Get in Touch
Email:
Email:
Email:
Email:
Phone:
Phone:
Phone:
Phone:
Linkedin:
Linkedin:
Linkedin:
Linkedin:
Cover letter
Position: Workplace Platform and Security Engineer (Vacancy ID: R00249586) — Riga
Company: Accenture
Dear Recruitment Team,
I am thrilled to apply for the position of Workplace Platform and Security Engineer in Riga. I have over 10 years of hands-on experience working with Active Directory, Windows Server, and SCCM. In recent years, I have developed expertise in Intune, Azure AD/Entra ID, and automation, ensuring secure and reliable workplace platforms in both the public and private sectors.
At Ogre Municipality, I manage enterprise services utilized by finance, budgeting, and accounting departments, integrating ERP (RVS Horizon), DMS (Rix Technologies Namejs), BI (MicroStrategy), IIS hosted applications, and Microsoft/Azure identity. Notably, I diagnosed and resolved a persistent Azure AD/Entra ID–Namejs synchronization defect that daily blocked numerous users. By implementing directory policies, cleanup scripts, and monitoring, we eliminated the blockages and regained several hours of daily productivity for the affected teams. Additionally, I led a VPN hardening initiative, migrating MikroTik remote access from PPTP to L2TP/IPsec, enhancing stability and aligning access with Class A and B security requirements.
I feel comfortable managing the entire workplace suite: designing and implementing GPO (including AppLocker), creating and maintaining SCCM images/driver packages and baselines, working with Intune with conditional access and Windows Update for Business, as well as resolving Entra Connect synchronization issues. I reliably automate with PowerShell and Bash (health checks, compliance verification, reporting), and I maintain a testing/DR environment using virtualization (KVM/QEMU, Hyper‑V) with snapshots and branches to validate changes before they go live.
My approach to work reflects Accenture's culture: customer focus, collaboration, and continuous learning. I collaborate daily with stakeholders from various fields, translate technical nuances for technical audiences, and close the loop with measurable results. Currently, I am pursuing the IBM DevOps Professional Certificate to deepen my CI/CD, Agile/Scrum, and cloud services practices.
Accenture's global scale and mission to combine technology and human ingenuity resonate deeply with me. I would love to take the opportunity to contribute to creating secure, zero-trust compliant workplace platforms for your clients by implementing a pragmatic approach to reliability, compliance, and automation.
Thank you for your attention. I am available for an interview at your convenience.
Sincerely,
Oļegs Starovoitovs
Profile
Workplace Platform and Security Engineer with over 10 years of experience in creating and operating secure, compliant Windows and Microsoft 365 environments. In-depth practical knowledge of AD/Group Policy (including AppLocker), SCCM imaging/patch deployment, Intune + Conditional Access, Azure AD/Entra ID synchronization, Windows Server (2016–2022), and PowerShell automation. Excellent experience in enhancing reliability and user experience through cause analysis, script development, and rigorous change validation in QEMU/KVM/Hyper-V labs. A clear communicator who collaborates with finance and business teams to achieve results.
Workplace Platform and Security Engineer with over 10 years of experience in creating and operating secure, compliant Windows and Microsoft 365 environments. In-depth practical knowledge of AD/Group Policy (including AppLocker), SCCM imaging/patch deployment, Intune + Conditional Access, Azure AD/Entra ID synchronization, Windows Server (2016–2022), and PowerShell automation. Excellent experience in enhancing reliability and user experience through cause analysis, script development, and rigorous change validation in QEMU/KVM/Hyper-V labs. A clear communicator who collaborates with finance and business teams to achieve results.
Workplace Platform and Security Engineer with over 10 years of experience in creating and operating secure, compliant Windows and Microsoft 365 environments. In-depth practical knowledge of AD/Group Policy (including AppLocker), SCCM imaging/patch deployment, Intune + Conditional Access, Azure AD/Entra ID synchronization, Windows Server (2016–2022), and PowerShell automation. Excellent experience in enhancing reliability and user experience through cause analysis, script development, and rigorous change validation in QEMU/KVM/Hyper-V labs. A clear communicator who collaborates with finance and business teams to achieve results.
Workplace Platform and Security Engineer with over 10 years of experience in creating and operating secure, compliant Windows and Microsoft 365 environments. In-depth practical knowledge of AD/Group Policy (including AppLocker), SCCM imaging/patch deployment, Intune + Conditional Access, Azure AD/Entra ID synchronization, Windows Server (2016–2022), and PowerShell automation. Excellent experience in enhancing reliability and user experience through cause analysis, script development, and rigorous change validation in QEMU/KVM/Hyper-V labs. A clear communicator who collaborates with finance and business teams to achieve results.
Core Skills
Workplace platforms: Active Directory, OU, GPO, security groups; AppLocker; WSUS; Windows Server 2016/2019/2022; IIS (client/server authentication certificates). I have limited practical experience with DFS-N/DFS-R and DirectPrint/VPSX configuration and administration, but I am keen to learn and quickly grasp these technologies.
Endpoint Management: SCCM (OSD, imaging, driver packages, guidelines, client policies), Intune (enrollment, compliance, configuration), Windows Update for Business.
Identity and Access: Azure AD/Entra ID, conditional access, MFA; Entra Connect/ADSync troubleshooting; access design with minimal privileges.
Security: zero-trust concepts, endpoint hardening, application allow/deny policies, secure software distribution; log analysis; secure remote access (L2TP/IPsec on MikroTik).
Automation and Scripting: PowerShell, Bash; operational checks, compliance deviation detection, reporting, policy enforcement.
Infrastructure and Networking: TCP/IP, DNS, DHCP, SMB, HTTPS, WinRM, RDP; SQL Server basics (backup/restore, minimization/HA concepts); backup/DR workflows.
Virtualization and Testability: Proficiency with KVM/QEMU, Hyper-V, VMware; snapshot-driven change validation and rollback planning.
Work Methods: Proficiency in ITIL, incident/change/problem workflows; foundations of Agile/Scrum; clear communication with stakeholders.
Workplace platforms: Active Directory, OU, GPO, security groups; AppLocker; WSUS; Windows Server 2016/2019/2022; IIS (client/server authentication certificates). I have limited practical experience with DFS-N/DFS-R and DirectPrint/VPSX configuration and administration, but I am keen to learn and quickly grasp these technologies.
Endpoint Management: SCCM (OSD, imaging, driver packages, guidelines, client policies), Intune (enrollment, compliance, configuration), Windows Update for Business.
Identity and Access: Azure AD/Entra ID, conditional access, MFA; Entra Connect/ADSync troubleshooting; access design with minimal privileges.
Security: zero-trust concepts, endpoint hardening, application allow/deny policies, secure software distribution; log analysis; secure remote access (L2TP/IPsec on MikroTik).
Automation and Scripting: PowerShell, Bash; operational checks, compliance deviation detection, reporting, policy enforcement.
Infrastructure and Networking: TCP/IP, DNS, DHCP, SMB, HTTPS, WinRM, RDP; SQL Server basics (backup/restore, minimization/HA concepts); backup/DR workflows.
Virtualization and Testability: Proficiency with KVM/QEMU, Hyper-V, VMware; snapshot-driven change validation and rollback planning.
Work Methods: Proficiency in ITIL, incident/change/problem workflows; foundations of Agile/Scrum; clear communication with stakeholders.
Workplace platforms: Active Directory, OU, GPO, security groups; AppLocker; WSUS; Windows Server 2016/2019/2022; IIS (client/server authentication certificates). I have limited practical experience with DFS-N/DFS-R and DirectPrint/VPSX configuration and administration, but I am keen to learn and quickly grasp these technologies.
Endpoint Management: SCCM (OSD, imaging, driver packages, guidelines, client policies), Intune (enrollment, compliance, configuration), Windows Update for Business.
Identity and Access: Azure AD/Entra ID, conditional access, MFA; Entra Connect/ADSync troubleshooting; access design with minimal privileges.
Security: zero-trust concepts, endpoint hardening, application allow/deny policies, secure software distribution; log analysis; secure remote access (L2TP/IPsec on MikroTik).
Automation and Scripting: PowerShell, Bash; operational checks, compliance deviation detection, reporting, policy enforcement.
Infrastructure and Networking: TCP/IP, DNS, DHCP, SMB, HTTPS, WinRM, RDP; SQL Server basics (backup/restore, minimization/HA concepts); backup/DR workflows.
Virtualization and Testability: Proficiency with KVM/QEMU, Hyper-V, VMware; snapshot-driven change validation and rollback planning.
Work Methods: Proficiency in ITIL, incident/change/problem workflows; foundations of Agile/Scrum; clear communication with stakeholders.
Workplace platforms: Active Directory, OU, GPO, security groups; AppLocker; WSUS; Windows Server 2016/2019/2022; IIS (client/server authentication certificates). I have limited practical experience with DFS-N/DFS-R and DirectPrint/VPSX configuration and administration, but I am keen to learn and quickly grasp these technologies.
Endpoint Management: SCCM (OSD, imaging, driver packages, guidelines, client policies), Intune (enrollment, compliance, configuration), Windows Update for Business.
Identity and Access: Azure AD/Entra ID, conditional access, MFA; Entra Connect/ADSync troubleshooting; access design with minimal privileges.
Security: zero-trust concepts, endpoint hardening, application allow/deny policies, secure software distribution; log analysis; secure remote access (L2TP/IPsec on MikroTik).
Automation and Scripting: PowerShell, Bash; operational checks, compliance deviation detection, reporting, policy enforcement.
Infrastructure and Networking: TCP/IP, DNS, DHCP, SMB, HTTPS, WinRM, RDP; SQL Server basics (backup/restore, minimization/HA concepts); backup/DR workflows.
Virtualization and Testability: Proficiency with KVM/QEMU, Hyper-V, VMware; snapshot-driven change validation and rollback planning.
Work Methods: Proficiency in ITIL, incident/change/problem workflows; foundations of Agile/Scrum; clear communication with stakeholders.
Experience
IT Systems Administrator — Ogre Municipality · May 2022 – Present
Resolved chronic Azure AD–Namejs (Modular DMS) synchronization issues by enforcing directory hygiene, performing certificate/registry cleanup, and monitoring to eliminate daily user disruptions and restore several productive hours per day across dependent teams.
Migrated remote access from PPTP to L2TP/IPsec on MikroTik, enhancing security and stability for A and B-class systems; refined firewall rules and authentication to reduce support tickets.
Crafted and maintained GPOs (including AppLocker allow-listing), drive-mapping for DFS shares, and strengthened workstation security; tuned WinRM/RDP settings and certificate-based authentication for IIS apps.
Launched the SCCM OSD and centralized endpoint management program upon joining, standardizing images, creating a vendor-agnostic Windows driver repository, and setting up baselines/client policies; coordinated with the server patching team while managing the endpoint configuration scope. - Maintained essential application updates (e.g., regular e-Paraksts client maintenance) through SCCM and PowerShell, boosting compliance and reducing support tickets. - Outlined the Intune/Conditional Access modernization roadmap in collaboration with Azure AD (Entra ID) production use, focusing on Azure AD for authentication; crafted the migration strategy to cloud-based device management as the need for centralized laptop and mobile administration increased; in the meantime, resolved Entra/ADSync communication issues by clearing obsolete certificates/registry artifacts and re-registering devices.
Established a KVM/QEMU lab with snapshots/forks to validate images, drivers, and GPO/Intune changes prior to production; conducted DR tests and rehearsals.
Supported SQL-backed applications (Horizon, OSTicket, MicroStrategy) with backup checks, root-cause analysis of failed jobs, and performance optimizations (e.g., index/DB shrink where suitable) in coordination with database owners.
Collaborated daily with Finance/Budget/Accounting to gather requirements, align SLAs, and deliver BI integrations and reliable data flows across ERP/DMS/BI systems. Ensured ERP (RVS Horizon), DMS (Namejs), and BI (MicroStrategy) system availability in accordance with defined SLAs, minimizing downtime and fulfilling business continuity objectives.
IT Systems Administrator — Ogre Municipality · May 2022 – Present
Resolved chronic Azure AD–Namejs (Modular DMS) synchronization issues by enforcing directory hygiene, performing certificate/registry cleanup, and monitoring to eliminate daily user disruptions and restore several productive hours per day across dependent teams.
Migrated remote access from PPTP to L2TP/IPsec on MikroTik, enhancing security and stability for A and B-class systems; refined firewall rules and authentication to reduce support tickets.
Crafted and maintained GPOs (including AppLocker allow-listing), drive-mapping for DFS shares, and strengthened workstation security; tuned WinRM/RDP settings and certificate-based authentication for IIS apps.
Launched the SCCM OSD and centralized endpoint management program upon joining, standardizing images, creating a vendor-agnostic Windows driver repository, and setting up baselines/client policies; coordinated with the server patching team while managing the endpoint configuration scope. - Maintained essential application updates (e.g., regular e-Paraksts client maintenance) through SCCM and PowerShell, boosting compliance and reducing support tickets. - Outlined the Intune/Conditional Access modernization roadmap in collaboration with Azure AD (Entra ID) production use, focusing on Azure AD for authentication; crafted the migration strategy to cloud-based device management as the need for centralized laptop and mobile administration increased; in the meantime, resolved Entra/ADSync communication issues by clearing obsolete certificates/registry artifacts and re-registering devices.
Established a KVM/QEMU lab with snapshots/forks to validate images, drivers, and GPO/Intune changes prior to production; conducted DR tests and rehearsals.
Supported SQL-backed applications (Horizon, OSTicket, MicroStrategy) with backup checks, root-cause analysis of failed jobs, and performance optimizations (e.g., index/DB shrink where suitable) in coordination with database owners.
Collaborated daily with Finance/Budget/Accounting to gather requirements, align SLAs, and deliver BI integrations and reliable data flows across ERP/DMS/BI systems. Ensured ERP (RVS Horizon), DMS (Namejs), and BI (MicroStrategy) system availability in accordance with defined SLAs, minimizing downtime and fulfilling business continuity objectives.
IT Systems Administrator — Ogre Municipality · May 2022 – Present
Resolved chronic Azure AD–Namejs (Modular DMS) synchronization issues by enforcing directory hygiene, performing certificate/registry cleanup, and monitoring to eliminate daily user disruptions and restore several productive hours per day across dependent teams.
Migrated remote access from PPTP to L2TP/IPsec on MikroTik, enhancing security and stability for A and B-class systems; refined firewall rules and authentication to reduce support tickets.
Crafted and maintained GPOs (including AppLocker allow-listing), drive-mapping for DFS shares, and strengthened workstation security; tuned WinRM/RDP settings and certificate-based authentication for IIS apps.
Launched the SCCM OSD and centralized endpoint management program upon joining, standardizing images, creating a vendor-agnostic Windows driver repository, and setting up baselines/client policies; coordinated with the server patching team while managing the endpoint configuration scope. - Maintained essential application updates (e.g., regular e-Paraksts client maintenance) through SCCM and PowerShell, boosting compliance and reducing support tickets. - Outlined the Intune/Conditional Access modernization roadmap in collaboration with Azure AD (Entra ID) production use, focusing on Azure AD for authentication; crafted the migration strategy to cloud-based device management as the need for centralized laptop and mobile administration increased; in the meantime, resolved Entra/ADSync communication issues by clearing obsolete certificates/registry artifacts and re-registering devices.
Established a KVM/QEMU lab with snapshots/forks to validate images, drivers, and GPO/Intune changes prior to production; conducted DR tests and rehearsals.
Supported SQL-backed applications (Horizon, OSTicket, MicroStrategy) with backup checks, root-cause analysis of failed jobs, and performance optimizations (e.g., index/DB shrink where suitable) in coordination with database owners.
Collaborated daily with Finance/Budget/Accounting to gather requirements, align SLAs, and deliver BI integrations and reliable data flows across ERP/DMS/BI systems. Ensured ERP (RVS Horizon), DMS (Namejs), and BI (MicroStrategy) system availability in accordance with defined SLAs, minimizing downtime and fulfilling business continuity objectives.
IT Systems Administrator — Ogre Municipality · May 2022 – Present
Resolved chronic Azure AD–Namejs (Modular DMS) synchronization issues by enforcing directory hygiene, performing certificate/registry cleanup, and monitoring to eliminate daily user disruptions and restore several productive hours per day across dependent teams.
Migrated remote access from PPTP to L2TP/IPsec on MikroTik, enhancing security and stability for A and B-class systems; refined firewall rules and authentication to reduce support tickets.
Crafted and maintained GPOs (including AppLocker allow-listing), drive-mapping for DFS shares, and strengthened workstation security; tuned WinRM/RDP settings and certificate-based authentication for IIS apps.
Launched the SCCM OSD and centralized endpoint management program upon joining, standardizing images, creating a vendor-agnostic Windows driver repository, and setting up baselines/client policies; coordinated with the server patching team while managing the endpoint configuration scope. - Maintained essential application updates (e.g., regular e-Paraksts client maintenance) through SCCM and PowerShell, boosting compliance and reducing support tickets. - Outlined the Intune/Conditional Access modernization roadmap in collaboration with Azure AD (Entra ID) production use, focusing on Azure AD for authentication; crafted the migration strategy to cloud-based device management as the need for centralized laptop and mobile administration increased; in the meantime, resolved Entra/ADSync communication issues by clearing obsolete certificates/registry artifacts and re-registering devices.
Established a KVM/QEMU lab with snapshots/forks to validate images, drivers, and GPO/Intune changes prior to production; conducted DR tests and rehearsals.
Supported SQL-backed applications (Horizon, OSTicket, MicroStrategy) with backup checks, root-cause analysis of failed jobs, and performance optimizations (e.g., index/DB shrink where suitable) in coordination with database owners.
Collaborated daily with Finance/Budget/Accounting to gather requirements, align SLAs, and deliver BI integrations and reliable data flows across ERP/DMS/BI systems. Ensured ERP (RVS Horizon), DMS (Namejs), and BI (MicroStrategy) system availability in accordance with defined SLAs, minimizing downtime and fulfilling business continuity objectives.
Freelancer - IT DevOps and Web Development · June 2017 – December 2021
Complete responsibility for the project: research, scope, implementation, deployment, and support; developed clear documentation and customer training.
Developed automated backup and monitoring scripts; optimized hosting scripts and databases; enhanced user experience/user interface for company websites and prototypes.
Freelancer - IT DevOps and Web Development · June 2017 – December 2021
Complete responsibility for the project: research, scope, implementation, deployment, and support; developed clear documentation and customer training.
Developed automated backup and monitoring scripts; optimized hosting scripts and databases; enhanced user experience/user interface for company websites and prototypes.
Freelancer - IT DevOps and Web Development · June 2017 – December 2021
Complete responsibility for the project: research, scope, implementation, deployment, and support; developed clear documentation and customer training.
Developed automated backup and monitoring scripts; optimized hosting scripts and databases; enhanced user experience/user interface for company websites and prototypes.
Freelancer - IT DevOps and Web Development · June 2017 – December 2021
Complete responsibility for the project: research, scope, implementation, deployment, and support; developed clear documentation and customer training.
Developed automated backup and monitoring scripts; optimized hosting scripts and databases; enhanced user experience/user interface for company websites and prototypes.
IT Systems Specialist - Biroteh Ltd · 2011 to 2017
Supported clients using Tildes Jumis accounting software; resolved incidents, implemented backup automation, and maintained Windows Server, MS Access, Microsoft SQL, and network services with a smile.
Maintained and backed up Microsoft SQL Server databases for the Tildes Jumis accounting system, conducting regular consistency checks and performing data restoration when needed.
Strengthened client relationships by ensuring clear communication and reliable delivery.
IT Systems Specialist - Biroteh Ltd · 2011 to 2017
Supported clients using Tildes Jumis accounting software; resolved incidents, implemented backup automation, and maintained Windows Server, MS Access, Microsoft SQL, and network services with a smile.
Maintained and backed up Microsoft SQL Server databases for the Tildes Jumis accounting system, conducting regular consistency checks and performing data restoration when needed.
Strengthened client relationships by ensuring clear communication and reliable delivery.
IT Systems Specialist - Biroteh Ltd · 2011 to 2017
Supported clients using Tildes Jumis accounting software; resolved incidents, implemented backup automation, and maintained Windows Server, MS Access, Microsoft SQL, and network services with a smile.
Maintained and backed up Microsoft SQL Server databases for the Tildes Jumis accounting system, conducting regular consistency checks and performing data restoration when needed.
Strengthened client relationships by ensuring clear communication and reliable delivery.
IT Systems Specialist - Biroteh Ltd · 2011 to 2017
Supported clients using Tildes Jumis accounting software; resolved incidents, implemented backup automation, and maintained Windows Server, MS Access, Microsoft SQL, and network services with a smile.
Maintained and backed up Microsoft SQL Server databases for the Tildes Jumis accounting system, conducting regular consistency checks and performing data restoration when needed.
Strengthened client relationships by ensuring clear communication and reliable delivery.
Education and Training
IBM Applied DevOps Engineer Professional Certificate
Coursera
From 2025 - Still in Progress
Introduction to DevOps; Agile Development & Scrum (completed).
https://www.coursera.org/account/accomplishments/verify/FCXX9G5O7GCC
https://www.coursera.org/account/accomplishments/verify/X1YMPG0CR92O
IBM Applied DevOps Engineer Professional Certificate
Coursera
From 2025 - Still in Progress
Introduction to DevOps; Agile Development & Scrum (completed).
https://www.coursera.org/account/accomplishments/verify/FCXX9G5O7GCC
https://www.coursera.org/account/accomplishments/verify/X1YMPG0CR92O
IBM Applied DevOps Engineer Professional Certificate
Coursera
From 2025 - Still in Progress
Introduction to DevOps; Agile Development & Scrum (completed).
https://www.coursera.org/account/accomplishments/verify/FCXX9G5O7GCC
https://www.coursera.org/account/accomplishments/verify/X1YMPG0CR92O
IBM Applied DevOps Engineer Professional Certificate
Coursera
From 2025 - Still in Progress
Introduction to DevOps; Agile Development & Scrum (completed).
https://www.coursera.org/account/accomplishments/verify/FCXX9G5O7GCC
https://www.coursera.org/account/accomplishments/verify/X1YMPG0CR92O
RMS Horizon Accounting Processes (80 Academic Hours)
Komplekss Citadele
Completed in 2023
RMS Horizon Accounting Processes (80 Academic Hours)
Komplekss Citadele
Completed in 2023
RMS Horizon Accounting Processes (80 Academic Hours)
Komplekss Citadele
Completed in 2023
RMS Horizon Accounting Processes (80 Academic Hours)
Komplekss Citadele
Completed in 2023
C programming and Bash on Red Hat Linux
Computer Science Center
Completed in 2010
Riga Technical University — IT Systems (unfinished bachelor's studies), 2007 – 2011
C programming and Bash on Red Hat Linux
Computer Science Center
Completed in 2010
Riga Technical University — IT Systems (unfinished bachelor's studies), 2007 – 2011
C programming and Bash on Red Hat Linux
Computer Science Center
Completed in 2010
Riga Technical University — IT Systems (unfinished bachelor's studies), 2007 – 2011
C programming and Bash on Red Hat Linux
Computer Science Center
Completed in 2010
Riga Technical University — IT Systems (unfinished bachelor's studies), 2007 – 2011
References
Dzintars Žvīgurs - Head of Parish Administration
Ogre Municipality
Available upon request (previous managers and municipal stakeholders).
Dzintars Žvīgurs - Head of Parish Administration
Ogre Municipality
Available upon request (previous managers and municipal stakeholders).
Dzintars Žvīgurs - Head of Parish Administration
Ogre Municipality
Available upon request (previous managers and municipal stakeholders).
Dzintars Žvīgurs - Head of Parish Administration
Ogre Municipality
Available upon request (previous managers and municipal stakeholders).