Senior Microsoft Engineer - Modern Workspace

AHEAD builds platforms for digital business. By weaving together advances in cloud infrastructure, automation and analytics, and software delivery, we help enterprises deliver on the promise of digital transformation. At AHEAD, we prioritize creating a culture of belonging, where all perspectives and voices are represented, valued, respected, and heard. We create spaces to empower everyone to speak up, make change, and drive the culture at AHEAD.  We are an equal opportunity employer, and do not discriminate based on an individual's race, national origin, color, gender, gender identity, gender expression, sexual orientation, religion, age, disability, marital status, or any other protected characteristic under applicable law, whether actual or perceived.  We embrace all candidates that will contribute to the diversification and enrichment of ideas and perspectives at AHEAD.  We are seeking a seasoned Senior Modern Workspace Engineer with deep technical expertise across the Microsoft 365 ecosystem. This is a senior-level, hands-on engineering role focused on design, implementation, troubleshooting, and Tier-3 support of enterprise Modern Workplace environments for Fortune 1000 and upper-mid-market clients.   You will act as the technical escalation point for complex issues spanning Microsoft Endpoint Manager (Intune), Azure AD/Entra ID, Windows Autopilot, Defender for Endpoint, Exchange Online, SharePoint Online, OneDrive, Teams governance, and Power Platform administration.  Responsibilities

Architect, deploy, and optimize large-scale Microsoft 365 Modern Workplace solutions (5,000–150,000+ seats) 

Serve as final escalation point for critical production incidents involving Intune, Autopilot, Windows 365 Cloud PC, Entra ID Conditional Access, Defender for Endpoint, and Teams 

Perform advanced troubleshooting of device compliance, application deployment failures, provisioning issues, BitLocker recovery, and hybrid identity sync problems 

Design and implement enterprise-grade Conditional Access policies, Intune configuration profiles, compliance policies, and Windows Update rings 

Lead Autopilot migrations (on-prem ConfigMgr → full cloud Autopilot) and Windows 365 Cloud PC deployments 

Build and maintain PowerShell/PnP/Graph API automation for tenant-wide governance and lifecycle management 

Optimize Microsoft Teams environments (voice, meetings, governance, retention, data loss prevention) 

Integrate and troubleshoot Defender for Endpoint, Defender for Office 365, and Microsoft Purview (Information Protection, DLP, Insider Risk) 

Conduct performance and security reviews of Entra ID, SharePoint, and OneDrive configurations 

Create and deliver technical run-books, root-cause analysis reports, and proactive health assessments 

Mentor mid-level engineers and contribute to internal knowledge base and tooling 

Participate in a 24×7 on-call rotation (with generous premium on-call compensation) 

8+ years of progressive experience in Microsoft endpoint and cloud identity management 

Expert-level knowledge of Microsoft Intune, Entra ID (Azure AD), Autopilot, Windows 365, and Co-management 

Advanced PowerShell and Microsoft Graph API scripting (automation is a daily activity) 

Proven track record resolving complex, enterprise-scale Modern Workplace incidents 

Deep understanding of Entra ID Conditional Access, MFA, identity protection, and privileged identity management 

Hands-on experience with Defender for Endpoint advanced hunting, attack surface reduction, and ASR rules 

Strong knowledge of Microsoft Teams administration (including Teams Phone / Direct Routing if certified) 

Experience with large SharePoint Online migrations, sensitivity labels, and retention policies 

Excellent communication skills and prior client-facing consulting or enterprise support experience