IT Infra Engineer (Identity and Security)

Job Title: Senior / IT Infra Engineer (Identity and Security)

Role Overview

We are seeking highly skilled and innovative engineer to join our transformative SSOE Programme that manages more than 350 schools across Singapore. This is an exceptional opportunity to shape the future of educational technology infrastructure and enhance the learning experience of more than 450,000 students and 35,000 education professionals.

As a Senior / IT Infra Engineer focusing on Identity and Security, you will be the primary engineer for our Zero Trust ecosystem. You will lead the end-to-end design and implementation of both a secure endpoint environment; centre heavily on Data Loss Prevention (DLP), Endpoint Protection Platforms (EPP), and Endpoint Detection and Response (EDR); and identity-driven access governance utilizing on-premises Active Directory (AD) and cloud-native Entra. Your mission is to ensure that every user, device, and application within the Microsoft 365 cloud ecosystem is verified, seamlessly managed throughout the identity lifecycle, and continuously monitored against evolving threats.

Key Responsibilities

• Identity & Access Governance
• Design and architect Entra ID (Azure AD) solutions, focusing on Conditional Access policies, Privileged Identity Management (PIM), and Identity Protection to enforce least-privileged access.
• Manage complex Identity Lifecycle processes, ensuring seamless and secure integration between on-premises Active Directory and cloud-native identity providers.
• Implement and maintain Passwordless authentication and Multi-Factor Authentication (MFA) strategies to eliminate credential-based vulnerabilities.
• Security Engineering & Threat Protection
• Work with security team to engineer and operate the Microsoft Defender for Endpoint and Defender for Office 365 suites (EPP/EDR) to proactively hunt for threats and remediate vulnerabilities across the fleet.
• Deploy and manage Microsoft Purview for information protection, Data Loss Prevention (DLP), and eDiscovery, ensuring sensitive corporate data remains governed and compliant.
• Develop automated response playbooks using PowerShell and Microsoft Graph API to neutralize security incidents in real-time.
• Identity & Access Governance
• Design and architect Entra ID (Azure AD) solutions, focusing on Conditional Access policies, Privileged Identity Management (PIM), and Identity Protection to enforce least-privileged access.
• Implement and maintain Passwordless authentication and Multi-Factor Authentication (MFA) strategies to eliminate credential-based vulnerabilities.
• Lead the identity and access design for enterprise-wide rollouts, ensuring robust authentication mechanisms are baked into every deployment.
• Act as the primary technical liaison for Cybersecurity Audits, providing data-driven evidence of compliance regarding identity lifecycles and access control.
• Mentor the team on security best practices, conducting knowledge-sharing sessions on the latest Entra features and identity threat landscapes.
• Automation & Observability
• Automation: Engineer for scalability by building reusable automation and utilizing PowerShell scripting and related tools like PowerBI, Dynatrace and Axonius to monitor service health and reporting to derive insights.
• Scripting & API: Use PowerShell, Bash, and Python to automate repetitive tasks and interact with the Microsoft Graph API for custom reporting.
• Fleet Analytics: Utilize KQL and Endpoint Analytics to monitor device health, battery wear, and application performance across the entire estate.
• Self-Service: Develop and maintain "Self-Service" portals for both staff and students to empower users and reduce helpdesk ticket volume.

General Responsibilities

• Engage stakeholders to translate business requirement into design and services to meet the intended availability, capacity, resiliency, security and continuity requirements.
• Forecast budget needed to support the project initiatives and maintenance contracts.
• Ensure MOE’s related Technical Architecture are in compliance with IM8 and Agency’s IT Policies and Standards.
• Manage day-to-day delivery and support of application infrastructure services and collaborate with other government agencies and central services teams to facilitate and deliver government-wide services.

Leadership & Strategic Compliance

• Lead the security design for enterprise-wide software rollouts, ensuring "Security by Design" is baked into every deployment.
• Act as the primary technical liaison for Cybersecurity Audits, providing data-driven evidence of compliance with global security standards (e.g., ISO 27001, SOC2).
• Mentor the team on security best practices, conducting regular knowledge-sharing sessions on the latest M365 security features and threat landscapes.

What We Are Looking For

• Identity Expertise: Technical mastery of both on-premises Active Directory and cloud-native Entra ID, including B2B/B2C scenarios, App Registrations, and Enterprise Applications.
• Security Stack Mastery: Proven experience implementing the full Microsoft 365 Defender suite and Microsoft Purview, encompassing DLP, EDR, EPP, and identity security capabilities.
• Automation-First Mindset: Proficiency in PowerShell and MS Graph API for comprehensive security and identity auditing, as well as automated threat remediation.
• Analytical Rigor: Ability to synthesize complex security and identity logs into actionable risk recommendations for executive leadership.
• Preferred Certifications: SC-100 (Microsoft Cybersecurity Architect), SC-300 (Microsoft Identity and Access Administrator), MS-500 (Microsoft 365 Security Administration), and CISSP or an equivalent security-focused accreditation.
• Proactive and dedicated individual with good leadership and multi-tasking capabilities as well as the ability to work independently without the need for close supervision.
• Experienced in contract and vendor management.
• Good communication skills, both oral and written, with the ability to pitch ideas and communicate effectively with stakeholders.
• Team player with strong organization and people handling skills.