Security Engineer (Identity, Endpoint & Data Protection) The Security Engineer (Identity, Endpoint & Data Protection) is responsible for implementing, maintaining, and continuously improving security controls across the Endpoint and User Ecosystem - including Identity and Access Management (IAM), Endpoint Protection, Data Loss Prevention (DLP), and Vulnerability Management. Reporting to the Cloud Security Operations Lead, this role safeguards the organisation’s users, data, and endpoints through advanced configuration of Microsoft stack and supports incident response, cyber defence, and risk remediation activities. Key Results Areas Identity & Access Management: Manage and optimise areas such as Azure AD / Entra ID, Conditional Access, PIM, MFA, RBAC, and access package lifecycle governance. Endpoint Security & Compliance: Administer endpoint protection tooling with compliance baselines, ensure encryption, patching, and secure configuration of all managed devices. Data Loss Prevention & Information Protection: Configure and maintain Microsoft Purview DLP, sensitivity labels, and information governance policies across M365 (Exchange, SharePoint, Teams, OneDrive). Vulnerability Management: Operate Microsoft Defender Vulnerability Management (DVM); track, prioritise, and remediate vulnerabilities in coordination with system owners. Security Monitoring & Incident Response: Integrate Defender alerts with the SIEM solution; support incident triage, root‑cause analysis, and post‑incident remediation. Automation & Policy Deployment: Build and deploy automated policies using Intune, PowerShell, and Graph API to enforce consistent security posture. Threat Detection Enhancement: Fine‑tune Defender and SIEM detections to reduce false positives and improve coverage of endpoint, identity, and DLP telemetry. Risk Remediation Support: Translate findings from Cyber Risk Analysts into actionable technical changes and validate remediation effectiveness. Compliance Reporting: Generate dashboards and reports for device compliance, privileged access, DLP violations, and vulnerability metrics. Continuous Improvement: Contribute to the ongoing maturity of the Endpoint and User security ecosystem and adoption of Zero Trust, "Security as Code," and automation. Role Requirements 3–5 years in Microsoft 365 / Azure security engineering or equivalent enterprise security operations. Proven experience managing Intune, Defender for Endpoint, and Entra ID conditional access policies. Hands‑on with Microsoft Purview DLP and sensitivity labelling across cloud services. Familiarity with Defender Vulnerability Management and integration into SOC workflows. Exposure to Sentinel and SOAR automation playbooks. Understanding of NIST CSF, CIS Controls, ISO 27001, and Zero Trust principles. Experience with Terraform, and DevOps processes on GitHub. Nice to have – Experience in AWS Security CSPM, AISPM, DSPM and within a large enterprise. Skills Adaptive Thinking Application Development Computer Literacy Confidentiality Data Compilation Data Compression Data Controls Data Modeling Data Privacy Data Recovery Digital Literacy Gateway Servers IT Network Security Probing Questions Test Case Management Competencies Action Oriented Communicates Effectively Cultivates Innovation Ensures Accountability Manages Complexity Nimble Learning Optimizes Work Processes Persuades Education NQF Level 7 - Degree, Advanced Diploma or Postgraduate Certificate or equivalent Employment Equity The appointment will be made from the designated group in line with the Employment Equity Plan of Old Mutual South Africa and the specific business unit in question. Closing Date 03 June 2026 , 23:59 #J-18808-Ljbffr