managing device compliance policies and configuration profiles
  • Application deployment — packaging Win32 apps, deploying required and available apps, managing the Company Portal
  • Managing software updates via Windows Update for Business and Intune update rings
  • Conditional Access integration — enforcing device compliance as a condition for corporate resource access
  • Intune reporting, compliance dashboards, and remediation workflows
  • Strong working knowledge of Microsoft Entra ID (Azure AD), including:
  • User and group lifecycle management — creation, modification, deactivation, and deletion
  • Privileged role assignments and role-based access control (RBAC)
  • Conditional Access policy design and enforcement — MFA requirements, device compliance, sign-in risk, named locations
  • Multi-Factor Authentication — deploying and enforcing phishing-resistant MFA methods including FIDO2 security keys, Windows Hello for Business, and Microsoft Authenticator passwordless authentication
  • Self-Service Password Reset (SSPR) configuration, including password writeback to on-premises Active Directory
  • Entra ID Password Protection — banned password lists, audit and enforcement modes
  • Identity Protection — risk-based Conditional Access, leaked credential detection
  • Privileged Identity Management (PIM) concepts and just-in-time access principles
  • Application registrations, service principals, and managed identities
  • Experience with Active Directory administration in hybrid identity environments, including group policy, privileged group management, and Entra Connect Sync
  • Familiarity with the broader Microsoft security stack — Defender for Endpoint, Defender for Cloud Apps, Defender for Identity, and Microsoft Purview
  • Familiarity industry security frameworks such as NIST CSF and CIS Critical Security Controls
  • Strong documentation skills — you will be producing evidence, process guides, and configuration records throughout the engagement
  • Ability to work independently and manage your own workload across parallel workstreams
  • Good communication skills — you will be collaborating closely with an onshore lead and interfacing with client IT teams

Nice to Have:

  • Familiarity with SOC 2 or similar compliance frameworks
  • Experience in a Managed Services Provider (MSP) environment

Certifications

The following certifications are highly regarded for this role. Candidates who hold one or more of these will be looked upon favourably, though they are not a strict requirement:

  • ISC2 SSCP (Systems Security Certified Practitioner)
  • Microsoft 365 Certified: Endpoint Administrator Associate (MD-102)
  • Microsoft Certified: Identity and Access Administrator Associate (SC-300)
  • Microsoft Certified: Windows Server Hybrid Administrator Associate (AZ-800)
  • Microsoft Certified: Cybersecurity Architect Expert (SC-100)

Kindly note that the working hours overlap with the US timeframe: 1:30 PM to 10:30 PM (IST).

Posted: March 26th, 2026

Similar Jobs: