Job description

Job Description Eccalon is seeking a Compliance Security and Microsoft Cloud Analyst position that will play a critical role in both Cyber Compliance Operations and Cloud Security Engineering. This is a long-term career opportunity ideal for individuals who want to grow both their compliance knowledge and hands-on Microsoft Cloud Security engineering expertise. The selected candidate will help drive cybersecurity compliance initiatives aligned with Department of Defense (DoD) frameworks (NIST 800-53, NIST 800-171/172, FedRAMP and CMMC L1/L2/L3), while also designing, configuring, and implementing Microsoft Azure Government and M365 GCC High security controls across client environments. This position offers the ability to advance technical engineering skills, earn high-level security certifications, and grow into a leadership track in cloud security and compliance operations. Responsibilities Cloud Security Engineering (Azure Gov and M365 GCC High) • Assist in designing, configuring, and implementing Microsoft Azure Government and M365 GCC High security controls. • Support Azure Gov resource hardening, including Virtual Machines, Key Vaults, Storage Accounts, Defender for Cloud, Sentinel, Azure Policies, and Conditional Access. • Assist with Microsoft 365 GCC High Security & Compliance Center configurations, including DLP, Sensitivity Labels, Insider Risk, and Compliance Manager setup for CMMC and NIST alignment. • Configure and monitor Azure Sentinel Workbooks, Cloud Security Posture Management (CSPM), Defender for Endpoint (Gov), and Defender for Identity integrations. • Conduct Microsoft Secure Score reviews and remediation within GCC High and Azure Gov environments. • Assist in developing automated security monitoring dashboards and reporting using Azure Monitor, Microsoft Sentinel GCC High. • Support Azure network security hardening, including NSGs, ASGs, Private Endpoints, and Firewall rules. • Help develop and document Zero Trust Architecture alignment using Microsoft Cloud-native tools. Cyber Compliance Operations • Research, identify, and map NIST and DoD cybersecurity controls (NIST 800-53, 800-171/172, FedRAMP (M) and CMMC) to Microsoft Cloud implementations and On-premises environments. • Assist with System Security Plan (SSP), Policies, Procedures, and Plan of Action & Milestones (POA&M) documentation for client environments. • Support control gap analysis, evidence collection, and audit preparation for DoD contractor compliance. • Conduct security control validation testing (manual and automated), for both on-premises and cloud based systems. • Document and report on control effectiveness, remediation plans, and risk mitigation actions. • Assist with preparing security architecture diagrams showing how Microsoft Cloud services map to compliance controls. • Support client teams during external CMMC, NIST, or DFARS audits and assessments. • Help draft and revise Policies, Standards, and Procedures (PSPs) to align with DoD cybersecurity requirements. Required Qualifications • Bachelor’s in Cybersecurity, Cyber Defense or equivalencies. • Strong understanding of Microsoft Azure Government (IaaS/PaaS/SaaS) security configurations. • Hands-on experience with Microsoft 365 GCC High security and compliance solutions. • Familiar with Microsoft Defender XDR stack (Defender for Endpoint, Identity, Office 365, Cloud Apps) for GCC High. • Working knowledge of Azure AD/Entra ID security policies, Role-Based Access Control (RBAC), and Privileged Identity Management (PIM). • Experience with Azure Sentinel deployment and use case creation. • Familiarity with Azure Policy, Blueprints, and Resource Locks for governance and compliance. • Experience in NIST 800-53, 800-171, 800-172, FedRAMP (M) and CMMC L1/L2/L3 control frameworks. • Proficient in security documentation writing for Policies, Standards, System Security Plans, and POA&Ms. • Proficient in network security concepts, firewall rule sets, and enterprise network topology diagrams. • Critical Thinking and Problem Solving • Strong Verbal and Written Communication • Professional and Technical Writing • Collaboration and Teamwork • Multitasking and Task Prioritization • Adaptability and Initiative • Knowledge of Assessment and Audit Management Processes Preferred Qualifications • Master’s degree in information assurance and cyber security. • Strong knowledge of Microsoft Security Best Practices for Cloud (Azure Gov, M365 GCC High). • Ability to interpret DoD contract security clauses (DFARS, CMMC, NIST requirements) and apply them to cloud environments. • Familiarity with Microsoft Compliance Manager and Secure Score tools in GCC High. • Exposure to Defender for Cloud recommendations, regulatory compliance dashboards, and Microsoft Sentinel analytics rules. • Proficient in evaluating data protection (at rest, in transit, and in use) in both cloud and on-premises environments. • Ability to conduct technical research and compliance gap analysis, followed by Microsoft technology specific security remediation steps. Certifications (Preferred or obtainable within the first 12 months): • Microsoft Certified: Azure Security Engineer Associate - AZ 500 • Microsoft Certified: Cybersecurity Architect Expert - SC 100 • Microsoft Certified: Information Protection and Compliance Administrator Associate - SC 401 • Microsoft Cloud Administration (others): - SC 900 or SC 200 or SC 300 • Certified Information Systems Security Professional (CISSP) • Certified Information Security Manager (CISM) Behavioral Skills: • Servant Leadership Mindset: Proactively supports the team and organizational mission • Detail-Oriented: Consistently delivers thorough and accurate work • Team-Oriented: Works collaboratively across departments and client teams • Self-Motivated: Able to work independently and seek guidance when needed • Organized and Decisive: Able to manage multiple priorities with efficiency • Interpersonal Effectiveness: Builds strong, positive, and professional relationships Growth Opportunity This position offers a dual career track (Cloud Security Engineering + Compliance Operations). You will gain hands-on Microsoft Cloud Security Engineering expertise, DoD cyber compliance expertise, and management experience, with the opportunity to grow into an Enterprise Compliance & Cloud Security Team Lead role.

Requirements