Senior Azure / Microsoft 365 Security Engineer
Dentsply Sirona · York, PA · 2 wk ago
Information TechnologyFull-time
Azure & Microsoft 365 Security Architecture
Owning Azure and Microsoft 365 security architecture patterns and engineering standards.
Leading implementation and optimization of Microsoft security platforms (Defender, Purview, Entra ID, Intune).
Acting as a senior escalation point for complex cloud and identity security issues.
Driving security posture improvement, risk reduction, and operational maturity across Microsoft platforms.
Responsibilities
- Azure & Microsoft 365 Security Architecture
- Design and maintain secure Azure landing zone and subscription patterns, including management groups, policy enforcement, network segmentation, and secure service exposure.
- Define and enforce identity and access architecture using Microsoft Entra ID (Azure AD), RBAC, Conditional Access, Privileged Identity Management (PIM), and managed identities.
- Establish and maintain Zero Trust-aligned controls across Azure and Microsoft 365 workloads.
- Microsoft Defender & Platform Protection
- Lead the design, deployment, and tuning of Microsoft Defender capabilities, including:
- Defender for Cloud
- Defender for Endpoint
- Defender for Identity
- Defender for Office 365
- Own secure configuration baselines, posture management, and remediation workflows aligned to Microsoft Secure Score and internal risk priorities.
- Partner with SecOps to reduce alert fatigue, improve signal-to-noise ratio, and enhance incident response workflows.
- Microsoft Purview & Data Protection
- Design and implement Microsoft Purview capabilities, including:
- Sensitivity labeling and information protection
- Data Loss Prevention (DLP) across Exchange, SharePoint, OneDrive, and Teams
- Records management and data lifecycle controls
- Partner with Legal, Privacy, and Compliance teams to ensure data protection controls align with regulatory and business requirements.
- Engineering Enablement & Continuous Improvement
- Define security standards, patterns, and guardrails that enable cloud and workplace teams to deploy securely by default.
- Review and influence Infrastructure-as-Code (ARM, Bicep, Terraform) and CI/CD pipelines to embed security controls early.
- Mentor junior engineers and act as a technical leader across Security Architecture & Engineering initiatives.
Requirements
- Education
- Bachelor’s degree in Cybersecurity, Computer Science, Engineering, Information Systems, or equivalent experience.
- Experience
- 7–10+ years of progressive experience in cybersecurity engineering, with deep hands-on experience in Azure and Microsoft 365 security.
- Proven experience designing and operating enterprise-scale cloud security controls.
- Strong experience integrating cloud platforms with SIEM/SOC operations.
- Key Skills & Knowledge
- Advanced knowledge of Microsoft Entra ID, Conditional Access, PIM, RBAC, and identity threat protection.
- Expert-level experience with Microsoft Defender (KQL, analytics rules, automation).
- Strong understanding of cloud security architecture, Zero Trust principles, and shared responsibility models.
- Ability to communicate complex security concepts to engineering teams and senior leadership.
- Certifications (Strongly Preferred)
- Microsoft Certified: Azure Security Engineer Associate (or successor).
- Microsoft SC-100 (Cybersecurity Architect) or equivalent senior-level certification.
- CISSP, CCSP, or GIAC cloud-focused certifications.
- Familiarity with NIST CSF / NIST SP 800-53 / ISO 27001 control frameworks.