The Role
This role is for a proactive and skilled Microsoft Security Engineer/AnaIyst tasked with safeguarding digital assets by leveraging a comprehensive suite of Microsoft security technologies. The ideal candidate will use Microsoft Defender XDR for managing and responding to threats, implement Microsoft Purview to ensure data compliance, and secure identities and access through Microsoft Entra ID. Core responsibilities will include threat management, proactive hunting for vulnerabilities, data protection, security posture management, and incident response, all while collaborating with other teams to maintain and improve the organization's overall security posture.
Your responsibilities:
Microsoft Purview (Data Governance and Compliance)
Data Protection & Governance: Design, implement, and manage Data Loss Prevention (DLP) policies to prevent unauthorized data sharing. This includes deploying and maintaining Information Protection policies (AIP/MPIP), such as sensitivity labels.
Insider Risk Management (IRM): Configure and monitor policies to detect, investigate, and act on malicious or unintentional activities that could lead to data leakage or security incidents.
Communication Compliance: Monitor and investigate communications within the organization to detect and address potential violations of corporate policy or regulatory standards.
•Endpoint DLP (USB block, printing, Bluetooth filesharing, integration with Defender for cloud app)
•eDiscovery and legal hold
•Microsoft Entra ID (Identity and Access Management)
•DSPM for AI
Identity and Access Management: Manage and secure user, group, and workload identities. This includes administering App & Enterprise App registrations and managing guest access for B2B (business-to-business) and B2C (business-to-consumer) scenarios.
Authentication and Access Controls: Develop and manage Conditional Access (CA) policies to enforce granular access controls, including Multi-Factor Authentication (MFA), based on user, device, and location. Implement and manage Self-Service Password Reset (SSPR) and Password Writeback to ensure a seamless and secure user experience.
Your Profile
Essential skills/knowledge/experience:
Microsoft Defender XDR (Extended Detection and Response)
•Platform Expertise and Management: Act as a subject matter expert for the core components of the Defender XDR suite, including:
•Microsoft Defender for Endpoint: Manage endpoint protection, detection, and response across our device fleet.
•Microsoft Defender for Office 365: Protect against email-based threats, including phishing, malicious attachments, and compromised links.
•Microsoft Defender for Identity: Monitor on-premises Active Directory signals to identify and investigate threats related to compromised identities.
•Microsoft Defender for Cloud Apps: Enforce security policies and provide threat protection across our cloud applications.
•Microsoft Defender Vulnerability Management: Prioritize and address critical vulnerabilities and misconfigurations based on a risk-based assessment.
•Collaboration & Support: Work with internal IT and other security teams to ensure the effectiveness of the platform. Serve as a point of contact for external services like Microsoft Defender Experts for proactive hunting and expert guidance.
•Documentation & Reporting: Document incident response procedures, create reports on security posture, and provide regular briefings to leadership.
Microsoft Purview (Data Governance and Compliance)
•Data Lifecycle Management: Implement policies for records management and retention to ensure that data is retained according to legal and business requirements and securely disposed of when no longer needed.
•Data Security Posture Management (DSPM): Utilize DSPM capabilities to understand data risk, identify sensitive data across the environment, and implement controls to mitigate risk. This includes managing data security posture related to AI applications and models.
•eDiscovery & Auditing: Support legal and compliance teams by utilizing Purview's eDiscovery and audit capabilities for investigations.
•Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
•Experience: 8-10 years of experience in a cybersecurity role, with a strong focus on Microsoft security solutions.
•Technical Skills:
•In-depth practical knowledge of the Microsoft security stack, including Defender XDR, Purview, and Entra ID.
•Experience with scripting languages, particularly PowerShell, for automation and management.
•Familiarity with common cybersecurity frameworks and attack methodologies, such as the MITRE ATT&CK framework.
•Certifications (Preferred):
•Microsoft Certified: Security Operations Analyst Associate (SC-200)
•Microsoft Certified: Identity and Access Administrator Associate (SC-300)
•Microsoft Certified: Information Protection Administrator Associate (SC-400)
•Certified Information Systems Security Professional (CISSP)
Microsoft Entra ID (Identity and Access Management)
•Advanced Threat Protection: Utilize Microsoft Entra ID Protection to identify and respond to compromised credentials and other identity-based risks. Work closely with the Defender for Identity team to monitor on-premises Active Directory signals for threats.
•Privileged Access Management: Implement and maintain Privileged Identity Management (PIM) and Privileged Access Management (PAM) to provide just-in-time (JIT) access and enforce the principle of least privilege.
•Authentication Protocols: Ensure the proper configuration and integration of various authentication protocols, including SAML, OAuth, OIDC, and SCIM for application and service provisioning.
•Device Management: Secure Bring Your Own Device (BYOD) and other device access by implementing device-based access policies and configurations.
Desirable skills/knowledge/experience:
•Excellent analytical and problem-solving abilities.
•Strong communication and collaboration skills to work effectively with technical and non-technical teams.
•A proactive mindset and the ability to adapt to a fast-paced, evolving threat landscape.