ECS is seeking a Microsoft Conditional Access Security Engineer to work in our Arlington, VA office.
Please Note: This position is contingent upon contract award.
ECS has an exciting position for a Microsoft Conditional Access Security Engineer as we deploy, manage, and hardening our Microsoft cloud environment, including Azure, Office 365 and Microsoft 365.
The Microsoft Conditional Access Security Engineer should thrive on complexity, possess an analytical mindset, and brings deep expertise on managing and securing Microsoft's cloud platform.
Key Responsibilities
- Serve as the go-to, subject matter expert (SME) for securing the Microsoft cloud tenant, advising on architecture, design, and implementation of secure solutions across Azure, O365, and M365.
- Lead the develop and enforcement of Conditional Access Policies, aligned with best practices for managing access control for personas, groups, and applications.
- Act as the primary SME in optimizing the Microsoft Defender suite of components (Defender for Endpoint, Defender for Cloud, Defender for Identity, and Defender for Office 365)
- Implement Microsoft Purview, including data classification and sensitivity labels, Data Loss Prevent (DLP), and eDiscovery workflows.
- Design, run and optimize Kusto Query Language (KQL) queries for Azure Sentinel, Defender, and log analytics.
- Partner with SOC and incident response teams to integrate logging, telemetry, alerting, and automated threat response/playbooks.
- Review and remediate security controls through vulnerability assessments, penetration tests, and red/blue team engagements.
- Guide cross-functional teams on security controls, compliance requirements, policy, and governance best practices
- US Citizen with ability to obtain/maintain Public Trust Suitability
- BA/BS+4 years of experience or 10+ years without degree
- Senior hands-on experience deploying, managing, and security Azure, Office 365 and Microsoft 365 in large enterprises
- 4+ years of experience engineering and configuring Microsoft Defender Ecosystem (Defender for Endpoint, Defender for Cloud, Defender for Identity, and Defender for Office 365), Microsoft Purview (DLP, sensitivity labels, eDiscovery), Conditional Access Policies (CAP), and Azure AD/EntraID
- Experience leveraging Kusto Query Language (KQL) for detection, investigation, response, and reporting
- Prior experience working within a Security Operations Center (SOC) Incident Response Team
- Active Expert Level certification (e.g. MSCE, AZ-900, AZ-500)
- Cybersecurity Certifications such as CISSP, OSCP, GCIH
- Strong networking, firewall, VPN and segmentation knowledge as it relates to cloud deployments
Report job
