Microsoft 365 Information Security Specialist

We are seeking highly skilled Microsoft 365 Information Security Specialists to join our team. The ideal candidates will be responsible for planning and implementing information security measures for sensitive data using Microsoft Purview and related services. This role is critical in mitigating risks by protecting data within collaboration environments managed by Microsoft 365 from both internal and external threats, as well as securing data utilized by AI services.

Key Responsibilities:

• Information Protection: Implement information protection strategies to safeguard sensitive data.
• Data Loss Prevention (DLP): Develop and enforce DLP policies to prevent unauthorized data sharing and leakage.
• Data Retention: Establish and manage data retention policies to ensure compliance and regulatory adherence.
• Insider Risk Management: Monitor and manage insider threats by identifying and mitigating potential risks.
• Information Security Alerts and Activities: Oversee and respond to information security alerts, ensuring timely and effective actions.
• Data Classification Label Strategy: Develop and implement a strategy for data classification and labeling to ensure proper handling of sensitive information.
• Identity and Access Management (IAM) Strategy for Collaboration Services: Design and manage IAM strategies to secure access to collaboration services within Microsoft 365.
• Data Security Posture Management: Continuously assess and improve the security posture of data within Microsoft 365 environments.
• Collaboration with Governance and Security Roles: Work with roles responsible for governance, data, and security to develop policies aimed at achieving the organization's information security and risk reduction goals.
• Stakeholder Collaboration: Collaborate with workload administrators, business application owners, and governance stakeholders to implement technology solutions that support necessary policies and controls.
• Incident Response: Participate in responding to information security incidents, ensuring appropriate measures are taken to mitigate and resolve issues.
• Entra ID Administration: Manage user identities and access, enforce security policies, and oversee identity governance.
• Exchange Online Administration: Maintain and troubleshoot email services, ensure data integrity and compliance.
• Exchange On-Premises Infrastructure Management: Manage the on-premises Exchange infrastructure for SMTP Relay and business continuity support.
• License Management: Optimize license allocations, ensure compliance with software licensing agreements.
• Azure Information Protection: Implement data classification, labeling, and encryption policies to protect sensitive information.
• Data-at-Rest Encryption: Apply and manage encryption solutions for stored data, including managing Thales HSMs to support encryption requirements.
• Service Onboarding: Facilitate smooth integration of new services into the existing IT ecosystem.
• Entra ID Service Principal Management: Administer service principals, configure permissions, and manage automated workflows, including the creation, rotation, and expiration of secrets and certificates.
• Managed Identities in Microsoft Entra: Oversee the creation, configuration, and management of managed identities, ensuring secure access control and continuous monitoring.
• Entra ID Federation Administration: Manage identity federation, enabling seamless single sign-on experiences.
• Business Continuity: Develop and test disaster recovery plans, ensure service resilience.
• Training and Support: Provide training and support to end-users and administrators, ensuring they are proficient in using the software.
• Documentation: Maintain detailed documentation of security policies, procedures, and incident responses.

Qualifications:

• 5-7 years of experience in managing and securing Microsoft 365 environments.
• Bachelor s degree or higher in Computer Information Systems or an equivalent field.
• Advanced knowledge of Microsoft Purview, Entra ID, Exchange Online, SharePoint Online, and Exchange On-Premises.
• Expertise in Azure Information Protection and data-at-rest encryption.
• Strong knowledge of security and compliance features within Microsoft 365, such as data protection, encryption, access control, and data retention.
• Excellent analytical and troubleshooting skills to resolve technical issues efficiently.
• Ability to use PowerShell for automation and management tasks.
• Familiarity with identity federation and business continuity planning.

Looking for:

• Microsoft 365 Certified: Fundamentals
• Microsoft 365 Certified: Administrator Expert
• Microsoft 365 Certified: Information Security Administrator Associate