Sr Engineer, IT Security (NTD)

Nintendo Technology Development

The worldwide pioneer in the creation of interactive entertainment, Nintendo Co., Ltd., of Kyoto, Japan, manufactures and markets hardware and software for its Nintendo Switchsystem and the Nintendo 3DSfamily of portable systems. Since 1983, when it launched the Nintendo Entertainment System, Nintendo has sold more than 4.7 billion video games and more than 740 million hardware units globally, including Nintendo Switch and the Nintendo 3DS family of systems, as well as the Game Boy, Game Boy Advance, Nintendo DSfamily of systems, Super NES, Nintendo 64, Nintendo GameCube, Wiiand Wii Usystems. It has also created industry icons that have become well-known, household names, such as Mario, Donkey Kong, Metroid, Zelda and Pokemon.A wholly owned subsidiary, Nintendo Technology Development, based in Redmond, Washington, creates future hardware/software technology and researches North American-based technologies.

Nintendo is an equal opportunity employer. We offer a welcoming and inclusive environment in service to one another, our products, the diverse consumers we represent, and the communities we call home. We do all of this with kindness, empathy and respect for each other.

Senior Engineer, IT Security for Nintendo Technology Development Inc. (NTD) organization will own and evolve the security for our Microsoft 365 (M365) tenant, drive Identity and Access Management (IAM) operations, and harden endpoint security at scale across Windows, macOS, and Linux devices. This role will be the technical driver for secure collaboration and device protection; designing, implementing, and operating controls using existing and emerging technologies. This role requires partnership with NTD IT Operations, IT security teams at Nintendo Co., Ltd. (NCL) and Nintendo of America Inc. (NOA) to deliver reliable, compliant, and auditable services with measurable outcomes.

DESCRIPTION OF DUTIES

• M365 Tenant, Identity & Access Management
  
  
  
  • Implement and optimize Microsoft Entra Conditional Access, tenant security defaults, privileged access policies, and MFA/SSPR at scale.
  • Operate and harden Microsoft Entra ID (Azure AD): lifecycle governance, automated provisioning/deprovisioning, privileged identities (PIM), app registrations, consent/permission reviews.
  • Build and maintain RBAC/least-privilege access models for cloud and SaaS apps; implement Just-In-Time access for admins and sensitive roles.
  • Integrate HRIS and identity sources for Joiner-Mover-Leaver flows, enforce identity proofing and MFA step-up for high-risk transactions.
  • Design and enforce data governance (labels, DLP, retention, eDiscovery/Legal Hold, insider risk signals) and collaboration controls (external sharing, guest access, B2B/B2C).
  • Establish monitoring/alerting/SLAs for tenant and identity related services; lead incident response and help develop IR playbooks in conjunction with IT Security Operations.
  
  
  
  
• Endpoint Security (Windows, macOS, Linux)
  
  
  
  • Own the migration from an existing endpoint management system to a more robust solution, such as the CrowdStrike Falcon platform, for all endpoints: sensor deployment/coverage, policy tuning, RTR workflows, and threat hunting guardrails.
  • Lead efforts with platform engineers for OS-specific hardening baselines (CIS/NIST) and secure configuration: BitLocker/FileVault/LUKS, kernel extension/driver policies, local admin control, application allow/deny lists.
  • Lead incident triage and response on endpoints, including containment, forensic collection, and post-incident hardening.
  
  
  
  
• Observability, Detection & Response
  
  
  
  • Build and operationalize Splunk detections and dashboards integrating M365, Entra, CrowdStrike, Defender, Intune, and OS logs.
  • Develop automated response playbooks to reduce MTTR.
  
  
  
  
• Automation & Engineering Excellence
  
  
  
  • Create robust automation and self-service tooling for identity and endpoint operations.
  • Maintain IaC for policy-as-code (e.g. Conditional Access, PIM role settings).
  • Document runbooks, architecture diagrams, inventories, and SOPs; mentor engineers and drive operational maturity.
  
  
  
  
• Compliance & Risk
  
  
  
  • Map controls to regulatory frameworks (SOX, J-SOX etc.); support audits with evidence and narratives.
  • Lead periodic access reviews, admin entitlement recertification, and break-glass account governance.
  • Conduct tabletop exercises, disaster recovery testing, and security drills tied to identity and endpoint scenarios.
  
  
  
  
• Up to 10% travel; domestic and international.

SUMMARY OF REQUIREMENTS

• 8+ years in enterprise IT/Security engineering with deep hands-on experience in: M365 administration, IAM operations, or endpoint security.
• Expert-level experience with:
  
  
  
  • M365 & Entra ID: Conditional Access, MFA/SSPR, PIM/PAM, app registrations, service principals, identity lifecycle.
  • Endpoint Security: CrowdStrike Falcon or equivanet (policy design, RTR, detection tuning) across Win/macOS/Linux.
  • Logging/SIEM: Splunk or equivalent (search, dashboards, alerting, detection engineering).
  
  
  
  
• Strong automation skills: PowerShell (Graph modules), Python, REST/Graph APIs; CI/CD and version control (Git).
• Proven track record delivering secure baselines at scale (Intune/Jamf/MDM), and leading incident response involving identity and endpoints.
• Deep understanding of Zero Trust, least privilege, RBAC, token flows (OAuth/OIDC), and modern auth (MSAL).
• Experience with compliance control design and audit support.
• Experience mentoring others and cultivating technical breadth and depth on a team.
• Fluency in Japanese a plus.
• Bachelor or Master of Science degree in Engineering, Information Technology, or related field; or equivalent combination of education and experience.