M365 Engineer

Role summary

• We are looking for an M365 Engineer colleague who is confident working in on-prem and hybrid enterprise infrastructures, has a strong identity- and access-management mindset across Active Directory and Microsoft Entra ID, and is capable of designing, implementing, and operating security and management solutions within the Microsoft 365 ecosystem.
• A key part of the role is supporting the migration from O365 to M365, leveraging Entra ID P2 capabilities as an IAM solution, and ensuring the stable and governed operation of the on-prem environment (Windows Server / Active Directory / DFS). In addition, the position includes the implementation and configuration of JIRA and the design of related processes, as well as active participation in the technical and documentation-related tasks required for NIS2 compliance.

Main responsibilities

• Design, implementation, and operation of Microsoft 365 environments in a hybrid (on-prem + cloud) model
• Support for O365 → M365 migration (identity, policies, security baselines, transition tasks, stabilization)
• Operation and development of hybrid identity (AD ↔ Entra ID integration, authentication and authorization models)
• Use of Entra ID P2 capabilities as IAM:
  • Conditional Access, MFA, Identity Protection
  • Privileged Identity Management (PIM)
  • Access Reviews / identity lifecycle governance support
  • Microsoft Defender (primarily endpoint-focused): policy configuration, hardening, basic incident triage, reporting
  • Intune (Endpoint Manager): enrollment, configuration profiles, compliance, application management
  • Data Loss Prevention (DLP) / data protection: sensitivity labels, DLP policies, basic governance and documentation
  • On-prem Windows Server operations: patching, standards, troubleshooting, ensuring stable operations
  • On-prem Active Directory operations: group and permission management, GPOs, AD health monitoring and support
  • DFS operations: troubleshooting, ensuring consistency and availability, migration support
  • JIRA implementation and configuration: support in defining projects, permissions, queues, and workflows, in collaboration with endpoint engineers
  • Process design: IT operations / ITSM processes (incident, request, change), SLA and reporting mindset
  • Participation in NIS2 compliance activities: supporting technical controls, addressing gaps, preparing evidence and documentation for audits
  • Documentation, knowledge sharing, and collaboration with IT operations, security teams, and stakeholders
• Conditional Access, MFA, Identity Protection
• Privileged Identity Management (PIM)
• Access Reviews / identity lifecycle governance support
• Microsoft Defender (primarily endpoint-focused): policy configuration, hardening, basic incident triage, reporting
• Intune (Endpoint Manager): enrollment, configuration profiles, compliance, application management
• Data Loss Prevention (DLP) / data protection: sensitivity labels, DLP policies, basic governance and documentation
• On-prem Windows Server operations: patching, standards, troubleshooting, ensuring stable operations
• On-prem Active Directory operations: group and permission management, GPOs, AD health monitoring and support
• DFS operations: troubleshooting, ensuring consistency and availability, migration support
• JIRA implementation and configuration: support in defining projects, permissions, queues, and workflows, in collaboration with endpoint engineers
• Process design: IT operations / ITSM processes (incident, request, change), SLA and reporting mindset
• Participation in NIS2 compliance activities: supporting technical controls, addressing gaps, preparing evidence and documentation for audits
• Documentation, knowledge sharing, and collaboration with IT operations, security teams, and stakeholders

Required professional experience

• Hands-on experience in Microsoft 365 administration and/or implementation
• Strong foundational knowledge of Active Directory (permission models, GPO mindset, understanding of hybrid identity)
• Experience in on-prem and hybrid enterprise environments
• Confident knowledge in several of the following areas:
  • Entra ID P2 (Conditional Access/MFA, PIM, Identity Protection, Access Reviews)
  • Intune (policies, compliance, enrollment, configuration)
  • Microsoft Defender (endpoint protection, baseline/hardening)
  • DLP / data protection (policies, sensitivity labels, governance mindset)
  • Experience in Windows Server / on-prem Active Directory / DFS operations
  • Structured problem-solving, troubleshooting skills, and documentation capability
  • Process-oriented thinking (ticketing, workflows, SLAs, ITIL principles)
• Entra ID P2 (Conditional Access/MFA, PIM, Identity Protection, Access Reviews)
• Intune (policies, compliance, enrollment, configuration)
• Microsoft Defender (endpoint protection, baseline/hardening)
• DLP / data protection (policies, sensitivity labels, governance mindset)
• Experience in Windows Server / on-prem Active Directory / DFS operations
• Structured problem-solving, troubleshooting skills, and documentation capability
• Process-oriented thinking (ticketing, workflows, SLAs, ITIL principles)

Nice to have

• Knowledge of or experience with SIEM / SOC / SOAR systems, or related integration work
• Experience supporting compliance and audit processes (controls, evidence collection, documentation)
• Experience in migration projects (planning, cutover, stabilization phases)
• Microsoft certifications (not required, but an advantage), such as MS-102, MD-102, SC-300, SC-400
• ITIL Foundation (v3 or v4) is an advantage, but not a requirement