IT Infrastructure Engineer (Identity and Security) - A26144

Activate Interactive Pte Ltd (“Activate”) is a leading technology consultancy headquartered in Singapore with a presence in Malaysia and Indonesia. Our clients are empowered with quality, cost-effective, and impactful end-to-end application development, like mobile and web applications, and cloud technology that remove technology roadblocks and increase their business efficiency.

We believe in positively impacting the lives of people around us and the environment we live in through the use of technology. Hence, we are committed to providing a conducive environment for all employees to realize their full potential, who in turn have the opportunity to continuously drive innovation.

We are searching for our next team members to join our growing team.

If you love the idea of being part of a growing company with exciting prospects in mobile and web technologies that create positive impact on people’s lives, then we would love to hear from you.

We are seeking highly skilled and innovative engineer to join our transformative SSOE Programme that manages more than 350 schools across Singapore. This is an exceptional opportunity to shape the future of educational technology infrastructure and enhance the learning experience of more than 450,000 students and 35,000 education professionals.

As a Senior / IT Infra Engineer focusing on Identity and Security, you will be the primary engineer for our Zero Trust ecosystem. You will lead the end-to-end design and implementation of both a secure endpoint environment; center heavily on Data Loss Prevention (DLP), Endpoint Protection Platforms (EPP), and Endpoint Detection and Response (EDR); and identity-driven access governance utilizing on-premises Active Directory (AD) and cloud-native Entra. Your mission is to ensure that every user, device, and application within the Microsoft 365 cloud ecosystem is verified, seamlessly managed throughout the identity lifecycle, and continuously monitored against evolving threats.

What will you do?

Identity & Access Governance

• Design and architect Entra ID (Azure AD) solutions, focusing on Conditional Access policies, Privileged Identity Management (PIM), and Identity Protection to enforce least privileged access.
• Manage complex Identity Lifecycle processes, ensuring seamless and secure integration between on-premises Active Directory and cloud-native identity providers.
• Implement and maintain Passwordless authentication and Multi-Factor Authentication (MFA) strategies to eliminate credential-based vulnerabilities.

Security Engineering & Threat Protection

• Work with security team to engineer and operate the Microsoft Defender for Endpoint and Defender for Office 365 suites (EPP/EDR) to proactively hunt for threats and remediate vulnerabilities across the fleet.
• Deploy and manage Microsoft Purview for information protection, Data Loss Prevention (DLP), and eDiscovery, ensuring sensitive corporate data remains governed and compliant.
• Develop automated response playbooks using PowerShell and Microsoft Graph API to neutralize security incidents in real-time.

Identity & Access Governance

• Design and architect Entra ID (Azure AD) solutions, focusing on Conditional Access policies, Privileged Identity Management (PIM), and Identity Protection to enforce least privileged access.
• Implement and maintain Passwordless authentication and Multi-Factor Authentication (MFA) strategies to eliminate credential-based vulnerabilities.
• Lead the identity and access design for enterprise-wide rollouts, ensuring robust authentication mechanisms are baked into every deployment.
• Act as the primary technical liaison for Cybersecurity Audits, providing data-driven evidence of compliance regarding identity lifecycles and access control.
• Mentor the team on security best practices, conducting knowledge-sharing sessions on the latest Entra features and identity threat landscapes.

Automation & Observability

• Automation: Engineer for scalability by building reusable automation and utilizing PowerShell scripting and related tools like PowerBI, Dynatrace and Axonius to monitor service health and reporting to derive insights.
• Scripting & API: Use PowerShell, Bash, and Python to automate repetitive tasks and interact with the Microsoft Graph API for custom reporting.
• Fleet Analytics: Utilize KQL and Endpoint Analytics to monitor device health, battery wear, and application performance across the entire estate.
• Self-Service: Develop and maintain "Self-Service" portals for both staff and students to empower users and reduce helpdesk ticket volume.

General Responsibilities

• Engage stakeholders to translate business requirement into design and services to meet the intended availability, capacity, resiliency, security and continuity requirements.
• Forecast budget needed to support the project initiatives and maintenance contracts.
• Ensure MOE’s related Technical Architecture are in compliance with IM8 and Agency’s IT Policies and Standards.
• Manage day-to-day delivery and support of application infrastructure services and collaborate with other government agencies and central services teams to facilitate and deliver government-wide services.

Leadership & Strategic Compliance

• Lead the security design for enterprise-wide software rollouts, ensuring "Security by Design" is baked into every deployment.
• Act as the primary technical liaison for Cybersecurity Audits, providing data-driven evidence of compliance with global security standards (e.g., ISO 27001, SOC2).
• Mentor the team on security best practices, conducting regular knowledge-sharing sessions on the latest M365 security features and threat landscapes.

• Identity Expertise: Technical mastery of both on-premises Active Directory and cloud native Entra ID, including B2B/B2C scenarios, App Registrations, and Enterprise Applications.
• Security Stack Mastery: Proven experience implementing the full Microsoft 365 Defender suite and Microsoft Purview, encompassing DLP, EDR, EPP, and identity security capabilities.
• Automation-First Mindset: Proficiency in PowerShell and MS Graph API for comprehensive security and identity auditing, as well as automated threat remediation.
• Analytical Rigor: Ability to synthesize complex security and identity logs into actionable risk recommendations for executive leadership.
• Preferred Certifications: SC-100 (Microsoft Cybersecurity Architect), SC-300 (Microsoft Identity and Access Administrator), MS-500 (Microsoft 365 Security Administration), and CISSP or an equivalent security-focused accreditation.
• Proactive and dedicated individual with good leadership and multi-tasking capabilities as well as the ability to work independently without the need for close supervision.
• Experienced in contract and vendor management.
• Good communication skills, both oral and written, with the ability to pitch ideas and communicate effectively with stakeholders.
• Team player with strong organization and people handling skills

What do we offer in return?

• Fun working environment
• Employee Wellness Program
• To work in Singapore Government Agencies projects
• We provide structured development framework and growth opportunities. (We are a “SHRI 2025 Gold winner” in “Learning & Development; Coaching & Mentoring”)

Why you'll love working with us?

If you are looking for opportunities to collaborate with leading industry experts and be surrounded by highly motivated and talented peers, we welcome you to join us. We provide all employees with equal opportunities to grow and develop with us. We believe your success is our success.

Does it sound like something you are interested in exploring further? Please be in touch with our team for an initial chat at 

Activate Interactive Singapore is an equal opportunity employer. Employment decisions will be based on merit, qualifications and abilities. Activate Interactive Pte Ltd does not discriminate in employment opportunities or practices on the basis of race, color, religion, gender, sexuality, national origin, age, disability, marital status or any other characteristics protected by law.

Protecting your privacy and the security of your data are longstanding top priorities for Activate Interactive Pte Ltd.

Your personal data will be processed for the purposes of managing Activate Interactive Pte Ltd’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results, and as is otherwise needed in the recruitment and hiring processes.

Please consult our Privacy Notice (https://www.activate.sg/privacy-policy) to know more about how we collect, use, and transfer the personal data of our candidates. Here you can find how you can request for access, correction and/or withdrawal of your Personal Data.