Job description

Key Responsibilities: - Cloud and Identity Security - Administer and secure multiple Microsoft 365 GCC High and Microsoft 365 commercial tenants and AWS GovCloud and commercial accounts to align with NIST SP 800-171, NIST CSF, and ISO 27001 standards - Configure and harden identity and access management (Entra ID, AWS IAM), data loss prevention (Purview), and conditional access policies to enforce multi-factor authentication, single sign-on, and least privilege - Implement security guardrails and automation in partnership with IT and DevOps teams using Infrastructure as Code (Terraform, Ansible, CloudFormation) - Continuously drive security automation and visibility improvements across people, process, and technology - User and Endpoint Security - Engineer and enforce secure device baselines and policies via Intune and Jamf for unified endpoint management - Configure and maintain endpoint protection platforms (Defender, CrowdStrike) - Secure the user lifecycle through automated identity and device provisioning/de-provisioning, least-privilege enforcement, remote and traveling employee protection, and anomalous behavior monitoring - Reduce phishing and user-targeted threats through identity hardening, email protections, and user awareness feedback loops - Network Security - Engineer and maintain secure network architectures across global offices, remote, and cloud environments through VPNs, network segmentation, DNS filtering, secure network connectivity, and firewall configurations - Lead vulnerability, configuration, and asset management to maintain secure baselines and visibility across all enterprise systems - Support incident response through automation, playbooks, and forensic readiness - Application Security - Harden and monitor SaaS applications through secure SaaS controls, SSO/SAML enforcement, SCIM provisioning, and least privilege - Manage shadow IT detection, vendor risk reviews, and data protection Required Qualifications: - 3+ years proven experience administering and securing Microsoft 365 through Intune + Jamf, Entra ID, Defender, Purview, and Sentinel - Hands-on experience securing AWS environments, including secure configurations of IAM, GuardDuty, CloudTrail, Config, Security Hub, and encryption/key management controls - Proven proficiency in scripting and automation (i.e., Python, PowerShell, Bash) - Familiarity with cloud and identity ecosystems (i.e., Azure, AWS, Okta, Entra ID, Active Directory) - Eligibility for a DoD security clearance required Preferred Qualifications: - Experience with highly regulated frameworks such as NIST SP 800-171, NIST SP 800-53, ISO 27001, or FedRAMP - Familiarity with cloud and endpoint observability and EDR tools (i.e., Defender, CrowdStrike, Sentinel, Splunk) - Demonstrated experience automating compliance and audit processes - Experience implementing and managing secure cloud architecture and controls using Infrastructure as Code tools (i.e., Terraform, CloudFormation, Ansible) - Proven ability to design and operate Zero Trust Network Access - Experience implementing network intrusion detection and response tools - Demonstrated ability to evaluate SaaS vendor security posture and integrate approved applications securely into the environment - Background in defense, aerospace, or high-assurance manufacturing - Relevant security certifications (SC-100, MS-500, MD-102, AWS Certified Security - Specialty, GCSA, GCIA, CISSP, CCSP) Physical Demands - Prolonged periods of sitting and computer work - Occasional standing and walking within the office - Manual dexterity to operate computers and office equipment - Visual acuity to read screens and documents - Occasional reaching or lifting up to 20 pounds (e.g., equipment or supplies)

Requirements