Systems Engineer – Microsoft 365 Security & Compliance​/Endpoint Security Engineer; GCC

Description

Leidos is seeking an experienced M365 Security and Compliance Administrator to join our Information Technology team. This role requires a seasoned professional who can strategically manage and enhance the security and compliance posture of the M365 environment within a GCC (Government Community Cloud) tenant, particularly in a federal agency context. This senior engineering role sits at the center of the organization’s device, identity, and M365 security ecosystem.

The engineer is responsible for protecting enterprise Windows, macOS, iOS/iPadOS endpoints; ensuring compliant, reliable access to M365 services, and driving rapid engineering responses to vulnerabilities, outages, and operational risks. The successful candidate will apply with deep technical expertise, cross-platform engineering capability, and high operational security judgment.

Role

Summary:

Responsible for securing and maintaining compliance of the Microsoft 365 (M365) ecosystem and enterprise endpoints. Leads security governance, implements and enforces controls across M365, email, identity, devices, and telemetry, and provides incident response and audit/ATO support to ensure alignment with federal and organizational security requirements.

Primary Responsibilities

Strategic security oversight & governance

• Lead the development, implementation, and ongoing management of M365 security policies, standards, and technical guardrails aligned to federal requirements and organizational controls.

• Own governance for data protection capabilities including document classification, labeling, retention, and Data Loss Prevention (DLP) using Microsoft Purview.

Email security & compliance management (Exchange Online)

• Define and enforce email security policies such as encryption, sensitivity labeling, and secure mail flow to reduce unauthorized disclosure.

• Implement and maintain email encryption solutions (S/MIME and/or Microsoft Information Protection) to protect confidentiality of email communications.

• Administer and monitor anti-spam, anti-phishing, and anti-malware protections to defend against evolving threats.

Identity, access, and conditional access (Entra )

• Engineer and validate device-compliance–based Conditional Access policies across Windows, macOS, and mobile platforms.

• Investigate and remediate Conditional Access failures, identity anomalies, and external/guest access issues, including M365 B2B trust and secure partner collaboration requirements.

Endpoint & device security engineering (Intune)

• Design, test, and deploy Intune configuration and compliance policies for Windows, macOS, and iOS/iPadOS, including Enrollment Status Pages (ESPs) and OOBE workflows.

• Develop remediation scripts (Power Shell/platform scripts/configuration profiles) to close compliance gaps and enforce security baselines.

• Coordinate enterprise rollout of urgent vulnerability mitigations and validated vendor fixes; support vulnerability reviews and baseline rebuilds.

Risk management & compliance assurance (ATO / controls)

• Establish and operate a risk management approach to identify, assess, and mitigate security risks across the M365 ecosystem.

• Support ATO/control assessment activities by drafting implementation statements, collecting artifacts, and providing evidence aligned to audit/logging requirements.

Security monitoring, SIEM, and telemetry engineering (Defender / Sentinel)

• Lead integration and operational management of Microsoft Defender and Microsoft Sentinel for threat detection, alerting, and response across M365.

• Build and maintain SIEM integrations/connectors (e.g., M365, collaboration and identity systems) and develop ingestion pipelines (e.g., Azure Function Apps) for third-party logs.

• Tune audit retention, analytic rules, and alert logic to improve signal quality and investigation readiness.

Incident response & operational support / collaboration

• Provide Tier 3 troubleshooting for device compliance failures, identity/access incidents, telemetry gaps, and OS/app protection issues.

• Partner with cross-functional teams to align security solutions with business objectives, deliver technical leadership, and support enterprise syncs and operational reviews.

Continuous…