At a Glance
- Tasks: Design and implement Microsoft Intune's Endpoint Privilege Management to enhance security.
- Company: Join a forward-thinking tech company in London with a focus on cybersecurity.
- Benefits: Enjoy competitive pay, flexible work arrangements, and opportunities for professional growth.
- Other info: Collaborative environment with a focus on continuous improvement and innovation.
- Why this job: Make a real difference in cybersecurity while working with cutting-edge technology.
- Qualifications: Experience with Microsoft Intune and a strong understanding of security models required.
The predicted salary is between 60000 - 80000 € per year.
We are looking for a Cyber Security Engineer - Endpoint at London, UK – 2 days per week Onsite.
Role Description:
Overview
The Intune Endpoint Privilege Management Specialist is responsible for designing, implementing, and administering Microsoft Intune’s EPM capabilities to enforce least privilege principles across the organisation. This specialist ensures users have secure, controlled, and auditable access to elevated privileges via Just In Time (JIT) elevation, while reducing security risks associated with local admin rights.
Key Responsibilities
Endpoint Privilege Management (EPM) Architecture Administration
- Lead the design, deployment, and optimization of Microsoft Intune Endpoint Privilege Management.
- Define and implement elevation rule policies, including approval workflows and automation.
- Configure and maintain Just Enough Access (JEA) and Just In Time (JIT) elevation scenarios.
- Analyse and classify apps requiring elevation and build appropriate Elevation Rules.
Least Privilege Enforcement Security Hardening
- Remove and prevent permanent local admin rights on all Windows devices.
- Build processes and automation to support secure elevation without impacting productivity.
- Integrate EPM with broader Zero Trust and Microsoft Defender security models.
- Conduct security assessments and hardening activities for endpoint privilege controls.
Device App Lifecycle Governance
- Manage EPM policies across Windows 10/11 devices enrolled into Intune.
- Maintain and optimise EPM for core business applications that require privileges.
- Ensure consistent policy enforcement across hybrid-joined, Azure AD joined, and co-managed devices.
Monitoring, Logging Reporting
- Build dashboards and reporting workflows for:
- Elevation rule usage
- Approved/denied elevation requests
- Risk analysis and anomalous behaviour
- Leverage Log Analytics, Microsoft Defender, and Graph API to automate insights.
- Provide regular reporting to security governance forums.
Enterprise Collaboration Support
- Partner with Security, Identity, Desktop, and Application teams to operationalise least privilege.
- Act as SME for escalations related to software requiring elevation or blocked by policy.
- Document processes, runbooks, and security guidelines for internal teams.
- Lead training and awareness activities for support teams on EPM operation.
Required Skills Experience
Technical Requirements
- Hands-on experience with Microsoft Intune Endpoint Privilege Management (EPM).
- Deep understanding of:
- Least privilege and Zero Trust security models
- Elevation rule creation, testing, and deployment
- Application behaviour analysis and privilege requirements
- Windows security hardening
- Defender for Endpoint (particularly Attack Surface Reduction)
- Log Analytics / KQL for monitoring privilege escalations
- Strong PowerShell scripting capability (automation, Graph API, rule validation).
Preferred Experience
- Familiarity with:
- Microsoft Defender XDR / vulnerability management
- Conditional Access Identity Protection
- AppLocker/App Control for Business
- Relevant certifications (beneficial):
- MD-102 Endpoint Administrator
- MS-102 Microsoft 365 Administrator
- SC-200 Security Operations Analyst
- SC-300 Identity Access Administrator
Soft Skills
- Clear communicator able to simplify complex security concepts.
- Strong analytical and root-cause analysis capability.
- Process-driven, with attention to documentation and governance.
- Ability to build trust with both technical and non-technical stakeholders.
Key Deliverables
- Enterprise-wide implementation of Microsoft Intune Endpoint Privilege Management.
- Removal of local admin rights across the organisation.
- Secure and frictionless JIT elevation experience for end users.
- Comprehensive reporting for audit, compliance, and risk monitoring.
- Continuous improvement of endpoint privilege workflows and automation.
Cyber Security Engineer - Endpoint employer: GIOS Technology
Join our dynamic team in London as a Cyber Security Engineer - Endpoint, where we prioritise innovation and collaboration in a supportive work environment. We offer flexible working arrangements, opportunities for professional development, and a commitment to employee well-being, ensuring you thrive both personally and professionally. With a focus on cutting-edge technology and a culture that values your contributions, you'll find meaningful and rewarding employment with us.
StudySmarter Expert Advice🤫
We think this is how you could land Cyber Security Engineer - Endpoint
✨Tip Number 1
Network, network, network! Get out there and connect with people in the cyber security field. Attend meetups, webinars, or even local events. You never know who might have a lead on your dream job!
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your projects related to Microsoft Intune and endpoint security. This gives potential employers a taste of what you can do and sets you apart from the crowd.
✨Tip Number 3
Prepare for interviews by brushing up on common cyber security scenarios and challenges. Be ready to discuss how you would handle specific situations related to least privilege enforcement and security hardening.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive about their job search!
We think you need these skills to ace Cyber Security Engineer - Endpoint
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the Cyber Security Engineer role. Highlight your experience with Microsoft Intune and any relevant projects you've worked on. We want to see how your skills align with our needs!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about endpoint security and how you can contribute to our team. Keep it concise but impactful – we love a good story!
Show Off Your Technical Skills:Don’t hold back on showcasing your technical expertise, especially in areas like PowerShell scripting and security hardening. We’re looking for someone who can hit the ground running, so let us know what you can do!
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way to ensure your application gets into the right hands. Plus, it shows us you’re serious about joining the StudySmarter family!
How to prepare for a job interview at GIOS Technology
✨Know Your Tech Inside Out
Make sure you brush up on your knowledge of Microsoft Intune and Endpoint Privilege Management. Be ready to discuss how you've implemented least privilege principles in past roles, and have examples of elevation rule policies you've defined or automated.
✨Showcase Your Problem-Solving Skills
Prepare to talk about specific challenges you've faced in security hardening or managing local admin rights. Use the STAR method (Situation, Task, Action, Result) to structure your answers and demonstrate your analytical skills.
✨Communicate Clearly
As a Cyber Security Engineer, you'll need to explain complex concepts to both technical and non-technical stakeholders. Practice simplifying your explanations and be ready to showcase your communication skills during the interview.
✨Be Ready for Scenario Questions
Expect questions that put you in hypothetical situations related to endpoint management and security assessments. Think through how you would handle various scenarios, such as dealing with a security breach or implementing new EPM policies.
