Cybersecurity & Compliance Administrator

About The Position

Requirements

• Bachelor's degree (or equivalent practical experience) in information technology, cybersecurity, information systems, or a related field.
• 7+ years of experience in security administration, security operations, compliance operations, or adjacent IT roles with direct security responsibility.
• Demonstrated hands-on experience administering Microsoft 365 security and compliance services, including Microsoft Purview and Microsoft Defender in an enterprise environment.
• Proven background in security incident response, investigation, and documentation in regulated or high-risk environments.
• Working knowledge of system security best practices, access control, secure configuration, and audit logging.
• Strong written and verbal communication skills; able to translate technical security risk into clear, actionable steps and documentation.
• Comfortable operating as a self-directed individual contributor in a fast-paced and evolving environment.
• Excellent technical and interpersonal communication skills; able to translate security risk into actionable steps.
• Comfortable in a fast-paced, dynamic, and ambiguous environment.
• Positive attitude, strong ownership mindset, strong professional judgement and ability to earn trust and maintain professional relationships.
• Must be a U.S. citizen or national, U.S. permanent resident (current Green Card holder), or lawfully admitted into the U.S. as a refugee of granted asylum.

Nice To Haves

• Direct experience implementing or operating CMMC Level 2 and/or NIST SP 800-171 controls, including evidence collection and assessment preparation.
• Experience with centralized logging or SIEM platforms and detection playbook development.
• Experience with cloud-based service integrations (webhooks/REST APIs) and security-relevant automation.
• Experience with security-related scripting/automation practices and languages (Python, JavaScript, Ansible, SOAR-style workflows etc.).
• Familiarity with hybrid cloud and on-prem infrastructure in regulated environments, including air-gapped networks.

Responsibilities

• Configure and manage Microsoft Purview capabilities (data classification, DLP, retention, eDiscovery) to support compliance objectives.
• Develop and maintain Purview-derived compliance artifacts and evidence outputs for CMMC 2.0 Level 2 and NIST SP 800-171.
• Define and operate data retention and deletion procedures.
• Configure, tune, and operate Microsoft Defender security controls across various environments.
• Monitor alerts, investigate suspicious activity, and drive remediation actions.
• Establish and maintain detection and response playbooks.
• Own and maintain the Security Incident Response Plan.
• Lead security incident response from identification through lessons learned.
• Perform root-cause analysis and coordinate corrective actions.
• Proactively implement threat prevention measures.
• Maintain an incident register.
• Maintain the System Security Plan (SSP) and Plan of Actions & Milestones (POA&M).
• Support definition and maintenance of the CUI boundary.
• Translate CMMC and NIST control requirements into concrete configurations and procedures.
• Collect, organize, and maintain audit-ready evidence.
• Define and maintain a centralized logging strategy (SIEM).
• Establish and operate secure data transfer procedures for air-gapped and restricted environments.
• Partner with Network Architecture to design and maintain secure monitoring architectures for restricted and air-gapped environments.
• Support integrations between cloud-based services and the Microsoft security/compliance ecosystem.
• Contribute to automation where appropriate.
• Work closely with IT and engineering teams to ensure smooth operations and secure-by-default practices.
• Document, categorize, and prioritize security issues.
• Enforce approved security, compliance, and privacy policies.
• Collaborate with Network Architecture on secure network design, segmentation strategy, and enforcement controls.
• Implement privacy impact assessments (PIAs).
• Partner with Legal and HR to document GDPR and CCPA applicability.
• Support inclusion of appropriate data privacy and security terms in third-party contracts.

Benefits

• Medical coverage
• Dental coverage
• Vision coverage
• Basic life insurance
• Supplemental life insurance
• Short-term disability
• Long-term disability
• Paid parental leave
• 401(k) with a company match of up to 6%
• Equity
• Flexible Paid Time Off (PTO)
• Paid sick time
• 13 company-paid holidays
• Annual paid company shutdown