Senior Cloud & Modern Workplace Engineer

**Job Summary** Shape the future of enterprise cloud transformation in Abu Dhabi by leading the design, hardening, and governance of a cutting\-edge Microsoft 365 and Azure ecosystem—where your expertise will directly secure, optimize, and scale a greenfield\-to\-enterprise platform for a regulated industry leader. As a Senior Cloud \& Modern Workplace Engineer, you’ll architect Zero Trust security frameworks, enforce least\-privilege access controls, and streamline identity governance across Entra ID, Intune, and Azure landing zones while integrating critical tools like Defender XDR, Saviynt IDAM, and Zscaler ZTNA. With 7–12 years of hands\-on experience in enterprise cloud environments, you’ll thrive by automating repetitive tasks with PowerShell, documenting scalable standards, and proactively resolving complex issues—ensuring operational resilience and compliance\-ready posture within a 12\-month accelerated program. Ideal candidates bring deep expertise in Conditional Access, RBAC modeling, and endpoint compliance, paired with a disciplined approach to documentation and stakeholder collaboration, to deliver measurable improvements in security, cost governance, and platform maturity. Join SentraAI to embed within a high\-impact client engagement, where your work will not only fortify digital infrastructure but also drive sustainable transformation across financial services or public sector operations. **Responsibilities** * Design and implement Microsoft 365 tenant hardening aligned with enterprise security standards and compliance requirements.,Develop and enforce a Conditional Access strategy grounded in Zero Trust principles to secure enterprise access across Microsoft 365 and Azure.,Rationalize Entra ID group structures and eliminate privilege sprawl through role\-based access governance and least\-privilege enforcement.,Define, document, and enforce RBAC matrices for Azure and Microsoft 365, ensuring alignment with enterprise security policies.,Implement and maintain SharePoint Online governance controls, including site sprawl management, data structure optimization, and compliance enforcement.,Deploy and refine Microsoft Defender suite (XDR) policies to enhance threat detection, response, and remediation capabilities.,Ensure adherence to Microsoft 365 security baseline configurations and remediate configuration drift proactively.,Design, implement, and document Data Loss Prevention (DLP) policies and governance controls to protect sensitive enterprise data.,Support the enhancement of Azure landing zone guardrails, including subscription governance, policy definitions, and management group structures.,Enforce tagging standards and cost governance frameworks within Azure to optimize resource allocation and operational efficiency.,Design and optimize Azure Virtual Desktop (AVD) deployments, ensuring scalability, security, and performance alignment with enterprise needs.,Support Windows 365 and Cloud PC deployments, integrating identity and access controls for secure remote workforce enablement.,Align Entra ID configurations with Saviynt IDAM orchestration to streamline identity governance and access lifecycle management.,Define and document role\-based access control models, supporting identity lifecycle improvements for Joiner, Mover, and Leaver processes.,Reduce manual access assignments through group\-based governance and automation, enhancing operational efficiency and security posture.,Integrate and align Privileged Access Management (PAM) and Endpoint Privilege Management (EPM) solutions with enterprise security frameworks.,Contribute to access certification and audit readiness, ensuring compliance with regulatory and internal governance requirements.,Harden and optimize Intune configurations to enforce endpoint compliance, remediation processes, and security policies.,Improve endpoint compliance posture through automated remediation workflows and alignment with Conditional Access enforcement policies.,Support macOS device governance using Jamf, ensuring consistency with enterprise security and compliance standards.,Validate and govern patching models using Ivanti, ensuring alignment with enterprise security and operational requirements.,Align BeyondTrust remote access governance with enterprise security policies to mitigate risks and enforce least\-privilege access.,Deploy and optimize enterprise security tooling, including PAM, EPM, DLP solutions, Defender XDR, and Managed Engine monitoring tools.,Ensure interoperability across security tooling to prevent policy conflicts and enhance enterprise\-wide threat detection and response.,Troubleshoot integration challenges across Oracle Fusion, IDAM, and other enterprise platforms to maintain seamless operational workflows.,Develop comprehensive platform standards for Azure and Microsoft 365, including SOPs for operational and configuration activities.,Document architecture decisions, configuration baselines, and change control procedures for cloud environments.,Establish monitoring, alerting, and escalation standards to ensure operational visibility and rapid incident response.,Create technical design documents and as\-built documentation to support platform sustainability and future scalability.,Identify and implement automation opportunities for repetitive cloud tasks, reducing configuration drift and improving efficiency.,Support scripting initiatives using PowerShell to automate governance, compliance checks, and operational workflows.,Contribute to AI\-driven optimization use cases where applicable, leveraging enterprise AI capabilities for platform improvements.,Provide L2 to L3 support for complex Microsoft 365 and Azure issues, including identity, endpoint, and cloud service incidents.,Participate in root cause analysis and preventive remediation for recurring platform issues to enhance stability and resilience.,Support patch validation and environment health checks to ensure platform reliability and service continuity.,Conduct periodic posture reviews of Microsoft 365 and Azure security configurations to identify gaps against best practices and industry standards.,Proactively recommend and implement improvements to advance enterprise maturity within the 12\-month transformation timeline.,Ensure platform resilience and service continuity through proactive monitoring and incident management strategies. **Qualifications** * 7 to 12 years of experience in Microsoft cloud engineering with a focus on enterprise environments.,Strong hands\-on experience with Azure and Microsoft 365 (E5\-level capabilities) in large\-scale, regulated, or compliance\-driven environments.,Proven experience operating in transformation or greenfield\-to\-enterprise build environments, including platform architecture, security hardening, and governance implementation.,Experience implementing Conditional Access and Zero Trust models aligned to enterprise security standards.,Experience designing, enforcing, and documenting Role\-Based Access Control (RBAC) models across Azure and Microsoft 365\.,Hands\-on experience with Intune and endpoint compliance governance, including policy hardening, remediation processes, and device posture management.,Experience deploying or supporting enterprise security tooling, including Privileged Access Management (PAM), Endpoint Privilege Management (EPM), Data Loss Prevention (DLP), and Microsoft Defender XDR.,Experience writing technical standards, operational procedures (SOPs), and architecture documentation for cloud and identity platforms.,Experience working in multi\-domain enterprise environments with 1,000\+ users, integrating cloud identity with Identity and Access Management (IDAM) platforms such as Saviynt.,Experience implementing Azure landing zone frameworks, subscription governance, and cost management structures.,Experience participating in enterprise\-wide security uplift programs, including posture reviews, gap analysis, and compliance alignment.