Principal Systems Engineer

• Design, implement, and maintain comprehensive Data Loss Prevention (DLP) policies across Microsoft 365, including

• Exchange Online, SharePoint Online, OneDrive, and Teams

• Lead the implementation of Microsoft Purview Information Protection for data classification, labeling, and protection across the organization

• Develop and enforce Conditional Access and Zero Trust security policies to secure access to corporate resources

• Ensure compliance with regulatory requirements including HIPAA, FedRAMP, SOC II, GDPR, and CCPA

• Create and maintain security baselines and hardening policies for Windows and macOS endpoints per NIST 800-171 requirements

• Conduct regular security assessments and compliance audits of Microsoft 365 environments

• Lead the implementation of SDLC practices for secure systems implementation and integration

Endpoint Security Management

• Implement and maintain advanced security configurations in Jamf Pro for macOS fleet, including security policies,

• restrictions, and compliance reporting

• Configure and manage Microsoft Defender for Endpoint across all platforms, including threat and vulnerability

• management, attack surface reduction, and response actions

• Design and implement secure Mobile Application Management (MAM) policies to protect corporate data on mobile devices

• Create and enforce endpoint encryption policies for all managed devices

• Implement secure configurations for USB device control and external media protection

• Develop and maintain endpoint security reporting and compliance dashboards

**Identity & Access Security
**

• Implement and manage Azure AD Identity Protection to identify, investigate, and remediate identity-based risks

• Configure and maintain Multi-Factor Authentication (MFA) and Passwordless Authentication strategies

• Design and implement Privileged Access Management solutions for administrative accounts

• Create and maintain secure access policies for all corporate applications and resources

• Implement and maintain security for SharePoint advanced permissions management

• Ensure proper separation of duties and least privilege access principles across all systems

**Security Integration & Automation
**

• Develop Advanced PowerShell scripts to automate security monitoring, reporting, and remediation

• Create integrations using Microsoft Graph API for security data correlation and analysis

• Implement security log collection and analysis across Microsoft 365 services

• Design and implement security integrations between Microsoft security tools and third-party solutions

• Automate security compliance reporting and vulnerability remediation workflows

• Integrate enterprise search solutions like Glean with DLP infrastructure to ensure search results comply with security policies

**Security Operations
**

• Monitor and respond to security incidents and alerts from Microsoft 365 Defender suite

• Provide expert-level troubleshooting for security-related issues across the Microsoft ecosystem

• Develop and maintain security incident response procedures

• Collaborate with IT operations teams to ensure security best practices are followed

• Provide security guidance and consultation for new technology implementations

• Create and deliver security awareness training for end users

**You've Got What It Takes If You Have...
**

• 7+ years of experience implementing and managing security solutions within Microsoft 365 environments

• Deep expertise with Microsoft Purview compliance solutions and Data Loss Prevention (DLP) implementation

• Extensive experience with Microsoft Defender for Endpoint and advanced threat protection

• Advanced knowledge of Azure Active Directory security features, including Conditional Access and Identity Protection

• Strong experience with Jamf Pro security management for enterprise macOS environments

• Experience implementing and managing Intune security policies for Windows and mobile devices

• Thorough understanding of compliance frameworks including HIPAA, FedRAMP, SOC II, and GDPR

• Advanced proficiency in PowerShell scripting for security automation and compliance reporting

• Experience with Microsoft Graph API for security management and reporting

• Bachelor's degree in cybersecurity, information systems, or related field (or equivalent experience)

Extra dose of awesome if you have...

• CompTIA Security+ certification

• Certified Information Systems Security Professional (CISSP) certification

• Microsoft 365 Certified: Security Administrator Associate or Microsoft 365 Certified: Enterprise Administrator Expert

• Experience implementing Zero Trust security architectures

• Familiarity with cloud SIEM solutions such as Microsoft Sentinel

• Experience with security automation and orchestration

• Strong verbal and written communication skills with ability to translate technical security concepts to non-technical stakeholders

• This position is critical for maintainingour security posture and compliance status across our Microsoft environment andrequires a candidate who can balance robust security controls with businessoperational needs.

#LI-Onsite