Security Engineer — Microsoft Security Engineer

• 8–10 years total experience in cybersecurity or cloud infrastructure security.
• Minimum 4+ years of hands‑on experience with the Microsoft security stack in production enterprise environments.
• Demonstrated experience in deployment (greenfield and brownfield) as well as steady‑state security operations.
• Experience working in environments with 500+ managed endpoints.
• Exposure to regulated industries (healthcare, financial services, or equivalent) preferred.

Microsoft Purview

• Sensitivity label taxonomy design and auto‑labeling policy deployment at scale.
• DLP policy creation across Exchange, SharePoint, Teams, Endpoint, and AI Endpoint channels.
• Purview Audit Advanced configuration and log retention enforcement.
• Insider Risk Management policy design and tuning.
• Compliance Manager assessment configuration (HIPAA, SOC 2).
• Communication Compliance policy configuration.
• Records Management and retention label automation.

Microsoft Sentinel

• Sentinel workspace deployment including Log Analytics Workspace sizing and commitment tier selection.
• Data connector configuration: M365, Defender XDR, Entra ID, Azure Activity, custom sources.
• Strong KQL skills — can write custom detection queries from scratch.
• Analytics rule creation, tuning, and false‑positive reduction.
• Logic App playbook development — must have built at least two end‑to‑end automated response playbooks.
• HIPAA and SOC 2 workbook configuration.
• UEBA and entity behavior analytics configuration.

Microsoft Defender

• Defender for Endpoint Plan 2 deployment at scale — bulk onboarding via Intune.
• Defender for Cloud Apps — Cloud Discovery configuration, session policies, app sanctioning and blocking, custom app connectors
• Defender for Office 365 Plan 2 — Safe Attachments, Safe Links, anti-phishing, attack simulation setup
• Defender Vulnerability Management — risk-based prioritisation dashboard and reporting
• Defender for Cloud — CSPM configuration and regulatory compliance dashboard

Microsoft Entra ID

• Conditional Access policy design: Named Locations, device compliance, app‑based CA, sign‑in risk policies.
• PIM configuration for privileged role access.
• PIM configuration for privileged roles
• Entra Access Reviews — configuration and review cycle management
• Entra Terms of Use for policy enforcement
• Lifecycle Workflows for automated joiner-mover-leaver processes
• Identity Protection — risky user and risky sign-in policy configuration

Microsoft Intune

• MDM configuration: screen lock, encryption, and compliance profiles.
• MAM app protection policies for BYOD (no enrollment required).
• Windows Autopilot for bulk device enrollment.
• App deployment and managed browser configuration.

Azure Infrastructure

• Log Analytics Workspace creation, data retention configuration, archive tier setup.
• Azure Backup: vault configuration, backup policy design, restoration testing.
• Azure Key Vault for secrets management (service principals, automation credentials).
• Azure Monitor alert rules and diagnostic settings.
• Basic Azure networking — understands NSGs and private endpoints.

Automation & Tooling (Non‑Negotiable)

• PowerShell + Microsoft Graph API — able to script bulk Purview label deployments, bulk DLP updates, and Entra operations.
• Microsoft 365 DSC — used at least once for configuration baseline capture and drift detection.
• Sentinel All‑in‑One — familiarity with ARM/Bicep template‑based deployment and customization.
• Terraform or Bicep for Azure infrastructure as code (must know at least one).
• PnP PowerShell for SharePoint and Teams configuration tasks.