Staff Security Operations Engineer

  • Full-time
  • Salary Range: 124,837.00-206,793.00
  • Job Type (exemption status): Exempt position - Please see related compensation & benefits details below
  • Business Function: IT Security
  • Work Location: Irvine Office--LOC_WDT_USCA01

Company Description

Sandisk understands how people and businesses consume data and we relentlessly innovate to deliver solutions that enable today’s needs and tomorrow’s next big ideas. With a rich history of groundbreaking innovations in Flash and advanced memory technologies, our solutions have become the beating heart of the digital world we’re living in and that we have the power to shape.

Sandisk meets people and businesses at the intersection of their aspirations and the moment, enabling them to keep moving and pushing possibility forward. We do this through the balance of our powerhouse manufacturing capabilities and our industry-leading portfolio of products that are recognized globally for innovation, performance and quality.

Sandisk has two facilities recognized by the World Economic Forum as part of the Global Lighthouse Network for advanced 4IR innovations. These facilities were also recognized as Sustainability Lighthouses for breakthroughs in efficient operations. With our global reach, we ensure the global supply chain has access to the Flash memory it needs to keep our world moving forward.

Job Description

This role is primarily focused on driving the Microsoft Entra ID device migration and providing Entra ID engineering support across the organization. The Staff Security Operations Engineer serves as a key technical driver for migrating devices into Entra ID and as a hands-on engineering resource for the Entra ID (Azure AD) platform. Supporting identity and access management technologies - multi-factor authentication (Duo MFA and Windows Hello for Business), mobile device management, and Active Directory - make up the secondary scope of the role.

Essential Duties and Responsibilities: 

  • Entra ID Device Migration (Primary Focus):
    • Drive and lead the migration of devices into Microsoft Entra ID, including Entra ID join and hybrid Entra ID join scenarios.
    • Plan, schedule, and execute device migration waves from on-premises Active Directory / hybrid configurations to Entra ID, with minimal disruption to end users.
    • Develop migration runbooks, rollback plans, validation checklists, and success criteria for each migration phase.
    • Coordinate with endpoint, IT, and security teams to align device readiness, Conditional Access, and compliance requirements ahead of migration.
    • Troubleshoot device join, registration, enrollment, and Conditional Access issues encountered during migration.
    • Track migration progress, report on adoption metrics, and continuously refine the migration approach.
  • Entra ID Engineering Support (Primary Focus):
    • Provide engineering-level administration and operational support for the Microsoft Entra ID (Azure AD) platform.
    • Configure and manage Conditional Access policies, Identity Protection, single sign-on (SSO), app registrations, and enterprise applications.
    • Support hybrid identity using Microsoft Entra Connect (Azure AD Connect), ensuring reliable synchronization between on-premises AD and Entra ID.
    • Act as the technical escalation point for Entra ID incidents, identifying root causes and implementing durable solutions.
    • Automate Entra ID administration, reporting, and provisioning tasks using PowerShell and Microsoft Graph.
    • Maintain documentation, runbooks, and operational procedures for the Entra ID environment.
  • Multi-Factor Authentication (MFA) Management (Secondary Focus):
    • Administer and manage the organization’s MFA platforms, including Duo MFA and Windows Hello for Business.
    • Implement and enforce MFA policies across the organization, ensuring integration with various applications and systems.
    • Monitor MFA performance, troubleshoot issues, and handle escalations related to authentication failures or policy violations.
  • Mobile Device Management (MDM) (Secondary Focus):
    • Support the administration of the Intune platform security, Conditional Access and Compliance, and RBAC/PIM/MAA Governance.
    • Work with IT teams to ensure all mobile devices comply with organizational security policies and access controls.
  • Active Directory (AD) (Secondary Focus):
    • Provide support for Active Directory, managing user accounts, group policies, and organizational units.
    • Support hybrid identity integration between on-premises AD and Entra ID using Microsoft Entra Connect.
    • Troubleshoot and resolve issues related to AD/Entra ID authentication and access provisioning.
  • IAM Process Optimization:
    • Continuously evaluate and improve IAM processes related to Entra ID, device migration, MFA, and AD to enhance security and user experience.
    • Automate routine identity management tasks and workflows to increase efficiency and reduce manual errors.
  • Incident Response and Troubleshooting:
    • Act as the technical escalation point for identity-related incidents involving Entra ID, device migration, Duo MFA, Windows Hello for Business, and other IAM systems.
    • Investigate, troubleshoot, and resolve IAM issues, working closely with other teams to identify root causes and implement solutions.
  • Compliance and Reporting:
    • Ensure IAM solutions meet compliance requirements such as SOX, etc.
    • Generate reports for auditing purposes and provide insights into the security posture of identity systems.
  • Collaboration and Documentation:
    • Collaborate with security, IT, and compliance teams to define and implement identity governance frameworks.
    • Develop and maintain comprehensive documentation for all IAM solutions, policies, and procedures.
  • Training and Knowledge Sharing:
    • Provide training to end-users and technical staff on IAM best practices, focusing on Entra ID, MFA, and other key services.
    • Stay up-to-date with industry trends and emerging technologies to continuously enhance the organization’s IAM capabilities.

Professional Attributes

  • Leadership: Demonstrated ability to assist in leading cross-functional teams and manage technical resources, driving projects and solutions to successful completion.
  • Problem-Solving: Strong analytical and troubleshooting skills with a proactive approach to identifying and resolving issues within complex identity and directory environments.
  • Analytical Skills: Ability to analyze complex IAM issues and apply logical troubleshooting techniques to resolve identity-related problems.
  • Attention to Detail: High accuracy and attention to detail in managing identity policies, systems configurations, and security protocols.
  • Communication: Strong communication skills to collaborate with technical and non-technical stakeholders across the organization.
  • Team Player: Ability to work effectively as part of a cross-functional team, with a focus on supporting the broader IAM strategy.
  • Customer Focused: Demonstrated ability to deliver excellent service to internal and external stakeholders, focusing on user experience without compromising security.
  • Adaptability: Ability to quickly learn and adapt to new tools, technologies, and security practices in a dynamic IT environment.

    Qualifications

    Required:

    • Education:
      • BA or BS in Information Technology, Computer Science, Information Security, or a related field. Equivalent hands-on experience in IAM may be considered in lieu of a degree.
      • Relevant certifications such as Microsoft Certified: Identity and Access Administrator, Microsoft Certified: Endpoint Administrator, Certified Information Systems Security Professional (CISSP), or DUO Security Administrator are desirable.
    • Experience:
      • 6+ years of experience in IT or Information Security, with a focus on identity and access management.
      • 3+ years of direct, hands-on experience with Microsoft Entra ID (Azure AD), including device migration and engineering support.
      • Experience working with Duo MFA, Windows Hello for Business, Microsoft Intune, and Active Directory.
    • Microsoft Entra ID (Azure AD) (Primary):
      • Hands-on experience driving device migrations into Entra ID, including Entra ID join and hybrid Entra ID join.
      • Engineering-level experience administering Entra ID, including Conditional Access, Identity Protection, SSO, app registrations, and enterprise applications.
      • Experience with Microsoft Entra Connect (Azure AD Connect) for hybrid identity synchronization between on-prem AD and Entra ID.
      • Ability to configure, enforce, and troubleshoot Entra ID policies across diverse applications, devices, and systems.
    • Multi-Factor Authentication (MFA):
      • Experience administering and managing Duo MFA and Windows Hello for Business, or similar authentication platforms.
      • Ability to configure, enforce, and troubleshoot MFA policies across diverse applications and systems.
    • Mobile Device Management (MDM):
      • Knowledge of MS Intune platforms and their integration with IAM systems for device security and policy enforcement.
      • Experience managing devices in an enterprise setting, focusing on compliance and access control.
    • Active Directory (AD):
      • Experience managing user accounts, group policies, and organizational units in Active Directory.
      • Familiarity with hybrid identity environments and synchronization between on-prem AD and Entra ID.
    • PowerShell & Microsoft Graph:
      • PowerShell and Microsoft Graph scripting skills to automate identity and device tasks such as provisioning, migration, reporting, and troubleshooting.
    • SIEM and Auditing Tools:
      • Familiarity with security information and event management (SIEM) tools for monitoring identity-related logs and events.
      • Experience generating audit reports for compliance purposes.

    Programming and Tools

    • Scripting and Programming Languages:
      • PowerShell & Microsoft Graph: Proficiency in using PowerShell and Microsoft Graph to automate identity and device tasks, generate reports, and troubleshoot issues.
      • Python (optional): Familiarity with Python for advanced IAM automation and integration tasks.
    • IAM and Directory Tools:
      • Microsoft Entra ID (Azure AD): Expertise in administering Entra ID for device migration, Conditional Access, SSO, and identity engineering.
      • Microsoft Entra Connect (Azure AD Connect): Experience with synchronization between on-prem AD and Entra ID for seamless hybrid identity management.
      • Duo MFA & Windows Hello for Business: Experience configuring and maintaining Duo MFA and Windows Hello for Business for secure multi-factor authentication.
    • MDM Platforms:
      • Experience with leading MDM tools such as Microsoft Intune, or equivalent, for device management and security.
    • Monitoring and Logging:
      • Familiarity with SIEM platforms (e.g., Devo) for monitoring and auditing identity events and security logs.

    Logistics:

    • Primary work in the Irvine, California office and/or a home office environment (hybrid).
    • Willing to be on call as needed to support critical identity and device operations.
    • Willing to perform work functions across time zones to support global coverage needs.

    Additional Information

    Sandisk is committed to providing equal opportunities to all applicants and employees and will not discriminate against any applicant or employee based on their race, color, ancestry, religion (including religious dress and grooming standards), sex (including pregnancy, childbirth or related medical conditions, breastfeeding or related medical conditions), gender (including a person’s gender identity, gender expression, and gender-related appearance and behavior, whether or not stereotypically associated with the person’s assigned sex at birth), age, national origin, sexual orientation, medical condition, marital status (including domestic partnership status), physical disability, mental disability, medical condition, genetic information, protected medical and family care leave, Civil Air Patrol status, military and veteran status, or other legally protected characteristics. We also prohibit harassment of any individual on any of the characteristics listed above. Our non-discrimination policy applies to all aspects of employment. We comply with the laws and regulations set forth in the "Know Your Rights: Workplace Discrimination is Illegal” poster. Our pay transparency policy is available here.

    Sandisk thrives on the power and potential of diversity. As a global company, we believe the most effective way to embrace the diversity of our customers and communities is to mirror it from within. We believe the fusion of various perspectives results in the best outcomes for our employees, our company, our customers, and the world around us. We are committed to an inclusive environment where every individual can thrive through a sense of belonging, respect and contribution.

    Sandisk is committed to offering opportunities to applicants with disabilities and ensuring all candidates can successfully navigate our careers website and our hiring process. Please contact us at [email protected] to advise us of your accommodation request. In your email, please include a description of the specific accommodation you are requesting as well as the job title and requisition number of the position for which you are applying.

    Based on our experience, we anticipate that the application deadline will be 10/07/2026 (3 months from posting), although we reserve the right to close the application process sooner if we hire an applicant for this position before the application deadline. If we are not able to hire someone from this role before the application deadline, we will update this posting with a new anticipated application deadline.

    #LI-LH1

    Compensation & Benefits Details

    • An employee’s pay position within the salary range may be based on several factors including but not limited to (1) relevant education; qualifications; certifications; and experience; (2) skills, ability, knowledge of the job; (3) performance, contribution and results; (4) geographic location; (5) shift; (6) internal and external equity; and (7) business and organizational needs.
    • The salary range is what we believe to be the range of possible compensation for this role at the time of this posting.  We may ultimately pay more or less than the posted range and this range is only applicable for jobs to be performed in California, Colorado, New York or remote jobs that can be performed in California, Colorado and New York.  This range may be modified in the future.
    • You will be eligible to participate in Sandisk's Short-Term Incentive (STI) Plan, which provides incentive awards based on Company and individual performance.  Depending on your role and your performance, you may be eligible to participate in our annual Long-Term Incentive (LTI) program, which consists of restricted stock units (RSUs) or cash equivalents, pursuant to the terms of the LTI plan. Please note that not all roles are eligible to participate in the LTI program, and not all roles are eligible for equity under the LTI plan. RSU awards are also available to eligible new hires, subject to Sandisk's Standard Terms and Conditions for Restricted Stock Unit Awards.
    • We offer a comprehensive package of benefits including paid vacation time; paid sick leave; medical/dental/vision insurance; life, accident and disability insurance; tax-advantaged flexible spending and health savings accounts; employee assistance program; other voluntary benefit programs such as supplemental life and AD&D, legal plan, pet insurance, critical illness, accident and hospital indemnity; tuition reimbursement; transit; the Applause Program, employee stock purchase plan, and the Sandisk's Savings 401(k) Plan.
    • Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole discretion unless and until paid and may be modified at the Company’s sole discretion, consistent with the law.

    By clicking the link above or any third-party link within this posting, you are leaving this site and going to a third-party website where the third-party website's terms and privacy policy apply

    Privacy Notice