Xentura ONE is a Global One‑Stop Multi‑Cloud Solution Provider and a Microsoft CSP Partner for Sri Lanka & Maldives, with delivery footprints in Sri Lanka, Maldives, Singapore, UAE, and New Zealand. We help enterprises modernize workplaces, elevate cybersecurity, and optimize licensing through outcome‑driven engagements and user adoption programs.
Role Purpose
As a System Engineer for Microsoft 365 & Security, you will design, implement, secure, and operate Microsoft 365 environments for our customers—end‑to‑end. You will lead deployments covering Intune, Conditional Access, Zero Trust, Defender XDR, RBAC, Sensitivity Labels/DLP, and compliance—and you’ll work hands‑on through migration, hardening, automation, documentation, and user adoption training.
Key Outcomes (12–18 months)
- Secure-by-default tenant baselines in line with Zero Trust and Xentura standards across Entra ID, M365, and endpoints.
- Measurable risk reduction (e.g., MFA coverage, CA policy coverage, attack surface reduction, DLP policy efficacy).
- High adoption of core workloads (Teams/SharePoint/OneDrive/Outlook) via structured training sessions and champions programs.
- Reliable operations—clear runbooks, monitored health, and SLA‑compliant incident response with low MTTR.
- Cost and license optimization aligned to customer business plans and CSP best practices.
What You’ll Do
- Architecture & Implementation
- Lead buildouts across Exchange Online, SharePoint Online, OneDrive, Teams, and M365 core services.
- Configure Intune (device compliance, app protection, Autopilot), Conditional Access, MFA, Zero Trust controls, and Defender for Office 365 / Defender XDR.
- Set up Sensitivity Labels, DLP, retention, and eDiscovery with Microsoft Purview. [^1]
- Execute cloud migrations, including Google Workspace/other platforms to Microsoft 365, using best‑practice cutover/hybrid approaches.
- Security, Identity & Compliance
- Administer Microsoft Entra ID (formerly Azure AD), identity governance (access reviews, least privilege/RBAC), and guest/external collaboration.
- Implement attack surface reduction, Safe Links/Safe Attachments, phishing protection, and threat hunting (KQL) in M365 Defender.
- Tune alerting, triage incidents, and coordinate with customers on response and post‑incident hardening.
Operations & Customer Success
- Own runbooks, diagrams, and as‑built documentation; hand over to managed services smoothly.
- Deliver user adoption sessions and admin enablement aligned to Xentura’s value‑added programs.
- Monitor service health, capacity, and changes (Message Center, roadmap impacts), and communicate clearly with stakeholders.
Automation & Tooling
- Script with PowerShell / Microsoft Graph to automate provisioning, policy deployment, reporting, and governance checks.
- Build practical admin dashboards and compliance reports (e.g., Secure Score, MFA adoption, DLP events).
- Collaboration & Pre‑Sales
- Contribute to SoWs, BoMs, and design documents; participate in workshops and solution walkthroughs.
- Work with cross‑vendor stacks (e.g., Sophos) when required, ensuring clean integration with Microsoft 365 controls.
Qualifications
Must‑Have
- 2-5 years (Senior: 6+; Lead: 8+) administering Microsoft 365 in MSP/partner or enterprise environments.
- Hands‑on with Intune, Conditional Access, MFA, Defender (Email/Endpoints/Identity/Cloud Apps), Purview (DLP/Labels/Retention/eDiscovery), and Exchange/SharePoint/Teams.
- Strong PowerShell and solid understanding of Zero Trust and identity‑centric security.
- Experience running cloud migrations (mailboxes, files, and collaboration workloads).
- Clear written/verbal communication and stakeholder management.
Nice‑to‑Have (Plus Points)
Certifications:
- MS‑102 (Microsoft 365 Administrator), SC‑200 (Security Operations), SC‑300 (Identity & Access), MD‑102 (Endpoint Admin), AZ‑104.
- Exposure to Defender for Cloud Apps (MDA), Access Reviews, Entitlement Management, Privileged Identity Management.
- Familiarity with CSP operations/licensing and cost optimization.
Tools & Platforms You’ll Use
- Microsoft 365 Admin Center, Entra ID, Intune, Exchange/SharePoint/Teams admin portals, Defender XDR, Purview, PowerShell/MS Graph, Advanced Hunting (KQL), Azure Monitor/Log Analytics, and standard ITSM/PM tools
Why Xentura ONE
- Opportunity to deliver end‑to‑end Microsoft 365 Security programs for marquee customers in multiple countries.
- A culture of customer‑first delivery and structured user adoption that amplifies project impact.
- Work alongside certified engineers within a recognized Microsoft CSP partner ecosystem.
How to Apply
Send your CV directly to future@xentura.com.lk or submit it via LinkedIn
.png)
