Security Engineer

Must be a US Citizen or Permanent Resident.

We are seeking a skilled Security Engineer with hands‑on experience implementing and securing Microsoft 365 environments and leveraging Splunk for security monitoring and analytics. This role will be responsible for designing, implementing, and maintaining security controls across Microsoft 365 platforms while enhancing detection, monitoring, and incident response capabilities using Splunk.

The ideal candidate has strong implementation experience, a deep understanding of Microsoft 365 security features, and the ability to build and tune security monitoring solutions in Splunk.

• Design, implement, and manage security controls within Microsoft 365 (Exchange Online, SharePoint Online, Teams, One Drive, Azure AD / Entra ).
• Implement and manage Conditional Access policies, MFA, identity protection, and zero‑trust security principles.
• Configure and manage Data Loss Prevention (DLP), retention policies, sensitivity labels, and information protection controls.
• Conduct security assessments and recommend improvements to harden M365 environments.

• Implement and maintain Splunk Enterprise / Splunk Cloud for security monitoring and log management.
• Ingest and normalize logs from Microsoft 365, Azure AD, Defender, endpoints, firewalls, and other security tools.
• Develop, tune, and optimize correlation searches, dashboards, alerts, and reports.
• Create and maintain detection use cases aligned to MITRE ATT&CK framework.
• Support incident investigations by analyzing Splunk logs and forensic data.
• Monitor security alerts and respond to incidents across M365 and integrated systems.
• Lead or support incident investigations, root cause analysis, and remediation efforts.
• Develop and maintain detection and response playbooks.
• Continuously improve detection coverage and reduce false positives.

• Assist with security audits, compliance initiatives, and risk assessments.
• Document architecture, configurations, and operational procedures.
• Collaborate with IT, cloud, and infrastructure teams to ensure secure implementations.
• Stay current on emerging threats, vulnerabilities, and Microsoft security updates.

• 3–7+ years of experience in cybersecurity, with hands‑on security engineering experience.
• Strong implementation experience with Microsoft 365 security controls.
• Experience deploying and managing Microsoft Defender suite.
• Hands‑on experience with Splunk (log ingestion, correlation searches, dashboards, alerting).
• Knowledge of Azure AD / Entra , Conditional Access, and identity security best practices.
• Experience with SIEM tuning and detection engineering.
• Understanding of networking fundamentals, authentication protocols (OAuth, SAML), and cloud security principles.
• Experience with incident response and threat analysis.

• Microsoft security certifications (e.g., SC-200, SC-300, SC-100, AZ-500).
• Splunk certifications (e.g., Splunk Core Certified Power User, Splunk Enterprise Security Admin).
• Experience with automation (Power Shell, Python).
• Knowledge of compliance frameworks (NIST, ISO 27001, SOC 2, HIPAA, etc.).
• Experience in hybrid environments (on‑prem + cloud).