Cloud Security Engineer - Microsoft 365

Description Quantum Machines (QM) is a global leader in control systems for quantum computing, a field on the verge of exponential growth. Our innovative hardware and software mark a groundbreaking approach in quantum computer control, scaling from individual qubits to expansive arrays of thousands. At the core of QM lies a passionate and ambitious team committed to reshaping the construction and operation of quantum computers. Our work is fueled by a deep understanding of customer needs, driving us to deliver unparalleled solutions in this revolutionary field. We are seeking a highly experienced Microsoft 365 Cloud Security Engineer to own the administration, configuration, and security of our enterprise Microsoft 365 tenant(s). The ideal candidate has proven hands-on expertise managing Microsoft 365 at scale, including Intune, Exchange Online, SharePoint/OneDrive, Teams, Entra ID, Defender, and related integrations You will play a key role in ensuring availability, governance, identity and access control, endpoint compliance, and modern security posture across the entire Microsoft cloud ecosystem, with close collaboration across IT, Security, and business stakeholders. Key Responsibilities Microsoft 365 Tenant Administration Administer and maintain enterprise-scale M365 tenants, including configuration, governance, and operational support. Oversee service health, usage reporting, licensing, and user lifecycle management. Maintain documentation of configurations, workflows, and operational procedures. Microsoft Intune / Endpoint Management (Full Scope) Own all aspects of Intune administration, including: Device enrolment (Windows, macOS, iOS/iPadOS, Android) Configuration profiles, compliance policies, and security baselines Autopilot provisioning, device naming policies, and lifecycle Conditional Access integration with device compliance Endpoint security policies (AV, firewall, ASR rules, BitLocker, etc.) Identity & Access Management (Entra ID / SSO) Manage and secure Microsoft Entra ID (Azure AD) for identity, authentication, and access governance. Configure and maintain SSO integrations with SaaS applications using SAML/OAuth/OIDC. Implement and optimize: Conditional Access policies MFA enforcement and authentication methods policy Privileged Identity Management Identity Protection policies (risk-based controls) Security & Threat Protection Deploy and manage Microsoft Defender stack relevant to the organization Integrate and manage endpoint security posture with non-Microsoft EDR platforms, such as Sentinel One/CrowdStrike Collaborate with Security teams to implement detection and response workflows, ensure coverage, and align with organizational policy. Messaging & Collaboration Exchange Online Administer Exchange Online policies and configurations Implement email security best practices and support incident response when needed. Microsoft Teams Administer Teams policies and governance - Teams lifecycle policy, app permissions, meeting policies; External access and guest collaboration settings SharePoint / OneDrive Administer SharePoint Online and OneDrive settings, including: Site governance, permissions, and sharing controls Sensitivity labels and information protection controls (if used) Sync and storage management, auditing and access policies Azure & Cloud Infrastructure Support Azure identity, security, and basic cloud resources relevant to M365 integrations. Manage Azure configuration related to: Entra ID integrations Conditional Access Hybrid identity (if applicable) Azure security settings and monitoring Policy, Compliance, and Governance Implement and maintain governance models across identity, endpoint, data sharing, and collaboration tools. Support compliance initiatives, audits, and reporting needs. Maintain secure tenant configurations aligned with best-practice frameworks (e.g., CIS, Microsoft Secure Score, NIST). Requirements Required Qualifications 3-5 years of hands-on experience administering Microsoft 365 in an enterprise environment. Proven expertise managing Intune (full end-to-end: enrolment → policy → deployment → compliance → reporting), Exchange Online, SharePoint Online / OneDrive, Microsoft Teams, Microsoft Entra ID, Conditional Access policies Strong understanding of email security fundamentals and implementations: Transport rules, threat policies, anti-phishing controls SPF, DKIM, DMARC; experience integrating M365 security posture with non-Microsoft EDR/XDR tools Strong troubleshooting capability across identity, endpoint, collaboration, and security layers. Experience in scripting/automation Experience with Microsoft Defender for Endpoint/Office 365/Cloud Apps. Key Skills & Competencies Enterprise cloud administration mindset (scale, governance, standardization) Strong security-first approach Ability to translate business needs into practical policies Comfortable owning production-critical services Excellent communication and cross-functional collaboration Structured documentation and operational discipline Preferred Skills Strong plus Experience with Microsoft Purview (DLP, retention, sensitivity labels, eDiscovery) Familiarity with Zero Trust architecture and modern security frameworks. Knowledge of SIEM integrations (Microsoft Sentinel, Splunk, etc.).