Senior Microsoft 365 Engineer

About OpsAssist

OpsAssist provides targeted technology solutions (fractional CIO, CISO, DevOps, cybersecurity, and managed services) to help businesses overcome challenges, improve processes, and prevent costly errors. We don't believe in one\-size\-fits\-all solutions. Instead, we become a strategic partner in navigating the complexities of the digital world, taking the time to listen, plan, and execute with agility, then staying on as a long\-term partner to continuously support and optimize.

The Role

We are looking for a Senior IT Engineer to join our delivery team and own hands\-on Microsoft 365 security and operational maturity programs across client engagements. You will execute against structured, outcome\-driven roadmaps, hardening identity, email, device, and data protection within client tenants, and serve as OpsAssist's primary technical voice with clients.

Key Responsibilities

Identity \& Access

• Deploy and tune Conditional Access policies: MFA enforcement, legacy auth blocking, risk\-based sign\-in, and compliant device requirements
• Establish privileged identity hygiene: separate admin accounts, minimized Global Admin footprint, break\-glass monitoring, time\-boxed exceptions

Email Security

• Implement anti\-phish/anti\-spam policies with executive impersonation protection; manage Safe Links and Safe Attachments
• Configure and enforce SPF, DKIM, and DMARC with progressive enforcement; audit and remediate external forwarding and suspicious inbox rules

Device Management

• Build authoritative device inventory; drive Intune enrollment for Windows, macOS, and mobile with compliance policies and Update for Business rings
• Integrate device compliance with Conditional Access; own patch SLAs and weekly compliance review

Data Protection

• Design sensitivity label taxonomy and roll out DLP in stages (audit → prompts → enforcement); standardize SharePoint/OneDrive external sharing and site ownership

Monitoring, Reporting \& Process

• Standardize alerting across identity, email, and device signals; maintain incident playbooks with defined containment steps
• Produce monthly executive posture reports for client leadership; author SOPs for joiner/mover/leaver and recurring hygiene cadences

Qualifications

• 7\+ years administering Microsoft 365 in a security\-focused capacity, ideally across multiple client tenants
• Deep hands\-on proficiency in Entra ID (Conditional Access, PIM), Exchange Online Protection, Defender for Office 365, Intune, and Purview
• Experience deploying MFA/Conditional Access at scale, configuring DMARC end\-to\-end, and building repeatable IT processes (SOPs, runbooks, playbooks)
• Comfortable producing executive\-facing posture reports and communicating technical progress to non\-technical stakeholders
• MSP or consulting background preferred; Microsoft certifications (SC\-300, SC\-200, MD\-102, or MS\-102\) a plus

Pay: $50\.00 \- $80\.00 per hour

Benefits:

• Flexible schedule

Work Location: Remote