Return to jobs list

M365 Security Specialist

Job type: Full Time · Department: Tech · Work type: On-Site

Ahmedabad, Gujarat, India

Title: M365 Security Specialist

Experience: 8+ years

Location: Ahmedabad

Department: Cloud & Security 

About Simform:

Simform is a premier digital engineering company specialising in Cloud, Data, AI/ML, and Experience Engineering to create seamless digital experiences and scalable products. Simform has strong capabilities across Microsoft, AWS, Google Cloud, and Databricks. With a presence in 6 countries, Simform primarily serves North America, the UK, and the Northern European market. Simform is well-recognised as one of the most reputed employers in the region, having created a thriving work culture with a high work-life balance that gives a sense of freedom and opportunity to grow.

Role Overview -

 

The M365 Security Specialist is responsible for implementing and maintaining the security controls that govern how the firm’s 400+ users and contractors access M365 services, handle firm data, and operate across managed and unmanaged devices. Working closely with the IT Director, this role will execute a defined security program across identity, endpoint, data protection, and collaboration governance and contribute to the ongoing rationalization of the firm’s endpoint management tooling. 

 

This is a hands-on delivery role for a practitioner who is equally comfortable engineering Conditional Access policy, deploying Intune compliance baselines across multiple platforms, and advising on the right boundary between overlapping endpoint management tools.  

 

Key Responsibilities 

 

Contractor Access Program 

  • Deploy Mobile Application Management (MAM) combined with Conditional Access as the baseline access model for the firm’s contractor population. 

  • Implement device enrollment or VDI provisioning for contractor segments, per the agreed solution tier framework. 

  • Design and maintain Conditional Access policies that enforce access controls appropriate to each user segment, without creating unnecessary friction for legitimate use. 

  • Monitor contractor access compliance posture and escalate non-compliant access patterns per defined policy. 

 

Endpoint Compliance and Device Management 

  • Deploy and maintain Intune compliance policies for all supported platforms: Windows, macOS, iOS, and Android. 

  • Enforce disk encryption at scale, BitLocker for Windows and FileVault for macOS via Intune configuration profiles. 

  • Link Intune compliance status to Conditional Access policy so that non-compliant devices are blocked from accessing firm resources. 

  • Deploy App Protection (MAM) policies for Outlook, Teams, and OneDrive across all BYOD devices, ensuring firm data is contained within managed app boundaries regardless of device ownership. 

  • Implement Conditional Access App Control for unmanaged device sessions, applying appropriate session restrictions for users accessing M365 from non-enrolled devices. 

  • Configure idle session timeout for SharePoint and Office Web Apps in coordination with the IT Director. 

 

Data Protection and Collaboration Governance 

  • Deploy Data Loss Prevention (DLP) policies across Exchange, SharePoint, OneDrive, and Teams, prioritizing PII detection and protection in the initial rollout phase. 

  • Disable ‘Anyone’ sharing links across SharePoint and OneDrive; restrict external sharing to authenticated users only. 

  • Enforce sensitivity labels for all documents stored in SharePoint and OneDrive, including configuration of default labeling and mandatory labeling policies where appropriate. 

  • Maintain and refine DLP policies and sensitivity label taxonomy as business requirements evolve over the engagement. 

 

Tool Stack Rationalization and Platform Assessment 

  • Conduct a formal assessment of the firm’s endpoint management tool landscape specifically the responsibilities and overlap between Microsoft Intune, VSA, and Datto RMM and deliver a rationalization recommendation to the IT Director. 

  • Evaluate Microsoft Defender for Endpoint as a unified signal source for endpoint and identity-based threat detection; provide a recommendation on deployment scope and integration with existing tooling. 

  • Support implementation of any tooling changes that follow from assessment recommendations, in coordination with the IT Director and General IT team. 

 

Compliance and Ongoing Governance 

  • Support the firm’s ISO 27001 certification effort by implementing and documenting M365 security controls relevant to the certification scope. 

  • Maintain security configuration documentation, baselines, and change records in line with firm governance standards. 

  • Monitor M365 Secure Score and drive continuous improvement against defined benchmarks throughout the engagement. 

  • Participate in security risk assessments and remediation planning for M365-related findings. 

 

Required Qualifications 

 

  • 3-5 years of hands-on experience securing Microsoft 365 environments in a professional or enterprise setting. 

  • Deep working knowledge of Microsoft Entra ID and Conditional Access, including named location policies, compliance-based access, and App Control for unmanaged sessions. 

  • Proficiency with Microsoft Intune across all major platforms (Windows, macOS, iOS, Android), including compliance policy configuration, configuration profiles, and MAM/app protection policies. 

  • Demonstrated experience deploying DLP policies and sensitivity labels within the Microsoft Purview compliance framework. 

  • Solid understanding of SharePoint and OneDrive external sharing controls, including link type governance and authenticated-user-only access models. 

  • Experience assessing or rationalizing overlapping endpoint management tooling (RMM platforms, MDM, Intune) and making platform boundary recommendations. 

  • Experience designing contractor or third-party access programs at scale using MAM and Conditional Access. 

  • Familiarity with Microsoft Defender for Endpoint and its integration with Entra ID and Conditional Access. 

  • Exposure to Azure Virtual Desktop (AVD) and its interaction with Intune and Conditional Access policy. 

  • Strong communication skills, with the ability to document configurations clearly and collaborate with non-technical stakeholders. 

 

Preferred Qualifications 

 

  • Microsoft certifications in security or endpoint management (SC-300, SC-400, MS-500, MD-102, or equivalent). 

  • Experience supporting an ISO 27001 or SOC 2 certification effort. 

  • Experience in a professional services, legal, or similarly regulated environment. 

Why Join Us:

  • Lead a high-impact security practice within a global engineering company

  • Work with cutting-edge Cloud, Data, AI/ML, and enterprise technologies

  • Flat-hierarchical, engineering-oriented, and innovation-driven culture

  • Well-balanced learning and growth opportunities

  • Free health insurance

  • Office facilities with a game zone, in-office kitchen with affordable lunch service, and free snacks

  • Sponsorship for certifications/events and library service

  • Flexible work timing, leaves for life events, WFH and hybrid options

Made with