Kerja Sepenuh Masa, Information Technology Operations Engineer di Confidential Jobs - Maukerja

Position Overview

We are seeking a hands-on, security-minded IT Operations Engineer to own day-to-day operations across our cloud-only Microsoft estate (fully Entra ID, no on-prem Active Directory). You will administer and protect Microsoft Entra ID, Intune, Microsoft 365, and Azure, operate Microsoft Defender XDR, and support data-protection and incident-response activities, while keeping end-user services available and well-documented. A central part of the role is planning and executing OS and application updates that minimize business disruption and run under least privilege. You will work closely with the security function and external vendors to ensure the environment stays secure, compliant, and performant.

Key Responsibilities

Change & Patch Management - Primary Focus

• Devise and execute change plans for OS and application updates across endpoints and Azure server workloads that minimize business disruption - through testing, phased / ring-based rollout, scheduled maintenance windows, and clear rollback plans.
• Execute all changes under least privilege: just-in-time elevation via PIM, scoped service identities, and no standing administrative access.
• Track and remediate patch compliance using Intune (Windows Update for Business / update rings) and Azure update tooling, with documented change records and back-out procedures.
• Communicate and coordinate maintenance: align windows with stakeholders, set clear expectations, and report on update status and exceptions.

Identity & Access Management - Microsoft EntraID

• Administer Entra ID: users, groups, dynamic membership, role assignments, and Azure RBAC.
• Design and maintain Conditional Access, MFA, and Identity Protection risk policies.
• Operate Privileged Identity Management (PIM): just-in-time elevation and periodic access reviews.
• Administer Enterprise Applications: SAML/OIDC single sign-on, SCIM provisioning, and application consent / permission governance to control application attack surface.
• Run the joiner-mover-leaver lifecycle: provisioning and deprovisioning, group membership updates, and access reviews across Entra and connected business systems.
• Automate the identity lifecycle: provisioning, deprovisioning, and access-review workflows scripted with PowerShell and Microsoft Graph.

Endpoint Management - Microsoft Intune

• Manage the device lifecycle via Intune: enrolment, compliance policies, configuration profiles, app deployment, and remote remediation across Windows, iOS, and Android.
• Manage device configuration policy in Intune: administrative templates and the settings catalogue - the Group Policy-equivalent controls for our cloud-only, Entra-joined estate.
• Enforce security baselines: disk encryption (BitLocker), attack-surface-reduction rules, and device hardening aligned to policy.

Microsoft 365 Administration

• Administer Exchange Online, SharePoint Online, Teams, and OneDrive: mailboxes, shared resources, collaboration settings, and license management.
• Configure mail flow, retention, and collaboration governance in line with security and compliance requirements.

Microsoft Azure Operations

• Operate and monitor Azure resources: virtual machines, storage accounts, virtual networks, and resource groups for availability, cost efficiency, and security posture.
• Apply least-privilege access via Azure RBAC; support resource tagging and basic cost governance.

Security Operations - Microsoft Defender XDR & Data Protection

• Operate Microsoft Defender XDR across Defender for Endpoint, Office 365, Identity, and Cloud Apps: triage alerts, investigate incidents, and apply containment.
• Use Advanced Hunting (KQL) to investigate suspicious activity and support detection improvements.
• Administer endpoint DLP and insider-threat monitoring.
• Support hardening across identity, endpoint, and cloud aligned to the organization’s security-first operating model.

Incident Response & Service Management

• Support incident response: identification, containment, eradication, and recovery; collect logs and evidence and escalate to the security team as needed.
• Provide L1/L2 end-user support for hardware, software, access, and connectivity issues across Windows environments.
• Manage internal support tickets through the IT service-management system to agreed service levels, with clear and timely user communication.
• Maintain IT asset inventory: hardware, software licenses, and equipment assignments.

Documentation, Compliance & Improvement

• Produce and maintain SOPs, knowledge-base articles, checklists, and runbooks.
• Support compliance initiatives (e.g., ISO 27001) by implementing technical controls and collecting audit evidence.
• Drive continual improvement: identify recurring issues, capture root causes, and propose technical or process enhancements.
• Participate in on-call / after-hours rotation for priority incidents and planned maintenance, where applicable

Qualifications & Requirements

• Education: Diploma or Bachelor’s degree in Information Technology, Computer Science, Information Systems, or a related field.
• Relevant Microsoft certifications are strongly advantageous (see below).
• Experience: 4-6+ years in IT operations, system administration, or cloud administration, with a clear security focus.
• Hands-on production experience administering Microsoft Entra ID, Intune, Microsoft 365,and Azure.
• Hands-on experience operating Microsoft Defender XDR (Endpoint, Office 365, Identity, Cloud Apps).
• Scripting and automation with PowerShell and Microsoft Graph for administration, reporting, and bulk operations (a core expectation, not a nice-to-have).
• Experience operating a cloud-only Entra ID estate and delivering device policy through Intune (configuration profiles, administrative templates, settings catalog).
• Exposure to security incident handling (malware, phishing, suspicious sign-ins) and data-protection / DLP concepts.

Certifications (Target / Advantageous)

• SC-300 - Microsoft Identity and Access Administrator
• MD-102 - Microsoft 365 Endpoint Administrator
• AZ-104 - Microsoft Azure Administrator
• SC-200 - Microsoft Security Operations Analyst (a plus)

Skills & Competencies

• Change & patch management (core): designing OS and application update plans that minimize disruption - testing, phased rollout, maintenance windows, rollback - and executing them under least privilege.
• Microsoft Entra ID: conditional access, MFA, Identity Protection, PIM, enterprise-app SSO, and consent/permission governance.
• Microsoft Intune: MDM/MAM policies, compliance baselines, configuration profiles, Autopilot, and app deployment.
• Microsoft 365 administration: Exchange Online, SharePoint Online, Teams, and OneDrive.
• Microsoft Azure: virtual machines, networking, storage, and RBAC fundamentals.
• Microsoft Defender XDR: alert triage, incident investigation, and KQL Advanced Hunting.
• Data protection: DLP and insider-threat monitoring concepts (specific tooling trainable).
• Automation: PowerShell and Microsoft Graph for day-to-day administration.
• Cloud-only Entra ID estate: device policy delivered through Intune administrative templates and the settings catalog (no on-prem Active Directory or Group Policy).
• Structured troubleshooting and root-cause analysis with clear documentation of steps and outcomes.
• Security-first mindset: understands the threat rationale behind identity, endpoint, cloud, and data-protection controls.
• Communication & service discipline: explains technical issues in business-friendly language and manages multiple tickets to SLA.
• Self-driven and reliable, comfortable working independently or on-site, representing the firm professionally.

What We Offer

• Competitive salary with performance-based bonus.
• Medical and dental coverage.
• Professional development budget and certification support (e.g., Microsoft SC-300, MD-102, AZ-104, SC-200).
• Flexible hybrid work arrangement.
• Clear career progression within the IT, cloud, and security practice.