JOB DESCRIPTION
The Senior Security Engineer is responsible for the design, implementation, and maintenance of robust security measures to protect our organization's Microsoft 365 environment. This role involves proactive threat detection, vulnerability management, and ensuring compliance with security policies and industry best practices. The ideal candidate will possess a deep understanding of Microsoft security features, emerging AI security risks, and a passion for safeguarding sensitive data.
Plan, design and build of security architectures to ensure strong security posture, compliance with regulations, and safeguard of customer data. Manage information systems security, including disaster recovery, database protection, and software development. Demonstrate the company's core values of respect, honesty, integrity, diversity, inclusion and safety.
Want more jobs like this?
Get Software Engineering jobs in Blue Ash, OH delivered to your inbox every week.
Role can be based in Cincinnati, OH | Boca Raton, FL | Charlotte, NC | Portland, OR
RESPONSIBILITIES
- Oversee identity and access management, cloud security, cryptography, logging and alerting, security operations, malware detection, incident response, vulnerability scanning, penetration testing, security architecture, and digital forensics
- Oversee the implementation of network and computer security and ensure compliance with corporate cybersecurity policies and procedures
- Assist with the monitoring of all security systems and their corresponding or associated software, including firewalls, intrusion detection systems, cryptography systems, and anti-virus software
- Monitor server and firewall logs, scrutinize network traffic, establish and update vulnerability scans
- Analyze and resolve complex security breaches and vulnerability issues in a timely and accurate fashion, and conduct user activity audits where required
- Manage and ensure the security of databases and data transferred both internally and externally
- Collaborate with penetration testing team to identify system vulnerabilities. Design, implement, and report on security system and end user activity audits
- Assist in developing new and modifying existing security policies and procedures to maintain compliance
- Evaluate existing and recommend new and emerging security technologies
- Conduct research on emerging products, services, protocols, and standards in support of security enhancement and development efforts
- Must be able to perform the essential job functions of this position with or without reasonable accommodation
Responsibilities:
Microsoft 365 Security Management:
- Implement and manage security configurations within Microsoft 365, including Exchange Online, SharePoint Online, Teams, and Azure Active Directory.
- Configure and maintain Microsoft Purview Information Protection, Data Loss Prevention (DLP), and Insider Risk Management policies.
- Monitor and respond to security alerts and incidents related to Microsoft 365 services.
- Manage Conditional Access policies to ensure secure access to Microsoft 365 resources.
- Administer and monitor Microsoft defender for O365.
Threat Detection and Incident Response:
- Utilize security information and event management (SIEM) tools and Microsoft 365 security logs to detect and analyze security threats.
- Participate in incident response activities, including containment, eradication, and recovery.
- Conduct regular security assessments and vulnerability scans of the Microsoft 365 environment.
Compliance and Auditing:
- Ensure compliance with relevant security standards and regulations, such as ISO 27001, NIST, and GDPR.
- Conduct regular security audits and assessments to identify and address security gaps.
- Prepare and maintain security documentation and reports.
Collaboration and Communication:
- Collaborate with IT and other departments to ensure security is integrated into all aspects of the Microsoft 365 environment.
- Provide security awareness training to employees on Microsoft 365 and security best practices.
- Communicate security risks and recommendations to management.
- Identify and track key metrics and produce operational and management reports.
QUALIFICATIONS
Minimum
- Bachelor's Degree computer science, information systems, or related technical field
- Any of the common languages (e.g., Perl, Python, Ruby, shell scripting)
- 5+ years of experience in a related security field
- Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, BGP and other routing protocols)
Desired
- Master's Degree computer science, information systems, or related technical field
- Proven experience in securing Microsoft 365 environments.
- Strong understanding of Microsoft 365 security features and best practices.
- Knowledge of AI security risks and best practices, particularly as they relate to generative AI.
- Experience with SIEM tools and incident response.
- Relevant certifications, such as Microsoft 365 Certified: Security Administrator Associate, or CISSP, are highly desirable.
- Strong understanding of Microsoft purview information protection.
Excellent communication and problem-solving skills.