) MDE Platform Administration (Tenant-Level)
2) Server Onboarding & Offboarding (Windows & Linux)
a. Design and operate scalable onboarding processes:
i. Windows Server: MECM/SCCM, GPO, Intune, Azure Arc, scripts; ensure Sense EDR sensor and Defender Antivirus are properly configured (including passive mode transitions if 3rd-party AV present).
ii. Linux Server: Package-based installs (mdatp via apt/yum/zypper), onboarding scripts, repo configuration, proxy settings, and service validation.
b. Maintain golden images / AMIs with pre-onboarding steps, device tagging, and machine groups.
c. Operate offboarding flows (offboarding package/keys) for decom, M&A carve-outs, and cloud auto-scale lifecycles; reconcile stale/duplicate devices.
d. Track coverage: % of in-scope servers onboarded, health status, and remediation of inactive/unhealthy devices.


3) Policy, Exclusions & Hardening
a. Define/maintain AV policies, EDR in block mode, Attack Surface Reduction (ASR) rules, Network Protection, Controlled Folder Access (where server-appropriate).
b. Implement file/path/process exclusions with risk-based justification, balancing performance and detection efficacy; periodic review, attestation, and removal of stale exceptions.
c. Manage Indicators (IOCs), custom URL/Domain/IP indicators, and controlled testing with robust change control.
4) Operations & Support
a. Operate day-to-day MDE tool support: ticket queue, troubleshooting onboarding/health/AV conflicts, performance tuning, and sensor/engine update issues.
b. Partner with SOC/IR on incidents; drive endpoint containment, isolation support, evidence capture, and post-incident hardening actions.
5) Automation & Scale
a. Build automation with PowerShell, Bash, Azure Automation, Azure DevOps/GitHub Actions, M365 Defender/Graph APIs

Profile
We're seeking a hands-on MDE Platform Engineer to administer Microsoft Defender for Endpoint across Windows and Linux server estates. You will own the MDE platform in our Azure/M365 tenant, ensure secure and compliant onboarding/offboarding of servers at scale, and manage EDR + Defender Antivirus policies, exceptions, ASR, EDR in block mode, sensor health and agent update rings. The ideal candidate brings deep operational experience with MDE on servers, automation-first mindset, and strong collaboration with Infra, SOC, and platform teams.