Sr Engineer, IT Security (NTD)
Nintendo · Redmond, WA · 2 wk ago
Information TechnologyFull-time
Description of Duties
- M365 Tenant, Identity & Access Management
- Implement and optimize Microsoft Entra Conditional Access, tenant security defaults, privileged access policies, and MFA/SSPR at scale.
- Operate and harden Microsoft Entra ID (Azure AD): lifecycle governance, automated provisioning/deprovisioning, privileged identities (PIM), app registrations, consent/permission reviews.
- Build and maintain RBAC/least-privilege access models for cloud and SaaS apps; implement Just-In-Time access for admins and sensitive roles.
- Integrate HRIS and identity sources for Joiner-Mover-Leaver flows, enforce identity proofing and MFA step-up for high-risk transactions.
- Design and enforce data governance (labels, DLP, retention, eDiscovery/Legal Hold, insider risk signals) and collaboration controls (external sharing, guest access, B2B/B2C).
- Establish monitoring/alerting/SLAs for tenant and identity related services; lead incident response and help develop IR playbooks in conjunction with IT Security Operations.
- Endpoint Security (Windows, macOS, Linux)
- Own the migration from an existing endpoint management system to a more robust solution, such as the CrowdStrike Falcon platform, for all endpoints: sensor deployment/coverage, policy tuning, RTR workflows, and threat hunting guardrails.
- Lead efforts with platform engineers for OS-specific hardening baselines (CIS/NIST) and secure configuration: BitLocker/FileVault/LUKS, kernel extension/driver policies, local admin control, application allow/deny lists.
- Lead incident triage and response on endpoints, including containment, forensic collection, and post-incident hardening.
- Observability, Detection & Response
- Build and operationalize Splunk detections and dashboards integrating M365, Entra, CrowdStrike, Defender, Intune, and OS logs.
- Develop automated response playbooks to reduce MTTR.
- Automation & Engineering Excellence
- Create robust automation and self-service tooling for identity and endpoint operations.
- Maintain IaC for policy-as-code (e.g. Conditional Access, PIM role settings).
- Document runbooks, architecture diagrams, inventories, and SOPs; mentor engineers and drive operational maturity.
- Compliance & Risk
- Map controls to regulatory frameworks (SOX, J-SOX etc.); support audits with evidence and narratives.
- Lead periodic access reviews, admin entitlement recertification, and break-glass account governance.
- Conduct tabletop exercises, disaster recovery testing, and security drills tied to identity and endpoint scenarios.
- 8+ years in enterprise IT/Security engineering with deep hands-on experience in: M365 administration, IAM operations, or endpoint security.
- Expert-level experience with:
- M365 & Entra ID: Conditional Access, MFA/SSPR, PIM/PAM, app registrations, service principals, identity lifecycle.
- Endpoint Security: CrowdStrike Falcon or equivanet (policy design, RTR, detection tuning) across Win/macOS/Linux.
- Logging/SIEM: Splunk or equivalent (search, dashboards, alerting, detection engineering).
- Strong automation skills: PowerShell (Graph modules), Python, REST/Graph APIs; CI/CD and version control (Git).
- Proven track record delivering secure baselines at scale (Intune/Jamf/MDM), and leading incident response involving identity and endpoints.
- Deep understanding of Zero Trust, least privilege, RBAC, token flows (OAuth/OIDC), and modern auth (MSAL).
- Experience with compliance control design and audit support.
- Experience mentoring others and cultivating technical breadth and depth on a team.
- Fluency in Japanese a plus.
- Bachelor or Master of Science degree in Engineering, Information Technology, or related field; or equivalent combination of education and experience.