Senior Cloud Engineer – Microsoft, Data Sharing, B2B
Reston, Virginia, United States of America
Full Time
4 hours ago
$121,000 - $182,000 USD
H1B Sponsor Likely
Key skills
AzureCloudBIPower BIAzure ADEntra IDCommunicationCollaboration
About this role
Role Overview
- Design, configure, and maintain Microsoft Entra B2B collaboration and cross-tenant access settings to support secure partner and guest access to enterprise applications, collaboration workloads, and external-facing business solutions.
- Engineer and administer external identity controls including invitation workflows, trust settings, guest lifecycle processes, access reviews support, and secure onboarding/offboarding patterns for third-party users.
- Design and implement security architecture for external access to SharePoint extranets, including authentication patterns, authorization boundaries, site and content protection models, sharing restrictions, and monitoring requirements.
- Define and implement Microsoft Purview Information Protection controls including sensitivity labels, encryption, data handling rules, and integration points with DLP and collaboration workloads.
- Design and implement Microsoft Purview Message Encryption and related encrypted mail protections for secure communication with external recipients, including policy-based encryption use cases and operational support models.
- Design, test, and tune Conditional Access policies to govern external access based on user, device, application, session, location, risk, and authentication context, using phased rollout and validation practices.
- Build secure access patterns for Power Platform applications, flows, and connectors through environment strategy, role design, data policies, connector governance, and identity controls.
- Define and implement security controls for Power BI reports, dashboards, semantic models, workspaces, sharing models, and external consumption scenarios.
- Partner with security, compliance, messaging, collaboration, and application teams to translate policy and regulatory requirements into enforceable cloud controls.
- Produce architecture diagrams, standards, control narratives, engineering runbooks, and operational procedures for steady-state support.
Requirements
- 8+ years of experience in Microsoft cloud engineering, with substantial hands-on responsibility for Microsoft 365, Azure, and enterprise security controls.
- 4+ years of direct experience designing and administering Microsoft Entra ID / Azure AD identity and access solutions.
- Deep experience with Microsoft Entra External ID / B2B collaboration, cross-tenant access, external collaboration settings, guest access governance, and secure partner access models.
- Strong experience implementing Microsoft Purview Information Protection capabilities, including sensitivity labels, encryption, and data protection policy integration.
- Strong experience designing Microsoft Purview Message Encryption / OME solutions for secure external email exchange.
- Proven experience designing and deploying Conditional Access policies in enterprise environments, including policy testing, exception handling, and access hardening.
- Experience securing SharePoint Online sites and extranets for external access, including site permissions, sharing models, and information protection considerations.
- Experience implementing governance and security controls for Power Platform, including environment strategy, roles, and data policies.
- Experience securing Power BI platforms, including workspace governance, dataset security, sharing controls, and report access design.
Tech Stack
- Azure
- Cloud
Benefits
- Health insurance: Medical, Dental, Vision, and Life Insurance
- 401(k) Retirement Plan (5% match on base compensation, immediate 100% vesting)
- Paid Time Off (PTO)
- Flexible Holiday Leave (88 hours per year)
- Parental Leave
- Employee Stock Ownership Plan (ESOP)
- Tuition Reimbursement & Learning Allowance
- Referral Bonus Program (up to $5k)