Enterprise Security and Monitoring Administrator

About The Position

Requirements

• Strong knowledge of Microsoft Windows, Active Directory, Entra ID, and Microsoft 365
• Good working knowledge of cloud platforms such Microsoft Azure
• Excellent knowledge in security and monitoring tooling, such as antivirus, endpoint protection, identity protection, data security, application-based firewalls, SIEM, etc.
• Strong knowledge of public key infrastructure (PKI), ADCS, and encryption
• Strong knowledge of Zero Trust security principles
• Strong understanding of identity and access management and role-based access control concepts
• Solid understanding of authentication and authorization flows
• Good working knowledge of basic networking concepts, including TCP/IP, DNS, and DHCP
• Solid scripting skills in PowerShell; experience with other scripting/programming languages is a plus
• Strong analytical, critical thinking, and problem-solving skills
• Ability to troubleshoot and resolve system, application, and security-related issues
• Strong communication, interpersonal, and cross-functional collaboration skills
• Ability to articulate issues, risks, and proposed solutions to various levels of technology staff, management, and non-technical audiences
• Strong attention to detail and accuracy
• Ability to document and maintain security and monitoring policies, procedures, and configurations
• Ability to multitask efficiently yet prioritize and organize competing work demands
• Demonstrated integrity and commitment to strict ethical standards in all professional dealings
• Proven record of reliability and dependability
• Candidate must be a self-starter and independent, yet function as an integral part of a team
• Proven ability to work independently and collaboratively in a fast-paced, and security-conscious environment
• Candidate must demonstrate a high degree of initiative and motivation
• Ability to work flexible hours and be on-call
• Bachelor’s degree in Computer Science, Information Systems, or related field, or equivalent work experience
• 5+ years of professional experience managing medium-to-large enterprise Microsoft Windows environments, preferably in a law firm or professional services environment
• Strong experience with Microsoft Windows Server 2012-2025 and Windows 11
• Experience managing endpoint protection tools
• Experience securing all aspects of Active Directory Domain Services
• Hands-on experience with Azure/Entra ID cloud security, including, but not limited to conditional access, Defender for Endpoint, Defender for Cloud, and Defender for Identity
• Hands-on experience managing multifactor authentication solutions and identity federation
• Proven experience in incident response
• Experience working with Syslog and a SIEM

Nice To Haves

• Solid understanding of DevOps security preferred
• API programming skills are a plus
• Basic understanding of AI model infrastructure security is preferred
• Relevant Microsoft certifications: Azure Security Engineer Associate and Identity and Access Administrator Associate, or equivalent are preferred
• Professional cybersecurity certifications, such as Security+, GSEC, GCIH, etc. are preferred

Responsibilities

• Manages and supports endpoint protection solutions (e.g. EDR tools, Microsoft Defender for Endpoint), including log integrations into platforms
• Monitors, detects, and responds to security incidents and threats using antivirus, EDR, ITDR, FIM, SIEM, and data security tools
• Monitors and audits user activity to identify and evaluate anomalous behavior and activity, and coordinates with other IT staff and external parties as needed
• Implements and maintains security configurations and access rights to protect against unauthorized access, data loss, and other security threats against the firm’s on-prem infrastructure and cloud platforms
• Maintains regular server and application security updates and patches to mitigate vulnerabilities and enhance system performance, following established server patch management processes and procedures
• Develops custom alerts, dashboards, and reports to monitor anomalous activity and governance enforcement
• Conducts regular security audits and assessments on servers, applications, and related infrastructure services to identify and address misconfigurations and policy gaps and implement security best practices and recommendations
• Monitors and analyzes performance, availability, and security alerts for servers, applications, and services, using various tools and methods, such as dashboards, alerts, reports, logs, etc.
• Provides Tier 3 technical support and guidance for security and monitoring-related issues
• Develops and implements SOAR playbooks for automated response to threat detections
• Collaborates with information security and compliance teams to ensure compliance with industry standards
• Supports project delivery and execution of tasks related to areas of team responsibility
• Stays current with emerging trends and best practices in security, monitoring, cloud security, and AI model infrastructure security

Benefits

• competitive compensation
• excellent benefits package