Senior Associate Information Security

About The Position

Requirements

• Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience).
• 5+ years of progressive experience in information security
• Strong hands‑on experience with: Microsoft Defender XDR (Endpoint, Identity, Office 365, Cloud Apps) Microsoft Entra ID (Azure AD), Conditional Access, MFA, PIM Microsoft 365 security and compliance features Hybrid on-premises and Azure environments
• Proven experience leading incident response and security investigations.
• Solid understanding of security frameworks, risk management, and audit processes.
• Ability to communicate complex security topics clearly to executives and non‑technical audiences.
• Willing to work onsite full-time
• Qualifications may warrant placement in other job title.

Nice To Haves

• Microsoft security certifications (e.g., SC‑200, SC‑300, SC‑100, AZ‑500).
• Industry certifications such as CISSP, CISM, CRISC, or GIAC.
• Experience with Defender automation, KQL, Sentinel, or SOAR tooling.
• Experience in financial services, real estate, or regulated environments.
• Experience integrating third‑party tools with Microsoft Defender and M365.

Responsibilities

• Lead day‑to‑day security operations across Microsoft Defender XDR, including Defender for Endpoint, Identity, Office 365, Cloud Apps, Defender for Cloud, and Microsoft Sentinel
• Oversee detection, investigation, and response to security incidents, including phishing, BEC, endpoint compromise, identity attacks, and insider risk.
• Own and continuously improve incident response playbooks, tabletop exercises, and post‑incident reviews.
• Manage security monitoring, alert tuning, and automation (SOAR) to reduce noise and improve mean time to detect/respond (MTTD/MTTR).
• Govern Microsoft Entra ID security, including Conditional Access, MFA, Privileged Identity Management (PIM), identity protection, and access reviews.
• Partner with infrastructure and cloud teams to secure hybrid Active Directory, Azure subscriptions, and workloads.
• Ensure secure configuration baselines for endpoints, servers, and cloud resources using Microsoft security best practices.
• Maintain and mature the organization’s information security program, policies, and standards (e.g., access control, incident response, data protection).
• Map technical controls to frameworks such as NIST CSF, ISO 27001, or similar.
• Support audits, risk assessments, vendor security reviews, and regulatory/compliance initiatives.
• Track and report security risk, control effectiveness, and remediation progress to leadership.
• Partner with Legal, Compliance, and IT to protect sensitive data using Microsoft Purview, DLP, retention, and eDiscovery.
• Ensure appropriate controls for data classification, encryption, and information lifecycle management.
• Manage security operations resources (internal or MSSP).
• Serve as a trusted advisor to IT leadership and business stakeholders on security risk and strategy.
• Drive security awareness and training initiatives across the organization.
• Participate in architecture and project reviews to embed security by design.
• Perform other essential duties, as assigned.

Benefits

• generous benefits packages including comprehensive medical, dental and vision plans, 401k, educational and professional designation assistance, casual dress attire and much more!