Brooklyn, New York, United States
Senior Systems / Cloud & Security Engineer with 8+ years building and running secure Microsoft environments — from legacy on-prem operations to modern cloud-first identity, endpoint management, and XDR. I design enforceable controls (Conditional Access, device compliance, least privilege), operationalize them in Intune across Windows/macOS/Android Enterprise, and investigate incidents using Defender and KQL. I also deliver reliable networks with monitoring and clear change governance. I focus on measurable security posture, stability, and repeatable operations through automation (PowerShell/Graph/Azure Automation) and documentation.
• Built and standardized a Microsoft 365 + Entra ID + Intune security management stack from the ground up (baseline policies, enrollment flows, compliance posture, operational runbooks). • Architected device identity + access model: Conditional Access tied to device compliance/risk; implemented secure baselines and hardening for Windows 11 endpoints. • Designed and executed Windows 11 migration program end-to-end (readiness, rollout waves, cutover, rollback plan, post-migration stabilization). • Owned Intune at scale across Windows/macOS/iOS/Android: configuration profiles, compliance, app lifecycle (packaging → deployment → updates), and remediation workflows. • Implemented macOS security standardization (FileVault enforcement, configuration control, recovery processes, audit-ready settings). • Operationalized detection and response with Microsoft Defender (advanced hunting/KQL triage), reducing time-to-diagnose and enabling fast incident containment. • Designed multi-floor network architecture and maintained production reliability. • Established Tier 3 escalation + documentation/training: created SOPs, trained support staff, and implemented backup/DR procedures for business continuity.
• Delivered contract IT for SMB clients, bridging legacy sysadmin operations into modern Microsoft cloud management. • Planned and executed Microsoft 365 onboarding/migrations (identity, mail/collab setup, permissions, user readiness, cutovers). • Implemented Intune-based device standardization for Windows/macOS/mobile where applicable (profiles, compliance, app deployment, remediation). • Designed and supported UniFi networks (segmentation/VLANs, Wi-Fi tuning, site reliability, monitoring). • Built security baselines and operational processes (patching routines, endpoint hardening, backup/restore, incident triage). • Provided documentation/runbooks and handover to internal teams.
• Owned legacy on-prem Windows infrastructure end-to-end: core services, user access, permissions, troubleshooting, and vendor escalations. • Administered Active Directory (users/groups/GPO), standardized access management, and maintained operational stability for day-to-day business. • Operated Windows Server services (file/print, DNS/DHCP, RDP access, shared resources), ensuring uptime and predictable performance. • Implemented backup and recovery procedures and introduced monitoring practices to reduce downtime and improve incident response. • Built patching and endpoint hardening routines (baseline configurations, AV policies, local admin control, standard builds) to reduce security exposure. • Designed UniFi network segmentation (VLAN separation, guest vs corporate access, basic ACL rules where applicable) to improve reliability and limit lateral movement. • Created runbooks and repeatable procedures, reducing “tribal knowledge” and improving consistency of support.
• Provided on-site IT ownership: workstation deployment, user onboarding/offboarding, hardware lifecycle, and day-to-day support. • Diagnosed and resolved network/workstation issues (wired/wireless, printers, email, permissions), escalating to vendors when needed. • Standardized endpoint setup (images/templates, baseline apps, consistent configs) to reduce setup time and configuration drift. • Supported initial Microsoft 365 rollout workstreams (account setup, mailbox access, Teams/SharePoint user readiness) and created user guides. • Maintained asset tracking and basic operational documentation to keep IT work repeatable and auditable.