Cybersecurity & Network Administrator

About The Position

Requirements

• CCNA certification.
• Demonstrated hands-on experience with Microsoft Azure — administering subscriptions, RBAC, resource governance, and Azure networking — along with Entra ID identity and access management.
• Hands-on experience administering Microsoft 365 and related security and identity tooling.
• Solid understanding of network fundamentals — routing, switching, VLANs, firewalls, and segmentation.
• Strong interpersonal and communication skills, with the ability to explain technical concepts to non-technical audiences and present confidently to groups.
• A personable, collaborative approach and a genuine willingness to help colleagues.

Nice To Haves

• Microsoft security certifications such as SC-300 (Identity & Access Administrator) or AZ-500 (Azure Security Engineer).
• Additional security credentials such as CompTIA Security+ or CISSP.
• Experience with Microsoft Intune, Defender, and Purview / DLP.
• Experience designing or operating Azure landing zones (hub-and-spoke) and infrastructure-as-code or policy-based governance.
• Experience delivering or building security awareness and phishing programs.
• IT experience in a manufacturing or industrial environment.

Responsibilities

• Design, implement, and maintain security policy across Microsoft 365, Azure, and Entra ID, aligned to least-privilege and Zero Trust principles.
• Build and manage Conditional Access policies, multi-factor authentication, and Entra ID Protection to control access and respond to identity risk.
• Govern privileged access through Privileged Identity Management (PIM), just-in-time elevation, role scoping, and review of administrative accounts.
• Manage endpoint security with Microsoft Defender and Intune — device compliance, configuration, and threat protection across endpoints.
• Implement data protection controls using Microsoft Purview / DLP, and monitor, triage, and respond to alerts surfaced in the Microsoft security stack.
• Administer Azure subscriptions, role-based access control (RBAC), and resource governance, applying security and compliance standards across the cloud estate.
• Support Azure network and infrastructure security — virtual networks, network security groups, and a hub-and-spoke landing zone model — in partnership with the broader IT team.
• Use Microsoft Defender for Cloud to assess posture, surface vulnerabilities, and drive remediation of identified risks.
• Partner with eSentire, BPP’s managed SOC-as-a-Service (SOC-aaS) provider, to support larger-scale threat detection and response, serving as the primary liaison between eSentire and BPP.
• Collaborate and communicate clearly and consistently across both teams — triaging and escalating alerts, providing environmental context, and ensuring eSentire’s findings translate into timely, well-coordinated action within BPP.
• Document standards and report on security configuration, audit readiness, and remediation of identified gaps.
• Partner with BPP’s managed network services provider (MSP), who supports day-to-day administration of the network, serving as the primary liaison between the MSP and BPP.
• Collaborate and communicate clearly and consistently with the MSP — coordinating changes, escalations, and projects, and ensuring network work stays aligned with BPP’s operational needs and security posture.
• Help administer and maintain Cisco routing and switching infrastructure alongside the MSP, including VLANs, trunking, inter-VLAN routing, and WAN links.
• Secure the network through segmentation, access control lists, and firewall policy, with a focus on protecting both office and manufacturing networks.
• Diagnose and resolve connectivity issues end-to-end, from the edge to the production floor, minimizing downtime in a manufacturing environment.
• Monitor network performance and capacity, manage wireless coverage, and plan for growth and resiliency.
• Keep network documentation, diagrams, and change records current and accurate.
• Develop and deliver company-wide cybersecurity training that is clear, engaging, and accessible to non-technical staff.
• Run phishing simulation campaigns, measure results, and coach employees on recognizing and reporting threats.
• Educate teams on the importance of privileged access controls, secure authentication, and good security hygiene across the organization.
• Be an approachable, trusted point of contact — someone people feel comfortable coming to with questions or concerns.
• Foster a culture of security awareness as a normal, everyday part of how the company operates.
• As part of a smaller, more agile IT team, flexibility is essential. The right person is happy to jump in and help with other work items, projects, and support tickets as workload demands — comfortable moving between focused, specialized work and broader day-to-day IT support to keep the team moving.