Microsoft Defender Administrator ENG

Overview

We are looking for a Microsoft Defender Administrator to manage the configuration, optimization, and maintenance of Microsoft Defender solutions across the organization. This is a technical, hands-on role focused on policy tuning, agent deployment, and troubleshooting, ensuring all endpoints are secure, compliant, and performing optimally.

Policy Management & Tuning

Configure and fine-tune Microsoft Defender policies (AV, EDR, ASR, etc.).

Administer Security Baselines and optimize policies to reduce false positives while maintaining strong security posture.

Manage and review exclusions lists (applications, paths, processes).

Agent Deployment & Troubleshooting

Deploy and administer Microsoft Defender agents across Windows, macOS, and Linux using Intune, GPO, or SCCM.

Troubleshoot issues such as onboarding/offboarding failures, corrupted agents, and update problems.

Analyze local logs (Event Viewer, MpCmdRun.exe, MsSense.exe, ATP logs).

Use PowerShell scripts for:

health checks,

forced onboarding/offboarding,

agent reset,

diagnostics collection.

Configuration & Integration

Integrate Defender with Intune, Azure AD, and other management platforms.

Create and manage device groups with differentiated policies (e.g., developers vs. finance).

Maintain signature and platform updates across all endpoints.

Health Management & Reporting

Monitor device health status daily and remediate issues proactively.

Generate monthly reports on device coverage, agent health, and compliance status.

Maintain updated internal documentation and troubleshooting runbooks.

Ideal Candidate Profile

Detail-oriented with a proactive approach to problem prevention.

Strong troubleshooting and scripting abilities using Powershell.

Continuous learner, eager to adopt new Microsoft Defender features.

Collaborative mindset, working closely with IT and security teams.