Overview
Skills
Job Details
Job Title: Microsoft Defender for Identity (MDI) Engineer
Location: Remote
Job Description:
We are seeking a skilled security professional to lead the deployment, configuration, and testing of Microsoft Defender for Identity (MDI) within our hybrid on-premises / cloud environment.
This role will play a key part in strengthening our identity security posture and protecting our domain controllers, Active Directory (on-prem or hybrid), and overall identity infrastructure.
Key Responsibilities:
Plan, deploy, configure, and enable Microsoft Defender for Identity sensors across domain controllers/AD/AD-FS/AD-CS in on-prem and or hybrid environments.
Configure identity protection policies, security monitoring, and alerting workflows; investigate suspicious activity and identity-related security events.
Integrate Defender for Identity with our broader Microsoft security stack (e.g. Microsoft Defender for Endpoint, Microsoft Defender for Cloud, SIEM or other monitoring tools) as needed.
Work closely with IT, identity management, and infrastructure teams to ensure that identity and access management practices (e.g. directory hygiene, permissions, group membership, AD/Azure AD hybrid, conditional access, MFA/PAM/privileged identity management if relevant) align with security best practices.
Develop documentation - deployment guides, runbooks, standard operating procedures (SOPs), configuration documentation, incident response playbooks.
Provide knowledge transfer, training, and mentoring to internal teams (IT operations, SOC, identity admins) on using Defender for Identity and secure identity practices.
Required Qualifications & Skills:
Several years (e.g. 3 5+) of hands-on experience in cybersecurity/identity security/Microsoft-based identity and security deployments (AD, Azure AD/Entra ID, hybrid environments).
Solid experience working with on-prem Active Directory - domain controllers, AD-FS/AD-CS (if applicable), group policies, authentication, LDAP/Kerberos, etc.
Direct experience deploying, configuring, and managing Microsoft Defender for Identity (including sensors, monitoring, alerts, integration).
Strong grasp of the architecture and capabilities of Defender for Identity - e.g. how sensors work on domain controllers or AD servers to monitor traffic, parse Windows events and network traffic, and send only parsed data to the Defender cloud service.
Knowledge of broader Microsoft security stack and identity security best practices - e.g. Microsoft 365/Entra/Azure AD/privileged access, identity lifecycle management, conditional access, MFA/PAM.
Ability to lead and document security deployments, produce configuration guides, runbooks, and standard operating procedures (SOPs).
Strong communication and collaboration skills - able to work with IT/Operations, management, and to align on security posture, policies, and identity governance.
Bonus: scripting / automation skills (e.g. PowerShell, KQL, Azure/Bicep/ARM/IaC), SOC/incident response experience, knowledge of zero-trust architectures, multi-tenant or hybrid-cloud environments.
Relevant certifications: SC-300 Identity and Access Administrator, AZ-500 Azure Security Engineer Associate, SC-200 Security Operations Analyst, or other Microsoft / security certifications.
Desired Attributes:
Proven problem solver with attention to detail and strong analytical skills.
Comfortable working in hybrid environments (on-premises + cloud) and navigating complexity (e.g. multiple domains/forests, legacy AD, mixed OS, legacy infrastructure)
Ability to write clear, professional documentation and standard operating procedures.
Collaborative mindset - willing to work across teams, provide training/handoff, and champion security best practices across the organization.
Proactive about staying current with evolving Microsoft identity security tools, threats, and best practices.