Responsibilities

• Lead ongoing initiatives for modern end-user workspace to enhance collaboration, mobility, performance, security, and service levels across the Bank.
• Contribute to the development and engineering of the client computing platform and the Bank’s digital workspace strategy and roadmap.
• Design, manage, and administer Intune-managed, Entra‑ID joined Windows devices, covering: 
  • Autopilot provisioning workflows
  • Configuration profiles and security baselines
  • Compliance policies, update rings, and feature update management
  • Win32/MSI application packaging, deployment, and troubleshooting
  • Endpoint Security controls (AV/EDR, Firewall, ASR, BitLocker, WDAC/AppLocker)
  • Proactive Remediation scripting and advanced troubleshooting
• Develop and maintain standards and policies for client endpoint computing platforms, including Microsoft Windows, mobility solutions, Intune MDM, Purview Information Protection, and modern application control frameworks.
• Provide subject matter expertise to regional teams in adopting modern endpoint management, cloud-based workspace tools, and modern authentication architectures; collaborate closely with Tokyo Head Office.
• Partner with project teams to deliver endpoint-related transformation projects and ensure alignment of architecture, solution design, processes, and service delivery.
• Oversee engineering lifecycle responsibilities including OS image engineering, build maintenance, testing, automation, compatibility validation, and deployment.
• Prepare architecture documentation, engineering runbooks, solution design papers, and project reporting materials.
• Ensure timely and concise communication of project status, risks, issues, and progress to stakeholders and IT teams.

Requirements

• Bachelor’s Degree in IT, Computer Science, Computer Engineering, or equivalent.
• Minimum 6 years of experience supporting IT End User Services.
• Mandatory Microsoft certifications, ideally covering M365, Intune/Endpoint Administration (MD-102/MD-100), Modern Desktop Administrator Associate, or relevant Azure certifications (Azure Administrator, etc.).
• ITIL Foundation certification with a strong understanding of Change, Incident, and Problem Management.

• Intune & Entra ID (Azure AD) Administration — Mandatory
• The candidate must have at least 3–5 years of direct, hands-on engineering experience with Intune—not limited to operator-level tasks such as onboarding/offboarding. Required experience includes:

1. 1. Managing Entra‑ID joined and hybrid Azure AD/AD DS joined Windows devices at enterprise scale.
   2. Designing, implementing, and maintaining: 

• • Intune configuration profiles, security baselines, and compliance frameworks
  • Windows Update for Business policies and update ring management
  • Autopilot deployment profiles, ESP tuning, and provisioning troubleshooting
  • Application lifecycle management using Win32, MSI, MSIX packages
• Strong understanding of Intune device compliance, Conditional Access, modern authentication, and Zero Trust endpoint controls.
• Expertise in proactive remediation scripts, device health analytics, policy conflict analysis, and root-cause troubleshooting for MDM-related issues.

• Deep knowledge of Microsoft 365 workloads, Group Policy management, AD DS (Trusts, Sites/Services), DNS, DHCP, DFS, and Exchange Online Protection.
• Experience with modern authentication architectures, including SSO, MFA, Conditional Access, and integration across cloud and on-premise systems.

• Strong hands-on experience in: 
  • Windows 10/11 OS image engineering, build automation, and deployment
  • Application compatibility assessment and remediation
  • Unified Communication and Collaboration tools
  • SCCM/MECM and co-management with Intune
  • VDI technologies (Citrix, Horizon, AVD)
  • Device health, performance tuning, and endpoint security hardening

• Solid working knowledge of Microsoft Purview Information Protection, sensitivity labeling, DLP, endpoint monitoring, and data governance.