Senior / IT Infra Engineer (Identity and Security)

Job Description & Requirements

Job Description & Requirements

• Avensys is a reputed global IT professional services company headquartered in Singapore. Our service spectrum includes enterprise solution consulting, business intelligence, business process automation and managed services. Given our decade of success we have evolved to become one of the top trusted providers in Singapore and service a client base across banking and financial services, insurance, information technology, healthcare, retail, and supply chain.

We are currently looking to hire Senior / IT Infra Engineer (Unified Endpoint Management)

• This is an exciting opportunity to expand your skill set, achieve job satisfaction and work-life balance. More details as below.
• As a Senior / IT Infra Engineer focusing on Identity and Security, you will be the primary engineer for our Zero Trust ecosystem. You will lead the end-to-end design and implementation of both a secure endpoint environment centre heavily on Data Loss Prevention (DLP), Endpoint Protection Platforms (EPP), and Endpoint Detection and Response (EDR) and identity-driven access governance utilizing on-premises Active Directory (AD) and cloud-native Entra. Your mission is to ensure that every user, device, and application within the Microsoft 365 cloud ecosystem is verified, seamlessly managed throughout the identity lifecycle, and continuously monitored against evolving threats.

Key Responsibilities

• Identity & Access Governance
• Design and architect Entra ID (Azure AD) solutions, focusing on Conditional Access policies, Privileged Identity Management (PIM), and Identity Protection to enforce least-privileged access.
• Manage complex Identity Lifecycle processes, ensuring seamless and secure integration between on-premises Active Directory and cloud-native identity providers.
• Implement and maintain Passwordless authentication and Multi-Factor Authentication (MFA) strategies to eliminate credential-based vulnerabilities.
• Security Engineering & Threat Protection
• Work with security team to engineer and operate the Microsoft Defender for Endpoint and Defender for Ofice 365 suites (EPP/EDR) to proactively hunt for threats and remediate vulnerabilities across the fleet.
• Deploy and manage Microsoft Purview for information protection, Data Loss Prevention (DLP), and eDiscovery, ensuring sensitive corporate data remains governed and compliant.
• Develop automated response playbooks using PowerShell and Microsoft Graph API to neutralize security incidents in real-time.
• Identity & Access Governance
• Design and architect Entra ID (Azure AD) solutions, focusing on Conditional Access policies, Privileged Identity Management (PIM), and Identity Protection to enforce least-privileged access.
• Implement and maintain Passwordless authentication and Multi-Factor Authentication (MFA) strategies to eliminate credential-based vulnerabilities.
• Lead the identity and access design for enterprise-wide rollouts, ensuring robust authentication mechanisms are baked into every deployment.
• Act as the primary technical liaison for Cybersecurity Audits, providing data-driven evidence of compliance regarding identity lifecycles and access control.
• Mentor the team on security best practices, conducting knowledge-sharing sessions on the latest Entra features and identity threat landscapes.
• Automation & Observability
• Automation: Engineer for scalability by building reusable automation and utilizing PowerShell scripting and related tools like PowerBI, Dynatrace and Axonius to monitor service health and reporting to derive insights.
• Scripting & API: Use PowerShell, Bash, and Python to automate repetitive tasks and interact with the Microsoft Graph API for custom reporting.
• Fleet Analytics: Utilize KQL and Endpoint Analytics to monitor device health, battery wear, and application performance across the entire estate.
• Self-Service: Develop and maintain Self-Service portals for both staff and students to empower users and reduce helpdesk ticket volume.
• General Responsibilities
• Engage stakeholders to translate business requirement into design and services to meet the intended availability, capacity, resiliency, security and continuity requirements.
• Forecast budget needed to support the project initiatives and maintenance contracts.
• Ensure MOE's related Technical Architecture are in compliance with IM8 and Agency's IT Policies and Standards.
• Manage day-to-day delivery and support of application infrastructure services and collaborate with other government agencies and central services teams to facilitate and deliver government-wide services.
• Leadership & Strategic Compliance
• Lead the security design for enterprise-wide software rollouts, ensuring Security by Design is baked into every deployment.
• Act as the primary technical liaison for Cybersecurity Audits, providing data-driven evidence of compliance with global security standards (e.g., ISO 27001, SOC2).
• Mentor the team on security best practices, conducting regular knowledge-sharing sessions on the latest M365 security features and threat landscapes.
• What We Are Looking For
• Identity Expertise: Technical mastery of both on-premises Active Directory and cloud-native Entra ID, including B2B/B2C scenarios, App Registrations, and Enterprise Applications.
• Security Stack Mastery: Proven experience implementing the full Microsoft 365 Defender suite and Microsoft Purview, encompassing DLP, EDR, EPP, and identity security capabilities.
• Automation-First Mindset: Proficiency in PowerShell and MS Graph API for comprehensive security and identity auditing, as well as automated threat remediation.
• Analytical Rigor: Ability to synthesize complex security and identity logs into actionable risk recommendations for executive leadership.
• Preferred Certifications: SC-100 (Microsoft Cybersecurity Architect), SC-300 (Microsoft Identity and Access Administrator), MS-500 (Microsoft 365 Security Administration), and CISSP or an equivalent security-focused accreditation.

WHAT'S ON OFFER

You will be remunerated with an excellent base salary and entitled to attractive company benefits. Additionally, you will get the opportunity to enjoy a fun and collaborative work environment, alongside a strong career progression.

To submit your application, please apply online or email your UPDATED CV in Microsoft Word formatto [Confidential Information]. Your interest will be treated with strict confidentiality.

CONSULTANT DETAILS

Consultant Name: Varra Chaitanya

Reg No: R1765546

Avensys Consulting Pte Ltd

EA License 12C5759

Privacy Statement: Data collected will be used for recruitment purposes only. Personal data provided will be used strictly in accordance with the relevant data protection law and Avensys privacy policy.