Key skills
AzureCloudAnalyticsLogic AppsAzure ADEntra IDIdentity ManagementSaaSLeadershipChange ManagementCloud Security
About this role
Role Overview
- Own the Microsoft Security Stack
- Manage and optimize Microsoft 365 Defender, Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, and Defender for Office 365
- Administer and tune Microsoft Sentinel
- build and maintain KQL detection rules, analytics rules, workbooks, and playbooks
- Monitor the Microsoft Secure Score, prioritize improvement actions, and drive remediation across the tenant
- Configure and maintain Conditional Access policies, Microsoft Entra ID (Azure AD) security settings, and Privileged Identity Management (PIM)
- Monitor and respond to security alerts, incidents, and investigations across Defender XDR and Sentinel
- Develop and maintain incident response playbooks, automation workflows (Logic Apps / SOAR), and escalation procedures
- Perform threat hunting using KQL and identify gaps in detection coverage
- Conduct vulnerability assessments and lead remediation efforts in coordination with IT and engineering teams
- Evaluate and respond to identity-based threats, phishing campaigns, and anomalous behavior patterns
- Serve as a technical resource for SOC 2 Type 2 audit preparation and execution
- Design, implement, and document security controls that satisfy Trust Service Criteria (TSC) requirements across the company’s toolset
- Maintain evidence collection for audit deliverables
- access reviews, logging configurations, policy enforcement, and change management records
- Identify control gaps and drive remediation efforts prior to and during audit windows
- Partner with external auditors, providing technical walkthroughs and supporting evidence requests
- Implement and enforce security controls across the company’s broader toolset
- SaaS platforms, cloud infrastructure, and endpoint environment
- Advise and support IT on secure configuration for onboarding, offboarding, and access provisioning workflows
- Partner with engineering teams on secure development practices, secrets management, and cloud security posture
- Produce clear, concise reporting on security posture, incident trends, and audit readiness for IT leadership
- Stay current on the Microsoft security roadmap, threat landscape, and emerging attack techniques relevant to the company’s environment
Requirements
- 5+ years of hands-on experience in a security engineering or security operations role
- 3+ years of deep, practical experience with the Microsoft 365 security suite (Defender XDR, Sentinel, Entra ID, Purview)
- Demonstrated experience supporting or leading a SOC 2 Type 2 audit
- from control design through evidence delivery
- Proficiency in KQL (Kusto Query Language) for building detection rules, hunting queries, and dashboards in Sentinel
- Experience with Azure cloud security, including Azure Security Center / Defender for Cloud, RBAC, and policy management
- Hands-on experience with SOAR/automation
- Logic Apps, Sentinel playbooks, or equivalent
- Microsoft Certified: Security Operations Analyst Associate (SC-200) or Microsoft Certified: Azure Security Engineer Associate (AZ-500) preferred
Tech Stack
- Azure
- Cloud
Benefits
- Flexible work arrangements
- Professional development opportunities