Cyber Security Engineer - Endpoint

We are looking for Cyber Security Engineer - Endpoint at London, UK – 2 days per week Onsite

Role Description:

Overview

The Intune Endpoint Privilege Management Specialist is responsible for designing, implementing, and administering Microsoft Intune’s EPM capabilities to enforce least privilege principles across the organisation. This specialist ensures users have secure, controlled, and auditable access to elevated privileges via Just In Time (JIT) elevation, while reducing security risks associated with local admin rights.

Key Responsibilities

Endpoint Privilege Management (EPM) Architecture & Administration

• Lead the design, deployment, and optimization of Microsoft Intune Endpoint Privilege Management.
• Define and implement elevation rule policies, including approval workflows and automation.
• Configure and maintain Just Enough Access (JEA) and Just In Time (JIT) elevation scenarios.
• Analyse and classify apps requiring elevation and build appropriate Elevation Rules.

Least Privilege Enforcement & Security Hardening

• Remove and prevent permanent local admin rights on all Windows devices.
• Build processes and automation to support secure elevation without impacting productivity.
• Integrate EPM with broader Zero Trust and Microsoft Defender security models.
• Conduct security assessments and hardening activities for endpoint privilege controls.

Device & App Lifecycle Governance

• Manage EPM policies across Windows 10/11 devices enrolled into Intune.
• Maintain and optimise EPM for core business applications that require privileges.
• Ensure consistent policy enforcement across hybrid-joined, Azure AD joined, and co managed devices.

4. Monitoring, Logging & Reporting

• Build dashboards and reporting workflows for:
• Elevation rule usage
• Approved/denied elevation requests
• Risk analysis and anomalous behaviour
• Leverage Log Analytics, Microsoft Defender, and Graph API to automate insights.
• Provide regular reporting to security governance forums.

5. Enterprise Collaboration & Support

• Partner with Security, Identity, Desktop, and Application teams to operationalise least privilege.
• Act as SME for escalations related to software requiring elevation or blocked by policy.
• Document processes, runbooks, and security guidelines for internal teams.
• Lead training and awareness activities for support teams on EPM operation.

Required Skills & Experience

Technical Requirements

• Hands on experience with Microsoft Intune Endpoint Privilege Management (EPM).
• Deep understanding of:
• Least privilege and Zero Trust security models
• Elevation rule creation, testing, and deployment
• Application behaviour analysis and privilege requirements
• Windows security hardening
• Defender for Endpoint (particularly Attack Surface Reduction)
• Log Analytics / KQL for monitoring privilege escalations
• Strong PowerShell scripting capability (automation, Graph API, rule validation).

Preferred Experience

• Familiarity with:
• Microsoft Defender XDR / vulnerability management
• Conditional Access & Identity Protection
• AppLocker/App Control for Business
• Relevant certifications (beneficial):
• MD-102 Endpoint Administrator
• MS-102 Microsoft 365 Administrator
• SC-200 Security Operations Analyst
• SC-300 Identity & Access Administrator

Soft Skills

• Clear communicator able to simplify complex security concepts.
• Strong analytical and root-cause analysis capability.
• Process-driven, with attention to documentation and governance.
• Ability to build trust with both technical and non-technical stakeholders.

Key Deliverables

• Enterprise-wide implementation of Microsoft Intune Endpoint Privilege Management.
• Removal of local admin rights across the organisation.
• Secure and frictionless JIT elevation experience for end users.
• Comprehensive reporting for audit, compliance, and risk monitoring.
• Continuous improvement of endpoint privilege workflows and automation.