Cyber Security Operations Engineer

- Own identity security across Entra ID and SaaS platforms - Implement and maintain access policies aligned to best practice - Automate Joiner, Mover, Leaver (JML) processes where possible - Conduct monthly access reviews for critical systems and automate reporting - Enforce least privilege, role-based access, and credential hygiene across all environments - Maintain an inventory of all SaaS applications, users, and access patterns - Manage endpoint security tools (AV/EDR) and ensure full device coverage and compliance - Monitor and enhance logging, alerting, and detection pipelines across cloud and SaaS systems - Work with our SOC partner on investigations, tuning, alert health, and visibility gaps - Perform vulnerability management across identities, devices, and cloud workloads - Integrate relevant CTI insights and attacker TTPs into detection and response workflows - Conduct targeted threat hunts using IOCs, behavioural patterns, and identity anomalies - Improve detections based on real-world threats relevant to UniHomes - Contribute to incident response planning and participate in post-incident reviews - Pro-active PEN testing and ownership of PEN test reporting - Support audit readiness by producing evidence of controls and maintaining documentation - Improve security processes, playbooks, and automation across IAM, SaaS, cloud, and endpoints - Clearly communicate security status, risks, and improvements across teams - Work with platform engineers to ensure workloads follow secure configuration principles - Provide guidance on IAM, network access, logging, and hardening for AWS services - Support platform initiatives (e.g., observability, configuration standards, resilience) where security input is required