Cloud & Microsoft 365 Engineer (Mid-Senior)

Sonata One is a rapidly scaling, regulated fund services and technology (fintech) business.  We're The Private Funds Clearinghouse, connecting more than 53,000 investors with 6,500 funds and 180 fund managers around the globe. Our vision is to change the paradigm of private markets investing through harmonising the end-to-end investment process within one platform. Investors benefit from a seamless, one & done experience across the fund lifecycle (from fund selection and subscription through to settlement and reporting) underpinned by a globally compliant KYC passport and 24/7 support. Fund managers can raise capital faster at a lower cost from a wider pool of pre-approved investors.  Founded in 2015, Sonata One has a presence in eight locations worldwide including the US, UK and Luxembourg, Guernsey, South Africa and Mauritius.    

Role Overview: 

Sonata One is seeking an experienced Cloud & Microsoft 365 Engineer to own the design, implementation, and ongoing operation of our Microsoft cloud estate. You will act as a senior technical owner across identity, endpoint management, collaboration, data governance, security operations, and automation—ensuring our M365 environment is secure, compliant, scalable, and aligned with business outcomes. 

This is a hands-on engineering role with significant architectural influence: you will translate security and governance requirements (including SOC 2, ISO 27001, and NIST-aligned controls) into practical configurations, automation, and operational processes. You will partner with business stakeholders, IT operations, and external vendors to deliver reliable services, lead complex initiatives, and drive continuous improvement across the Microsoft stack. 

Key Responsibilities: 

IT service Management, project delivery & end user support 

• Operate within ITIL-aligned practices: incidents, changes, problems, and service requests with clear SLAs and communication. 

• Plan and lead M365 projects using structured project management (scope, timeline, risk, stakeholder management). 

• Coordinate cross-functional delivery (security, infrastructure, applications, vendors) to meet business deadlines and quality standards. 

• Act is primary escalation contact for 2nd & 3rd level end user support issues. 

Microsoft Intune & mobile device management (MDM/MAM) 

• Lead the design, implementation, and lifecycle management of Microsoft Intune for enterprise mobile device and application management. 

• Configure and manage mobile application deployment, updates, and retirement within Microsoft 365. 

• Implement Conditional Access, security baselines, compliance policies, and data protection controls for mobile devices and managed applications. 

• Oversee MDM and MAM across supported mobile platforms (e.g. iOS, Android, Windows). 

• Automate enrolment, compliance remediation, and operational workflows; drive measurable efficiency and reliability improvements. 

• Ensure all devices accessing Sonata One resources meet defined security and governance standards. 

Microsoft Entra ID (Azure AD) & identity platform 

• Architect and implement identity and access management (IAM) solutions using Microsoft Entra ID. 

• Design and deploy secure authentication including MFA, SSO, and modern auth patterns for cloud and integrated applications. 

• Integrate third-party SaaS and line-of-business applications while maintaining least-privilege and strong security posture. 

• Provide expert guidance on identity governance, privileged access, and Entra best practices. 

• Automate identity-related operations (group management, licensing workflows, lifecycle tasks) where appropriate. 

• Support SOC 2 control activities through documented processes and regular user access reviews. 

Identity lifecycle management (ILM) 

• Own the identity lifecycle: joiner/mover/leaver, role-based access control (RBAC), and federation where applicable. 

• Design, configure, and automate identity governance workflows to meet internal policy and regulatory expectations. 

• Implement self-service identity and password management capabilities aligned with security policy. 

• Drive adoption and maturation of the Microsoft Identity Governance capabilities (e.g. access reviews, entitlement management, lifecycle workflows). 

• Conduct periodic access certifications with business owners in line with SOC 2 and Sonata One access control policies. 

Microsoft Purview & data lifecycle management 

• Lead administration and support of Microsoft Purview for classification, labeling, data governance, and compliance reporting. 

• Implement and automate retention, deletion, and archival policies across M365 workloads. 

• Design data protection strategies aligned with GDPR, POPIA, and organisational data handling requirements. 

• Ensure effective protection through retention labels, DLP, encryption, and integration with backup/archival strategy where required. 

• Partner with legal, risk, and business teams on data handling, eDiscovery, and audit readiness. 

Microsoft Sentinel (SIEM) 

• Implement and operate Microsoft Sentinel for centralised logging, detection, and security analytics. 

• Configure analytics rules, workbooks, automation rules/playbooks, and integrations for threat detection and incident response. 

• Tune detections to reduce false positives; improve mean time to detect/respond through automation and operational discipline. 

• Support security operations with reporting, KPIs, and continuous optimisation of use cases. 

Microsoft Defender suite (Endpoint, Office 365, Identity & vulnerability management) 

• Lead configuration and operation of Defender for Endpoint, Defender for Office 365, and Defender for Identity (and related XDR capabilities as adopted). 

• Architect vulnerability and exposure management: baselines, patching posture, configuration hardening, and endpoint protection standards. 

• Integrate Defender signals with Sentinel and broader security tooling for cohesive detection and response. 

• Proactively manage security incidents and alerts; drive improvements to reduce risk and operational friction. 

• Monitor endpoint and workload health to maintain current patch/vulnerability posture across the estate. 

SharePoint administration, design & Power Platform 

• Design, implement, and administer SharePoint Online (sites, hubs, permissions, information architecture) for performance, security, and usability. 

• Lead development of Power Apps and Power Automate solutions that automate business processes and integrate with M365 and line-of-business systems. 

• Establish and enforce SharePoint and Power Platform governance (DLP, environment strategy, solution lifecycle, ALM where applicable). 

• Support document management, collaboration patterns, and migration/onboarding activities as required. 

Power BI 

• Architect and deliver Power BI solutions (datasets, reports, dashboards) that support data-driven decision-making. 

• Integrate data from multiple sources; implement refresh, gateway, and workspace patterns that scale securely. 

• Enforce Power BI governance: workspace access, sensitivity labels, row-level security, and compliance with data policies. 

Microsoft Teams 

• Design and manage Teams environments, policies, and templates for effective collaboration. 

• Optimise Teams integration with SharePoint, OneDrive, Planner, and Power Platform. 

• Implement Teams governance and compliance (meeting policies, guest access, retention, eDiscovery alignment). 

Cybersecurity frameworks & compliance 

• Apply knowledge of SOC 2, ISO 27001, and NIST (and related control frameworks) to M365 design and operations. 

• Implement and evidence security controls, risk treatments, and audit-ready documentation. 

• Ensure incident management, data protection, and access management requirements are met across M365 services. 

• Facilitate regular access reviews with business partners per Sonata One Access Control and Data Management policies. 

Automation, scripting & infrastructure as code 

• Develop automation using PowerShell, Microsoft Graph, Bicep/ARM, and other IaC or API-driven tooling as appropriate. 

• Build repeatable deployment pipelines and configuration patterns to reduce manual effort and configuration drift. 

• Deliver low-code/no-code automation on Power Platform where it improves time-to-value for the business. 

Qualifications & Experience: 

Required: 

• 5+ years in IT with 3+ years focused on Microsoft 365 / Azure identity and security (mid-level); 7+ years with substantial ownership of M365 architecture and operations (senior level). 

• Demonstrable hands-on experience with Entra ID, Intune, Defender, Purview, SharePoint Online, Teams, and Power Platform (Power Apps / Power Automate). 

• Practical experience implementing Conditional Access, MFA/SSO, compliance policies, and MDM/MAM. 

• Experience with SIEM/SOC workflows; Microsoft Sentinel strongly preferred. 

• Strong PowerShell skills and familiarity with Graph API, automation, and IaC concepts (Bicep/Terraform a plus). 

• Understanding of SOC 2, ISO 27001, or NIST control implementation in cloud/SaaS environments. 

• Experience supporting access reviews, audit evidence, and identity governance processes. 

• Relevant Microsoft certifications (e.g. SC-200, SC-300, MS-102, AZ-104, MS-700) or equivalent demonstrated expertise. 

• Matric plus tertiary qualification in IT, computer science, or related field (or equivalent experience). 

• Eligibility to work in South Africa; valid driver’s licence if on-site travel is required. 

Preferred: 

• Experience with Microsoft Identity Governance (Entitlement Management, Access Reviews, Lifecycle Workflows). 

• Power BI development and enterprise governance (Premium/Fabric awareness). 

• POPIA and GDPR data protection programme delivery in Microsoft 365. 

• ITIL Foundation or practical ITSM tool experience (ServiceNow, Halo, etc.). 

• Project management certification (PMI, PRINCE2) or proven delivery of multi-workstream programmes. 

• Experience in professional services, financial services, or regulated industries. 

Certifications: 

• Microsoft Certified: Azure Solutions Architect Expert. 

• Microsoft Certified: Security, Compliance, and Identity Fundamentals. 

• Microsoft Certified: Microsoft 365 Certified: Enterprise Administrator Expert (or equivalent). 

• ITIL Certification (latest version). 

• Certified Information Systems Security Professional (CISSP) or equivalent is a plus.