Senior Software Engineer II - M365 Security

About Marriott:

Marriott Tech Accelerator is part of Marriott International, a global leader in hospitality. Marriott International, Inc. is a leading American multinational company that operates a vast array of lodging brands, including hotels and residential properties. It consists of over 30 well-known brands and nearly 8,900 properties situated in 141 countries and territories.

Role Title: Senior Software Engineer II

Experience Range: 6+ years

Work location: Hyderabad, India.

Work mode: Hybrid

Engineer – Mac and Windows Endpoint Vulnerability & Platform Automation

Job Summary:

The Mac and Windows Endpoint Vulnerability & Platform Automation engineer is a hands-on technical role responsible for engineering, operating, and continuously improving endpoint vulnerability management across enterprise Mac and Windows environments. This role serves as a technical authority for vulnerability remediation, platform automation, and data-driven risk analysis across Microsoft Intune and Microsoft Configuration Manager (SCCM), partnering closely with Security, Product, and Operations teams to reduce endpoint risk at scale.

Key Responsibilities:

Endpoint Vulnerability Management:

• Vulnerability management for Mac and Windows endpoints, including detection, prioritization, remediation, validation, and reporting.
• Translate OS, application, and configuration vulnerabilities into automated remediation actions using Intune and SCCM.
• Partner closely with Information Security to operationalize vulnerability intelligence into enforceable endpoint controls.
• Track remediation SLAs and ensure measurable reduction in endpoint risk over time.
• Cross-System Data Analysis & Risk Correlation
• Analyze and correlate data across Intune, SCCM, endpoint security tools, compliance platforms, log analytics, and reporting dashboards.
• Identify vulnerability trends, recurring failure patterns, and systemic root causes.
• Differentiate true risk from false positives and environmental constraints using multi-source validation.
• Prioritize remediation based on risk, exposure, device population, and business impact.
• Automation & Platform Engineering
• Design and maintain automated remediation workflows using Intune remediation scripts, proactive remediations, and SCCM baselines.
• Develop version-controlled scripts for configuration hardening, patch enforcement, and post-deployment validation.
• Enable off-network detection and remediation using cloud-based management capabilities.
• Continuously improve endpoint reliability and compliance through automation rather than manual intervention.

Frequent Endpoint Vulnerability Examples:

• Outdated or unsupported Windows or macOS versions
• Missing or delayed operating system security patches
• Unpatched third-party applications (browsers, productivity tools, runtimes)
• Configuration drift from security baselines
• Disk encryption not enabled or misconfigured (BitLocker / FileVault)
• Unsupported or end-of-life hardware or OS builds
• Endpoints failing to check in or report compliance
• Failed or partially applied security or compliance policies
• Legacy agents or tooling causing conflicts
• Off-network devices falling out of compliance

Required Qualifications:

• 5+ years of experience managing enterprise Windows and/or macOS endpoints.
• Strong hands-on experience with Microsoft Intune.
• Working knowledge of Microsoft Configuration Manager (SCCM).
• Proven ability to analyze and correlate data across multiple systems.
• Strong scripting skills (PowerShell/python; Bash or shell scripting for macOS).
• Strong experience with Microsoft 365 Security.
• Power BI is nice to have
• Experience operationalizing vulnerability management at enterprise scale.

Preferred Qualifications:

• Experience supporting large, globally distributed endpoint environments.
• Familiarity with endpoint security, compliance, and vulnerability tooling.
• Experience integrating endpoint data into reporting platforms such as Power BI or Log Analytics.
• Experience operating in audit-heavy or regulated environments.
• Business Impact
• This role is critical to reducing enterprise endpoint risk by ensuring vulnerabilities are identified through data-driven analysis and remediated through scalable automation. The engineer enables consistent compliance across Mac and Windows platforms, improves security posture for off-network devices, and reduces operational effort through standardized, repeatable solutions.

Education and Certifications:

• Undergraduate degree or equivalent experience/certification