IT Operations & Security Engineer

About tsworks:

tsworks is a leading technology innovator, providing transformative products and services designed for the digital-first world. Our mission is to provide domain expertise, innovative solutions and thought leadership to drive exceptional user and customer experiences. Demonstrating this commitment, we have a proven track record of championing digital transformation for industries such as Banking, Travel and Hospitality, and Retail (including e-commerce and omnichannel), as well as Distribution and Supply Chain, delivering impactful solutions that drive efficiency and growth. We take pride in fostering a workplace where your skills, ideas, and attitude shape meaningful customer engagements.

About This Role:

We are seeking a disciplined and hands-on IT Operations & Security Engineer to manage corporate IT assets, identity systems, endpoint security, and foundational security monitoring operations.

This role will be responsible for maintaining structured control over corporate devices, identity governance (Entra ID / Active Directory), and internal security operations processes. The candidate will play a critical role in building a strong internal operational and security posture as tsworks continues to grow.

This is not a helpdesk-only role it is an infrastructure ownership role. This role owns core IT and identity infrastructure and is accountable for security, reliability, and operational discipline.

• Diploma or Bachelor's degree or equivalent practical experience in Computer Science, Information Technology, or related field.
  
• 3+ years of experience in IT Infrastructure, Systems Administration, or Security Operations.
  
• Strong hands-on experience with Microsoft Entra ID / Active Directory.
  
• Experience managing corporate laptop fleets and asset lifecycle processes.
  
• Experience with endpoint security tools (Microsoft Defender or equivalent).
  
• Experience with MDM platforms such as Intune.
  
• Working knowledge of networking fundamentals (DNS, TCP/IP, VPN, firewall basics).
  
• Experience with scripting (PowerShell preferred).
  

Preferred Qualifications:

• Microsoft Security or Azure certifications.
  
• Exposure to SIEM tools such as Microsoft Sentinel.
  
• Understanding of ISO 27001, SOC 2, or similar governance frameworks.
  
• Experience working in technology consulting or managed services environments.
  
• Experience supporting distributed or hybrid workforce environments.
  

In this role, you will be expected to perform:

Identity & Access Management:

• Manage Microsoft Entra ID / Active Directory
  
• Enforce MFA, Conditional Access, and RBAC policies
  
• Manage user onboarding and offboarding within defined SLAs
  
• Conduct periodic access reviews and admin privilege audits
  
• Integrate and maintain SSO across corporate applications
  
• Implement and maintain least-privilege access models
  
• Monitor and remediate stale, orphaned, and dormant accounts
  
• Enforce passwordless or strong authentication strategies where applicable
  
• Coordinate with application owners for role mapping and access alignment
  

IT Asset & Endpoint Management:

• Receive, tag, and maintain corporate IT asset inventory
  
• Track asset ownership, custody, and location (remote/onsite)
  
• Manage secure device handover and return processes
  
• Oversee secure data wipe and destruction certification
  
• Maintain spare pool and refresh cycle planning
  
• Coordinate with vendors for warranty, RMA, and repair logistics
  
• Enforce USB / removable media control policies
  
• Provision and configure laptops (Windows/macOS) with secure baselines
  
• Enforce disk encryption and endpoint protection standards
  
• Manage device lifecycle including repair, replacement, and decommissioning
  
• Maintain structured asset register and reporting
  

Endpoint Security & Compliance:

• Manage Intune or equivalent MDM platform
  
• Monitor device compliance and patch status
  
• Ensure all endpoints meet defined security configurations
  
• Track and remediate non-compliant devices
  

Security Monitoring (SOC Foundation):

• Monitor alerts from Microsoft Defender, Sentinel, or equivalent tools
  
• Investigate suspicious login or endpoint activity
  
• Maintain structured incident logs and documentation
  
• Perform basic root cause analysis and escalation as required
  
• Support internal security posture reporting
  
• Define and maintain incident response playbooks
  
• Support tabletop incident response exercises
  
• Coordinate containment actions (account disablement, device isolation)
  
• Track MTTD / MTTR metrics for internal security incidents
  

Governance & Documentation:

• Maintain IT policies and standard operating procedures
  
• Support client security questionnaires and audits
  
• Maintain logs required for compliance tracking
  
• Generate periodic IT and security health reports
  
• Assist in risk register updates related to IT & identity
  
• Track and report policy exceptions and remediation plans
  
• Ensure log retention policies align with compliance needs