IT Systems Engineer

3–5+ years administering Microsoft 365 and Entra ID in production. Hands-on experience with Conditional Access, PIM, Exchange Online, SharePoint/OneDrive, Teams, Intune, Defender. Demonstrated DLP experience: designing, tuning, and operating Microsoft Purview DLP policies and Endpoint DLP. Proficiency with PowerShell and Microsoft Graph for admin automation. Strong grasp of RBAC/least privilege, directory objects, auth protocols (OAuth/OIDC/SAML). Solid network fundamentals (DNS, HTTP/S, TCP/IP). Right to work in Bulgaria. Experience with Azure Policy governance, Microsoft Sentinel, Purview, or endpoint hardening at scale (preferred). Experience with Microsoft Defender for Cloud Apps and DLP integrations (preferred). Prior work supporting audit frameworks (e.g., SOC 2) and access attestations (preferred).

Operate and improve Entra ID features (Conditional Access, PIM, RBAC). Administer Microsoft 365 services (Exchange Online, SharePoint/OneDrive, Teams). Own DLP operations across Microsoft Purview and Endpoint DLP. Partner with Security on Microsoft Defender policy tuning. Manage Intune for endpoint and device management. Support Entra-joined device trust and Azure platform controls. Build admin scripts/automations using PowerShell and Microsoft Graph. Apply Netrix security standards and support audits. Serve as Tier-3 escalation for identity/M365 and DLP issues. Communicate clearly with global stakeholders.