Systems Engineer, Messaging

Job Description

JOB SUMMARY

Functions as the engineer for Email & Messaging platforms, with primary accountability for Microsoft Exchange, Microsoft Exchange Online, Exchange Online Protection / Microsoft Defender for Office 365, Cisco Secure Email (IronPort/ESA or CES), secure SMTP relay, and hybrid Exchange services. The ideal candidate is a hands-on engineer with excellent communication skills who can design, secure, operate, and continuously improve enterprise mail flow at global scale. This role resolves complex messaging issues, designs and implements security and authentication controls (SPF/DKIM/DMARC), and partners closely with Information Security and Identity teams to protect users against phishing, BEC, malware, and data loss. The engineer contributes to research, analysis, design, implementation, and sustainment of resilient, auditable, and compliant messaging services that meet current and future business and security requirements.

Required Education & Experience:

• Undergraduate degree in an engineering or computer science discipline and/or equivalent experience/certification

• 5+ years progressive experience in IT engineering, including 2-4+ years focused on enterprise email/messaging.

• 2+ years engineering Exchange Online and EOP / Microsoft Defender for Office 365 (policy design, Safe Links/Attachments, Threat Explorer, AIR, quarantine workflows).

• 2+ years administering Cisco Secure Email (IronPort/ESA or CES): listeners, SMTP Auth, TLS, content filters, DLP, quarantine/SMAs, TAC engagement.

• Proven ability integrating with Microsoft 365 security tooling, as well as other security tooling such as Splunk, CrowdStrike, Abnormal Security, etc.

• Messaging security standards expertise with proficiency of new security technologies related to messaging, such as ICES

• Demonstrated expertise in mail flow: connectors, accepted/remote domains, transport rules, message tracing, header analysis, and hybrid routing in a large & complex messaging environment.

• Practical mastery of email authentication (SPF/DKIM/DMARC) design, rollout, and enforcement with reporting/monitoring.

• Advanced PowerShell for Exchange Online (EXO v3), scripting for policy/config automation; familiarity with Graph API helpful.

• Experience operating hybrid Exchange (HCW, connectors, auth, coexistence) and modernizing legacy protocols.

• 2+ years working in Agile delivery (scrum/kanban), with proven user-centered design mindset applied to service hardening and incident response.

• 2+ years integrating on-prem and cloud services in a large, global enterprise.

Other Attributes and Preferred Qualifications/Experience:

• Excellent written and verbal communication; strong attention to detail and ability to drive outcomes across competing priorities.

• Demonstrated ability to work independently and in cross-functional initiatives (Security, Identity, Networking, Legal/Compliance).

• Experience researching and adopting emerging email security capabilities and standards (e.g., MTA-STS/TLS-RPT, BIMI).

• Seasoned experience with directory/identity (Microsoft Active Directory/Entra ID), modern auth, Conditional Access; Ping/other IdPs a plus.

• Certifications such as Microsoft 365 Certified: Messaging Administrator Associate; Cisco Secure Email training/certifications preferred.

• Strong understanding of governance and security policy alignment (e.g., MIP-29 Global Information Security Policy).

• Experience integrating messaging telemetry with SIEM (e.g., Splunk) and operational dashboards.

Core Work Activities

• Own Exchange Online/EOP/MDO configuration: design, implement, and continuously improve anti-spam/anti-phish/anti-malware policies, Safe Links/Attachments, quarantine workflows, and Automated Investigation & Response (AIR); partner with SOC for incident handling.

• Operate Cisco Secure Email (IronPort/ESA or CES) where in use: listeners, routing, SMTPAuth, TLS, content filters, outbreak/AV verdicts, SMAs/reporting, and coordinate with Cisco TAC as required.

• Lead mail-flow modernization: design and execute changes required to transition, optimize, and sustain routing through EOP/Defender; maintain necessary interoperability and fallback paths.

• Engineer secure SMTP relay: implement authenticated relay patterns for applications/services, onboard senders, define migration waves, and publish requirements; partner with App/Network owners for firewall and testing.

• Implement & enforce email authentication: deploy SPF/DKIM/DMARC across domains, move to enforcement (p=quarantine/reject) with measurement and false-positive remediation; manage reporting and posture dashboards.

• Hybrid Exchange operations: maintain HCW, connectors, and coexistence; plan deprecation of legacy features in line with vendor guidance.

• Telemetry & logging: integrate Defender/EOP/IronPort signals with SIEM; define alerting, runbooks, and SLOs for detection and response; support IPT/controls outcomes for 'Improve Email Logging & Monitoring.'

• Compliance & eDiscovery: partner with Security/Legal to apply retention, litigation hold, eDiscovery workflows, and DLP/policy hygiene in Purview for email workloads (as needed).

• Documentation & enablement: keep runbooks current (Exchange/Defender/IronPort), publish KBs, and educate tech and field teams on new features and policy changes.

• Leads in the evaluation, investigation, and testing of new technologies with other teams

• Acts as a Technical Subject Matter Expert for Messaging products and services

• Participate in security incident response activities, as needed for Messaging products

Managing Projects and Priorities

• Thinks creatively and practically to design and execute messaging roadmaps and modernization plans; manages risks, dependencies, and cutovers.

• Generates timely results (designs, RFCs, reports, dashboards) and holds stakeholders to delivery commitments.

• Plans, implements, and evaluates the quality and resiliency of operations with a focus on measurable service outcomes.

Delivering on the Needs of Key Stakeholders

• Balances security, reliability, and user experience; communicates decisions and trade-offs in clear, persuasive terms.

• Demonstrates strong business acumen; aligns changes to measurable outcomes (reduced phishing risk, improved deliverability, lower toil).

• Supports team/portfolio goals and budget adherence through automation and policy standardization.

Providing Technical Support and Consultation

• Advises on best practices for mail-flow, authentication, and threat protection; anticipates and resolves complex issues.

• Applies deep knowledge of Exchange Online, EOP/MDO, Cisco Secure Email, and identity to meet business goals and security requirements.

• Keeps current with platform roadmaps and standards; evaluates new capabilities and drives adoption when beneficial.

• Performs other reasonable duties as required for the position.

The salary range for this position is $84,900 to $134,000 annually. In addition to the annual salary, the position will be eligible to receive an annual bonus.

Washington Applicants Only: Employees will accrue 0.04616 PTO balance for every hour worked and eligible to receive minimum of 7 holidays annually.

All locations offer coverage for medical, dental, vision, health care flexible spending account, dependent care flexible spending account, life insurance, disability insurance, accident insurance, adoption expense reimbursements, paid parental leave, educational assistance, 401(k) plan, stock purchase plan, discounts at Marriott properties, commuter benefits, employee assistance plan, and childcare discounts. Benefits are subject to terms and conditions, which may include rules regarding eligibility, enrollment, waiting period, contribution, benefit limits, election changes, benefit exclusions, and others.

Marriott HQ is committed to a hybrid work environment that enables associates to Be connected. Headquarters-based positions are considered hybrid, for candidates within a commuting distance to Bethesda, MD; candidates outside of commuting distance to Bethesda, MD will be considered for Remote positions.

The application deadline for this position is 28 days after the date of this posting, September 22, 2025.

At Marriott International, we are dedicated to being an equal opportunity employer, welcoming all and providing access to opportunity. We actively foster an environment where the unique backgrounds of our associates are valued and celebrated. Our greatest strength lies in the rich blend of culture, talent, and experiences of our associates. We are committed to non-discrimination on any protected basis, including disability, veteran status, or other basis protected by applicable law.

About the Team

Marriott International is the world's largest hotel company, with more brands, more hotels and more opportunities for associates to grow and succeed. Be where you can do your best work, begin your purpose, belong to an amazing global team, and become the best version of you.