M365 Platform and Security Engineer

About The Position

Requirements

• 5+ years of experience administering Microsoft 365 and related cloud security platforms in an enterprise environment.
• Hands-on experience with Microsoft Entra ID, Intune, Microsoft Defender, Microsoft Purview, SharePoint, and Teams administration.
• Demonstrated experience implementing and managing Conditional Access, MFA, device compliance, DLP, retention, sensitivity labeling, and privileged access controls.
• Experience supporting or administering Microsoft 365 security and compliance capabilities in a regulated or policy-driven environment.
• Strong understanding of Microsoft 365 governance, tenant administration, identity and access management, endpoint management, and collaboration security.
• Ability to document standards, procedures, and technical configurations clearly and consistently.
• Strong problem-solving, organizational, and communication skills.
• Ability to work effectively across technical, operational, and leadership teams.

Nice To Haves

• Microsoft certifications such as MS-102, SC-300, SC-400, MD-102, or AZ-500.
• Experience supporting AI readiness, rollout, or governance.
• Experience with Microsoft Fabric administration or coordination.
• Experience working with MSPs, external partners, or outsourced support models.
• Experience in professional services, consulting, or other multi-project business environments.
• Familiarity with compliance and audit support.

Responsibilities

• Administer and maintain Microsoft Entra ID, Intune, Microsoft Defender, Microsoft Purview, SharePoint, Teams, and related Microsoft 365 services.
• Own baseline Microsoft Fabric control plane configuration and coordination in partnership with data and enablement teams.
• Ensure consistent, secure configuration across Microsoft E5 services.
• Manage tenant configuration, platform changes, testing, and documentation to support operational stability and scalability.
• Design, implement, and enforce identity, device, access, collaboration, and data protection controls.
• Establish governance standards that protect organizational data while minimizing user friction.
• Configure and maintain controls such as Conditional Access, MFA, Privileged Identity Management (PIM), device compliance policies, sensitivity labels, Data Loss Prevention (DLP), retention policies, and sharing boundaries.
• Partner with IT Operations, Security, and Enablement teams to ensure controls are practical, supportable, and adopted.
• Enable AI safely by implementing appropriate sensitivity labels, Data Loss Prevention (DLP) policies, retention controls, and sharing and access boundaries.
• Assess and remediate oversharing, permissions, and content exposure risks that could affect AI-enabled experiences.
• Ensure AI capabilities operate within approved governance, compliance, and access models.
• Develop tenant-wide standards that reduce support tickets and improve automation and self-service.
• Improve overall Microsoft E5 security posture without introducing excessive operational burden.
• Document platform standards, configurations, runbooks, and support procedures to support consistency and scalability.
• Recommend and implement improvements that strengthen governance, security, usability, and long-term maintainability of the Microsoft environment.
• Serve as the internal administrator for Microsoft tenant configuration in collaboration with MSP partners.
• Coordinate with MSPs and specialty vendors for overflow or specialized platform work as needed.
• Reduce long-term dependency on external providers for routine tenant administration while maintaining effective escalation paths for advanced or specialized support.

Benefits

• generous benefits program
• health coverage options
• employer-sponsored insurance
• retirement benefits
• generous time off
• programs that support learning, growth, and community engagement