Senior Microsoft Cloud & Security Engineer

About The Position

Requirements

• 5+ years of hands-on Microsoft cloud engineering experience in a senior systems administration or cloud engineering role, preferably in healthcare or another regulated industry.
• Demonstrated ownership of Microsoft 365 tenant administration: configuration, governance, security hardening, and continuous optimization at scale.
• Deep expertise in Microsoft Entra ID: Conditional Access, MFA, identity protection, PIM/RBAC, group-based access, break-glass patterns, and least-privilege design.
• Advanced Intune endpoint engineering: enrollment, compliance policies, configuration profiles, security baselines, application deployment, update rings, and Autopilot provisioning.
• Senior administration experience across Exchange Online, Teams, SharePoint, and OneDrive with a security-first lens.
• SSO engineering experience: build and deploy integrations using SAML and/or OAuth/OIDC; implement SCIM provisioning; troubleshoot federation, claims, and token issues.
• Hands-on Microsoft Defender for Endpoint experience: policy configuration, investigation, containment, and operational tuning.
• Security operations experience with Microsoft Sentinel or a comparable SIEM (Splunk, QRadar, LogRhythm): log ingestion, analytics rules, investigation workflows, and incident response.
• Strong operational discipline: change management (CAB), root cause analysis, configuration documentation, and runbook authorship.
• PowerShell scripting proficiency for M365, Entra ID, and Intune administration — able to write, maintain, and operationalize scripts for user lifecycle automation, compliance reporting, and bulk configuration tasks.
• Microsoft Graph API experience: querying and automating tenant operations (identity, device, policy, reporting) via Graph; ability to build and maintain Graph-based automation workflows using PowerShell or Power Automate.
• Familiarity with HIPAA technical safeguards and experience supporting audit readiness and evidence collection in a compliance framework (HITRUST CSF, NIST CSF 2.0, ISO 27001, or comparable).

Nice To Haves

• Microsoft Copilot for Security: hands-on experience using AI-assisted investigation, threat summarization, incident triage, and guided response within the Microsoft security stack.
• Microsoft 365 Copilot administration and governance: understanding of Copilot data residency, privacy controls, sensitivity label integration, and tenant-level configuration to enable AI features responsibly in a regulated environment.
• AI-assisted automation and engineering: demonstrated use of AI tools (GitHub Copilot, Claude, ChatGPT, or comparable) to accelerate scripting, runbook authorship, Graph API development, and operational workflow design.
• Azure security architecture: RBAC design, Managed Identities, Private Endpoints, and secure PaaS configuration.
• Microsoft Purview and/or DLP/DSPM experience for data governance, classification, labeling, and compliance reporting.

Responsibilities

• Identity & Access Engineering
• Endpoint Engineering
• Collaboration Platform Administration
• Security Engineering & Operations Support
• Tier 2/3 Support & Engineering Escalations

Benefits

• Bonuses driven by self-care, professional development, and individual KPIs
• $1,200 annual technology allowance
• 401(k) company match up to 3%
• Competitive Benefits – We offer competitive benefits including medical, dental, vision, EAP, life insurance, voluntary short-term, and employer-paid long-term disability. Generous PTO which includes 80 hours of vacation, 40 hours of sick leave, seven holidays, PLUS Winter Break (the last week of December). For those in the military reserves we offer 80 hours of paid military leave, and after one year of employment we offer 80 hours of Parental Leave for each birth/adoption.