Microsoft Security Engineer

We are looking for a Microsoft Security Engineer I to help identify, investigate, and mitigate endpoint threats within customer environments using Microsoft security technologies. The role covers the full Microsoft security stack—from monitoring alerts in Sentinel to enforcing identity policies in Entra —to keep managed clients protected, compliant and resilient.

• Assist in preparing client‑ready security reports, executive summaries, and monthly posture reviews
• Perform threat hunting exercises within customer environments using Microsoft Defender XDR, Sentinel and other tools to identify, investigate and remediate threats
• Help facilitate training for the security operations team to improve proficiency with Microsoft tools and workflows
• Collaborate with incident security operations teams to manage and resolve incidents for Microsoft customers in a timely manner
• Create and improve threat detection strategies based on intelligence from internal and external sources
• Support onboarding of new managed clients onto the Microsoft security stack
• Investigate endpoint, identity and cloud alerts; perform initial root‑cause analysis and document findings
• Support Defender XDR configuration across Endpoint, Identity, Cloud Apps and Office 365
• Tune detection rules, analytics queries (KQL) and suppression logic to reduce alert fatigue
• Participate in incident response efforts, coordinating with senior engineers and client stakeholders
• Identify repeatable tasks and propose automation solutions to improve team efficiency

• Hands‑on experience in cybersecurity, IT or a Microsoft cloud role (internships and lab experience count)
• Demonstrated familiarity with at least two Microsoft security tools (Sentinel, Defender, Entra , Intune or Purview)
• Understanding of core security concepts: SIEM, threat detection, identity management, endpoint protection and the MITRE ATT&CK framework
• Experience writing KQL queries or a clear demonstrated ability and motivation to learn
• Understanding of cloud security concepts and Azure services
• Ability to analyze and mitigate security threats and incidents
• Problem‑solving skills and the ability to work under pressure
• Excellent communication skills to collaborate with technical and non‑technical stakeholders
• Current Microsoft SC‑200 certification strongly encouraged

This is an onsite position based in the United States. All applicants must be legally authorized to work in the United States without the need for visa sponsorship.