Client First Technologies
Client First Technologies

Senior Enterprise Security Engineer

• Posted 19 hours ago • Updated 7 hours ago
Full Time
Fitment

Dice Job Match Score™

⭐ Evaluating experience...

Job Details

Skills

  • Military
  • Microsoft Exchange
  • Sharepoint Online
  • Microsoft Azure
  • Collaboration
  • Data Collection
  • Access Control
  • RMS
  • Messaging
  • Incident Management
  • Mentorship
  • Service Desk
  • Change Control
  • Risk Assessment
  • Documentation
  • Cyber Security
  • Information Technology
  • Security Engineering
  • Management
  • Microsoft Office
  • Hardening
  • Group Policy
  • Security Controls
  • Multi-factor Authentication
  • Windows PowerShell
  • Reporting
  • Privacy
  • Change Management
  • Legal
  • Technical Writing
  • SaaS
  • Microsoft
  • DLP
  • Electronic Discovery
  • Auditing
  • Regulatory Compliance
  • Workflow
  • PKI
  • Authentication
  • CISSP
  • System Integration Testing
  • Tier 2
  • DoD
  • Tier 3

Summary

Client First Technologies currently is seeking a Senior Enterprise Security Engineer in support of our government customer. The Senior Enterprise Security Engineer will provide enterprise security engineering and operational support for a large enterprise's Microsoft 365 environment and integrated identity, endpoint, and messaging services. This role focuses on designing, implementing, and sustaining security controls; supporting incident response and compliance activities; and partnering with Microsoft 365 engineering and service desk teams to reduce risk while maintaining mission operations.

This is a full-time, remote position. CFT offers a full benefits package, a collaborative work environment and a strong company culture. Veterans and military spouses are encouraged to apply.

Responsibilities
  • Engineer, implement, and maintain Microsoft 365 security configurations and governance across core workloads (Exchange Online, Teams, SharePoint Online, OneDrive) with an emphasis on risk reduction and compliance
  • Administer and tune security controls in Entra ID (Azure AD) including Conditional Access, MFA/Authentication Methods, Identity Protection, privileged access practices, and access reviews; coordinate with identity engineering teams when on-prem AD authority impacts changes
  • Design master Conditional Access rules to enforce Multi-Factor Authentication (MFA), block legacy authentication, and deny access from risky locations or unmanaged devices
  • Create dynamic membership rules to automatically add or remove users from security groups based on HR attributes
  • Maintain strict separation of duties between security groups used for application access and M365 groups used for collaboration
  • Support Microsoft Purview security and compliance features relevant to the environment, including auditing, retention/holds support, sensitivity labeling/AIP-related configurations, and assisting with eDiscovery and data collection security requirements (access controls, logging, defensible handling)
  • Support email and information protection troubleshooting for encrypted content scenarios (AIP/RMS/S/MIME), coordinating with messaging and eDiscovery staff for complex decryption, access, and review enablement needs
  • Operate and enhance security monitoring/alert response processes: validate alerts, conduct technical triage, analyze logs and audit records, recommend containment/remediation actions, and document findings for incident response workflows
  • Harden tenant security posture by applying secure configuration baselines, evaluating new M365 security capabilities, and recommending improvements to reduce attack surface and misconfiguration risk
  • Partner with endpoint and PKI security resources as needed to align M365 security controls with enterprise endpoint, certificate, and trust requirements; support cross-domain troubleshooting and remediation
  • Develop and maintain security runbooks, SOPs, and knowledge articles; provide technical mentoring to mid-level engineers and service desk staff on secure operational practices and common security issues
  • Support change/control processes by preparing technical implementation plans, risk assessments, validation steps, and rollback approaches for security-impacting changes; participate in change reviews as required
  • Provide clear, audit-ready documentation for security actions taken, including configuration changes, investigations, evidence collection, and control validation results; support periodic reporting and metrics as required

Requirements

Qualifications
  • Bachelor's degree in Cybersecurity, Information Technology, or related field (or equivalent professional experience)
  • Minimum of eight (8) years of enterprise security engineering experience, including direct hands-on administration of Microsoft 365 / Entra ID security capabilities
  • Strong working knowledge of M365 security and compliance concepts (tenant hardening, identity security, group policy, information protection, auditing, retention, and defensible data handling)
  • Experience implementing and supporting identity security controls (Conditional Access, MFA, privileged access practices) in hybrid enterprise environments
  • Experience investigating security incidents and performing log/audit analysis; ability to document findings and recommend remediation actions
  • Proficiency with PowerShell (with Microsoft Graph) for administration, reporting, and troubleshooting in M365/Entra ID environments
  • Experience working in regulated environments with strict security, privacy, and change management requirements
  • Ability to communicate effectively with technical teams and non-technical stakeholders (operations, compliance, legal) and produce clear technical documentation
  • Experience with Microsoft Defender (for M365, Endpoint, Identity, and/or Cloud Apps) in an enterprise environment
  • Experience with Microsoft Purview (Information Protection, DLP, eDiscovery, Audit) and operational support of compliance workflows
  • Familiarity with PKI concepts and certificate-based authentication and troubleshooting in enterprise environments
  • Relevant certifications preferred (e.g., SC-200, SC-300, SC-400, AZ-500, CISSP, or equivalent)

Physical Demands
  • Must be able to sit and stand for extended periods of time
  • Occasional travel and overtime may be required

Required Clearances and Screenings
  • This position is subject to a government background investigation and must meet eligibility for a position designated with Moderate Risk sensitivity
  • Candidates with current Veterans Affairs (VA) Tier 2/Moderate Background Investigation or equivalent (e.g., DoD Tier 3/NACLC, Active Secret) are preferred
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 80184163
  • Position Id: d46615384fdb094d6419e0393c127e51
  • Posted 19 hours ago
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Senior Security Engineer, Enterprise Security

Bellevue, Washington

20d ago

Full-time

USD 165,000.00 - 242,000.00 per year

Security Engineer

Chicago, Illinois

Today

Full-time

USD 78,016.00 - 119,191.00 per year

Senior Security Engineer

Lititz, Pennsylvania

Today

Full-time

Senior Enterprise Systems Engineer

Miramar, Florida

Today

Full-time

Search all similar jobs