IT Security Engineer

Skills & Requirements:
- 6+ years of hands-on IT experience with a dedicated focus on security operations or security engineering.
- Deep working knowledge of the Microsoft security stack: Defender for Endpoint, Microsoft Sentinel (SIEM/SOAR), Azure Security Center, Purview Compliance Manager, Purview Information Protection, Defender for Cloud, Intune, and Conditional Access Policies.
- Hands-on DLP experience including policy configuration, alert investigation, and incident response.
- Proven threat hunting experience using structured methodologies in production environments.
- Familiarity with Managed Extended Detection and Response (MXDR) services and integration with internal SOC operations.
- Working knowledge of HIPAA requirements and experience handling PHI in compliance with applicable regulations.
- One or more relevant certifications preferred: OSCP, OSWE, CISSP, CEH, GPEN, AZ-500, SC-200, or SC-300.
- Proficiency in Microsoft 365 (Word, Excel, PowerPoint, Outlook).
- Strong analytical skills and clear written and verbal communication across both technical and non-technical audiences.
- Bachelors degree or higher in Computer Science, Cybersecurity, or related field is preferred.

Main Duties & Responsibilities:
- Conduct proactive threat hunting across the environment, actively seeking indicators of compromise and attacker behavior rather than relying on alert-driven detection alone.
- Plan and run red team/blue team exercises to stress-test defensive coverage and drive improvements to security operations.
- Perform vulnerability assessments using established security tooling and prioritize findings for remediation based on risk.
- Design and implement security controls across cloud and on-premises environments.
- Build and maintain security monitoring and alerting solutions that provide consistent visibility into threats and policy violations.
- Manage the DLP program — monitoring alerts, investigating incidents, and coordinating with relevant teams to reduce exposure and prevent data loss.
- Operate Microsoft Defender for Endpoint, Microsoft Sentinel, Azure Security Center, Microsoft Purview, Defender for Cloud, Microsoft Intune, and Conditional Access Policies to detect, triage, and respond to incidents in real time.
- Support MXDR operations, coordinating with managed service providers to ensure broad threat coverage and timely response.
- Contribute to SDLC process development, embedding security checkpoints across all phases of software delivery.
- Evaluate emerging security technologies and contribute recommendations that influence the organization's tooling strategy.
- Stay current on the evolving threat landscape, including zero-day vulnerabilities and adversary tactics relevant to Microsoft environments, and apply that knowledge to sharpen detection capabilities.
- Handle all data in strict accordance with PHI and HIPAA requirements.