Senior Security Cyber Engineer

About The Position

Requirements

• 5–7+ years of progressive cybersecurity experience in enterprise environments, with at least 3 years directly administering Microsoft security technologies.
• Demonstrated hands-on experience operating and supporting Microsoft Defender for Endpoint (alert investigation, device isolation, remediation workflows), Microsoft Sentinel (incident review, log analysis, basic-to-intermediate KQL query development), Microsoft Entra ID (Conditional Access policies, MFA enforcement, identity security troubleshooting), Microsoft Intune (endpoint security policies, device compliance, MDM configuration), and Microsoft Purview (DLP policy support and data protection controls).
• Practical experience investigating security incidents, including reviewing SIEM and EDR alerts, correlating identity, endpoint, and network telemetry, performing root cause analysis, and supporting containment and remediation activities.
• Experience working within a Microsoft 365 / Azure cloud environment, including Azure Firewall log review, VNet security fundamentals, and integration of cloud logs into Microsoft Sentinel.
• Working knowledge of Zero Trust principles and experience supporting secure access platforms such as Zscaler (ZIA/ZPA) or equivalent.
• Experience collaborating with a third-party SOC, including reviewing escalations, validating alert quality, and refining response workflows.
• Working knowledge of Layer 2 and Layer 3 networking concepts, including troubleshooting related to firewalls, routing, segmentation, and secure remote access.
• Experience supporting audit activities by gathering technical evidence and validating operational control effectiveness.

Nice To Haves

• Microsoft security certifications such as SC-200 (Security Operations Analyst), SC-300 (Identity and Access Administrator), or SC-100 (Cybersecurity Architect).
• GIAC certifications aligned to security operations or incident response (e.g., GCIH, GCED).
• Relevant SANS training in incident response, detection engineering, or Microsoft security operations.
• CISSP or other advanced cybersecurity certifications are considered a plus but not required.

Responsibilities

• Serve as the operational SME for enterprise cybersecurity platforms, including endpoint protection, identity security, zero trust controls, and SIEM technologies.
• Administer and support the Microsoft security stack, including Microsoft Defender (Endpoint, Cloud, Identity), Microsoft Sentinel (incident investigation, log analysis, KQL query support), Microsoft Entra ID (authentication, Conditional Access, access governance), Microsoft Intune (endpoint security configuration and MDM), and Microsoft Purview (DLP and information protection support).
• Participate directly in escalated or complex security incidents, engaging hands-on within Sentinel and Defender as needed for investigation and root cause analysis.
• Collaborate with an external SOC provider to review escalations, support investigations, refine detection workflows, and improve operational effectiveness.
• Support Zero Trust implementation leveraging Zscaler (ZIA/ZPA) and assist with secure access troubleshooting.
• Serve as an escalation point to User Support Services for advanced security-related issues, including endpoint alerts, authentication anomalies, and policy conflicts.
• Support Azure security monitoring activities, including Azure Firewall logs, VNet-related telemetry, and log integration into Microsoft Sentinel.
• Assist in patch governance oversight and validation of endpoint security configurations.
• Participate in internal and external audit activities by providing documentation and operational evidence supporting the effectiveness of security controls.
• Uphold policies and procedures aligned with recognized security frameworks such as CISA guidance, ISO standards, and MITRE ATT&CK.
• Utilize ticketing systems to document, track, and report on activities.
• Maintain awareness of evolving cybersecurity threats and recommend practical operational improvements.