Infrastructure Engineer Workplace Service

Select how often (in days) to receive an alert:

An empowering career at Singtel begins with a Hello. Our purpose, to Empower Every Generation, connects people to the possibilities they need to excel. Every "hello" at Singtel opens doors to new initiatives, growth, and BIG possibilities that takes your career to new heights. So, when you say hello to us, you are really empowered to say…“Hello BIG Possibilities”.

As an Infrastructure Engineer Workplace Services, you will play a pivotal role in the modernization, optimization, and automation of our Active Directory Services ecosystem, encompassing technologies such as but not limited to:

• Microsoft Entra
• Active Directory Federation Services (AD FS)
• Active Directory Certificate Services (AD CS)
• Domain Name System (DNS)
• Lightweight Directory Access Protocol (LDAP)
• SilverFort MFA

We are looking for a technically strong and reliable Active Directory Engineer to join us. This mid-level role is focused on both operational support and project-based delivery, with primary focus on the safe and controlled rollout of Microsoft Defender for Identity and implementation of Silverfort ring fencing without introducing risk to business services.

Microsoft Defender for Identity (MDI) Deployment

• Lead the technical implementation of MDI sensors across all designated Domain Controllers, prioritizing critical assets as identified shared KPI between ADS team and InfoSec.
• Work closely with InfoSec stakeholders to align sensor deployment with threat detection priorities and mitigation use cases (e.g., lateral movement, domain dominance).
• Work collaboratively with InfoSec for any issues that they monitor and report on sensor health, telemetry integrity, and coverage metrics to both infrastructure and security teams.
• Perform necessary corrective actions for each anomalies detected and reported
• Maintain zero-downtime, zero incidents in change and operation execution through testing, rollback planning, and phased rollout approaches.
• Collaborate with InfoSec engineers to analyse and define ring fencing policies that isolate high-risk authentication flows (e.g., service accounts, legacy protocols).
• Perform pre-deployment impact analysis on authentication workflows across apps, services, and AD-integrated systems to avoid outages or false positives.
• Serve as a technical liaison between infrastructure, InfoSec, and application teams to align policy scope, ensure testing coverage, and confirm production readiness.
• Support post-deployment monitoring, false-positive tuning, and exception handling processes.
• Maintain zero-downtime, zero incidents in change and operation execution through testing, rollback planning, and phased rollout approaches

• Participate in the continuous security hardening of AD-related services, including AD CS, AD FS, LDAP, and Azure AD Connect, strictly following InfoSec policy.
• Assist in the implementation and enforcement of privileged access controls, PKI hygiene, federated auth protections, and LDAP channel binding/LDAP-S configurations.
• Provide technical inputs during security assessments, audits, and risk remediation activities related to identity infrastructure.

• Partner with InfoSec teams to investigate identity-related threats surfaced by MDI or Silverfort, including providing logs, context, and validation.
• Assist in the triage and containment of suspicious authentication activity, domain controller compromise indicators, or anomalous service behaviour.
• Develop and maintain structured runbooks for incident response procedures involving AD authentication systems.

• Produce and maintain detailed as-built documentation, change records, and deployment logs to support security audit trails and compliance reviews.
• Participate in regular status meetings with InfoSec to report on project milestones, sensor health, authentication protection coverage, and risk issues.
• Contribute to security metrics and dashboards that demonstrate identity protection maturity and control coverage (e.g., MDI sensor deployment %, ring fencing adoption rate, etc.).

• Bachelor’s degree in IT, Computer Science, Software Engineering or equivalent
• 3–5 years of experience in a mid-level infrastructure/AD engineering or security support role.
• Experience deploying or supporting security tools in enterprise environments.
• Strong knowledge of Active Directory and Windows Server administration.
• Hands-on experience with Microsoft Defender for Identity (formerly Azure ATP).
• Exposure to Silverfort or other identity protection platforms a plus.
• Familiarity with network protocols (Kerberos, NTLM, LDAP, RDP).
• Scripting and automation knowledge (e.g., PowerShell) is desirable.
• Excellent problem-solving skills and attention to detail.
• Strong communication skills and the ability to coordinate across teams.
• Highly responsible with a focus on change safety and business continuity.

Are you ready to say hello to BIG Possibilities?

Take the leap with Singtel to unlock new opportunities and accelerate your growth. Apply now and start your empowering career!