Sr Engineer, IT Security; NTD

Nintendo Technology Development is a wholly owned subsidiary of Nintendo, based in Redmond, Washington, focused on future hardware and software technology.

Nintendo is an equal opportunity employer and offers a welcoming and inclusive environment.

The Senior Engineer, IT Security for Nintendo Technology Development Inc. (NTD) organization will own and evolve the security for our Microsoft 365 (M365) tenant, drive Identity and Access Management (IAM) operations, and harden endpoint security at scale across Windows, macOS, and Linux devices. This role will be the technical driver for secure collaboration and device protection; designing, implementing, and operating controls using existing and emerging technologies.

This role requires partnership with NTD IT Operations, IT security teams at Nintendo Co., Ltd. (NCL), and Nintendo of America Inc. (NOA) to deliver reliable, compliant, and auditable services with measurable outcomes.

• Implement and optimize Microsoft Entra Conditional Access, tenant security defaults, privileged access policies, and MFA/SSPR at scale.
• Operate and harden Microsoft Entra  (Azure AD): lifecycle governance, automated provisioning/deprovisioning, privileged identities (PIM), app registrations, consent/permission reviews.
• Build and maintain RBAC/least-privilege access models for cloud and SaaS apps; implement Just-In-Time access for admins and sensitive roles.
• Integrate HRIS and identity sources for Joiner-Mover-Leaver flows, enforce identity proofing and MFA step‑up for high‑risk transactions.
• Design and enforce data governance (labels, DLP, retention, eDiscovery/Legal Hold, insider risk signals) and collaboration controls (external sharing, guest access, B2B/B2C).
• Establish monitoring/alerting/SLAs for tenant and identity‑related services; lead incident response and help develop IR playbooks in conjunction with IT Security Operations.

• Own the migration from an existing endpoint management system to a more robust solution, such as the Crowd Strike Falcon platform, for all endpoints: sensor deployment/coverage, policy tuning, RTR workflows, and threat hunting guardrails.
• Lead efforts with platform engineers for OS‑specific hardening baselines (CIS/NIST) and secure configuration:
  Bit Locker/File Vault/LUKS, kernel extension/driver policies, local admin control, application allow/deny lists.
• Lead incident triage and response on endpoints, including containment, forensic collection, and post‑incident hardening.

• Build and operationalize Splunk detections and dashboards integrating M365, Entra, Crowd Strike, Defender, Intune, and OS logs.
• Develop automated response playbooks to reduce MTTR.

• Create robust automation and self‑service tooling for identity and endpoint operations.
• Maintain IaC for policy‑as‑code (e.g., Conditional Access, PIM role settings).
• Document runbooks, architecture diagrams, inventories, and SOPs; mentor engineers and drive operational maturity.

• Map controls to regulatory frameworks (SOX, J‑SOX, etc.); support audits with evidence and narratives.
• Lead periodic access reviews, admin entitlement recertification, and break‑glass account governance.
• Conduct tabletop exercises, disaster recovery testing, and security drills tied to identity and endpoint scenarios.

Up to 10% travel; domestic and international.

• 8+ years in enterprise IT/Security engineering with deep hands‑on experience in M365 administration, IAM operations, or endpoint security.
• Expert‑level experience with M365 & Entra l Access, MFA/SSPR, PIM/PAM, app registrations, service principals, identity lifecycle.
• Expert‑level experience with Endpoint Security:
  Crowd Strike Falcon or equivalent (policy design, RTR, detection tuning) across Windows, macOS, Linux.
• Expert‑level experience with Logging/SIEM:
  Splunk or equivalent (search, dashboards, alerting, detection engineering).
• Strong automation skills:
  Power Shell (Graph modules), Python, REST/Graph APIs; CI/CD and version control…