Principal Systems Engineer

We are seeking a highly skilled PrincipalMicrosoft 365 Security & Compliance Engineer with deep expertise inimplementing, managing, and optimizing security controls across our Microsoftecosystem. The ideal candidate will have extensive hands-on experience withMicrosoft Purview, Defender for Endpoint, Azure Active Directory (Entra)Identity Protection, Intune security configurations, and Jamf Pro securitymanagement. This role requires demonstrated proficiency in security policyimplementation, compliance frameworks, data loss prevention (DLP), and advancedPowerShell scripting for security automation. The successful candidate willdrive our security strategy and implement robust compliance protocols acrossour diverse technology landscape with a focus on protecting sensitive data andmaintaining regulatory compliance.

• Design, implement, and maintain comprehensive Data Loss Prevention (DLP) policies across Microsoft 365, including
• Exchange Online, SharePoint Online, OneDrive, and Teams
• Lead the implementation of Microsoft Purview Information Protection for data classification, labeling, and protection across the organization
• Develop and enforce Conditional Access and Zero Trust security policies to secure access to corporate resources
• Ensure compliance with regulatory requirements including HIPAA, FedRAMP, SOC II, GDPR, and CCPA
• Create and maintain security baselines and hardening policies for Windows and macOS endpoints per NIST 800-171 requirements
• Conduct regular security assessments and compliance audits of Microsoft 365 environments
• Lead the implementation of SDLC practices for secure systems implementation and integration

• Implement and maintain advanced security configurations in Jamf Pro for macOS fleet, including security policies,
• restrictions, and compliance reporting
• Configure and manage Microsoft Defender for Endpoint across all platforms, including threat and vulnerability
• management, attack surface reduction, and response actions
• Design and implement secure Mobile Application Management (MAM) policies to protect corporate data on mobile devices
• Create and enforce endpoint encryption policies for all managed devices
• Implement secure configurations for USB device control and external media protection
• Develop and maintain endpoint security reporting and compliance dashboards

• Implement and manage Azure AD Identity Protection to identify, investigate, and remediate identity-based risks
• Configure and maintain Multi-Factor Authentication (MFA) and Passwordless Authentication strategies
• Design and implement Privileged Access Management solutions for administrative accounts
• Create and maintain secure access policies for all corporate applications and resources
• Implement and maintain security for SharePoint advanced permissions management
• Ensure proper separation of duties and least privilege access principles across all systems

• Develop Advanced PowerShell scripts to automate security monitoring, reporting, and remediation
• Create integrations using Microsoft Graph API for security data correlation and analysis
• Implement security log collection and analysis across Microsoft 365 services
• Design and implement security integrations between Microsoft security tools and third-party solutions
• Automate security compliance reporting and vulnerability remediation workflows
• Integrate enterprise search solutions like Glean with DLP infrastructure to ensure search results comply with security policies

• Monitor and respond to security incidents and alerts from Microsoft 365 Defender suite
• Provide expert-level troubleshooting for security-related issues across the Microsoft ecosystem
• Develop and maintain security incident response procedures
• Collaborate with IT operations teams to ensure security best practices are followed
• Provide security guidance and consultation for new technology implementations
• Create and deliver security awareness training for end users

• 7+ years of experience implementing and managing security solutions within Microsoft 365 environments
• Deep expertise with Microsoft Purview compliance solutions and Data Loss Prevention (DLP) implementation
• Extensive experience with Microsoft Defender for Endpoint and advanced threat protection
• Advanced knowledge of Azure Active Directory security features, including Conditional Access and Identity Protection
• Strong experience with Jamf Pro security management for enterprise macOS environments
• Experience implementing and managing Intune security policies for Windows and mobile devices
• Thorough understanding of compliance frameworks including HIPAA, FedRAMP, SOC II, and GDPR
• Advanced proficiency in PowerShell scripting for security automation and compliance reporting
• Experience with Microsoft Graph API for security management and reporting
• Bachelor's degree in cybersecurity, information systems, or related field (or equivalent experience)

• CompTIA Security+ certification
• Certified Information Systems Security Professional (CISSP) certification
• Microsoft 365 Certified: Security Administrator Associate or Microsoft 365 Certified: Enterprise Administrator Expert
• Experience implementing Zero Trust security architectures
• Familiarity with cloud SIEM solutions such as Microsoft Sentinel
• Experience with security automation and orchestration
• Strong verbal and written communication skills with ability to translate technical security concepts to non-technical stakeholders
• This position is critical for maintainingour security posture and compliance status across our Microsoft environment andrequires a candidate who can balance robust security controls with businessoperational needs.