Job Title: Microsoft 365 Security Engineer
Company: Conscious Networks
Location: Remote (U.S.) with occasional on‑site client visits
Job Type: Full‑Time
Salary Range: $100,000–$125,000
About the Role
Conscious Networks is seeking an experienced and security‑minded Microsoft 365 Security Engineer to join our team. In this role, you will administer, secure, and optimize Microsoft 365 across a variety of client tenants. You’ll work closely with our Helpdesk and engineering teams to design secure configurations, manage identity and access policies, strengthen email and threat protection, support compliance initiatives, and ensure our clients’ cloud environments remain resilient and well‑governed.
This is a mostly remote position; however, occasional on‑site presence may be required for client engagements, projects, or security assessments.
If you enjoy tackling complex security challenges in Microsoft 365, thrive in a multi‑tenant MSP environment, and want to play a direct role in protecting our clients' environments, we encourage you to apply.
Key ResponsibilitiesMicrosoft 365 Administration & Identity
- Create and manage users, groups, and administrative roles across multiple Microsoft 365 tenants.
- Configure and maintain Entra ID device registration/join (Azure AD joined, Entra ID registered, Hybrid).
- Design, deploy, and tune Conditional Access policies, MFA/passwordless authentication, sign‑in risk policies, and session controls.
- Support identity governance initiatives including access reviews, least‑privilege enforcement, and role‑based access design.
Threat Protection & Email Security
- Administer Defender for Office 365 (EOP/ATP), including anti‑spam, anti‑phishing, impersonation protection, Safe Links, Safe Attachments, spoof intelligence, transport rules, and message trace analysis.
- Manage and optimize Entra ID Protection, reviewing identity risks and driving remediation across tenants.
- Oversee message hygiene in hybrid setups and troubleshoot mail flow across Microsoft and 3rd‑party filtering systems.
Data Protection & Compliance (Microsoft Purview)
- Deploy, configure, and maintain Data Loss Prevention (DLP) across Exchange, SharePoint, OneDrive, Teams, and endpoints.
- Manage Information Protection including sensitivity labels, auto‑labeling, retention, and records management.
- Support Insider Risk, Audit (Standard & Premium), and other compliance‑related features.
- Execute eDiscovery (Standard & Premium) workflows: holds, searches, collections, review sets, and exports.
Endpoint Security & Configuration
- Collaborate with endpoint teams on Microsoft Intune, including compliance policies, configuration profiles, security baselines, and app protection (MAM).
- Support Defender for Endpoint onboarding, alert tuning, and device risk integration with Conditional Access.
Monitoring, Incident Response, & Automation
- Investigate incidents and alerts across Microsoft Defender XDR.
- (Where applicable) support Microsoft Sentinel integrations, write KQL queries, and help develop analytics rules.
- Automate administrative and security tasks using PowerShell and Microsoft Graph.
- Maintain runbooks, SOPs, and documentation for internal teams and client stakeholders.
Multi‑Tenant MSP Operations
- Work with GDAP, Microsoft 365 Lighthouse, and MSP tools for oversight, standardization, and posture management.
- Serve as Tier‑3 escalation for Microsoft 365 identity, email hygiene, DLP, and security incidents.
- Contribute to client‑facing reports, QBRs, and improvement plans.
Third‑Party Tooling & Integrations
- Support and manage security tools commonly deployed alongside Microsoft 365, including:
- Sophos Central (endpoint, server, MDR, encryption)
- SaaSAlerts (M365 security monitoring, alerting, multi‑tenant reporting)
- ID Agent / Dark Web monitoring tools
- 3rd‑party email filtering systems such as Proofpoint Essentials, Mimecast, Barracuda, Ironscales, etc.
- Integrate third‑party telemetry with Microsoft ecosystems for improved visibility and defense‑in‑depth.
QualificationsRequired
- 3–5+ years hands‑on experience administering and securing Microsoft 365, preferably in an MSP, consulting, or multi‑tenant environment.
- Demonstrable proficiency with:
- User & group administration and RBAC
- Entra ID device registration/join
- Conditional Access and MFA/passwordless
- DLP configuration and incident response
- eDiscovery Standard & Premium
- Defender for Office 365 (spam/phish/impersonation, Safe Links/Attachments)
- Entra ID Protection
- Strong PowerShell scripting; familiarity with Microsoft Graph.
Preferred Knowledge Areas
(Experience with several of the following is highly desirable)
- Microsoft Defender XDR (Endpoint, Identity, Cloud Apps, O365).
- Microsoft Purview (sensitivity labels, auto‑labeling, Insider Risk, Audit, retention).
- Intune/Endpoint Manager (compliance, baselines, Autopilot, MAM).
- Exchange Online transport and authentication (SPF/DKIM/DMARC).
- Teams/SharePoint/OneDrive governance and external sharing.
- Power Platform governance and connector DLP.
- Entra ID Governance: PIM, access reviews, workflows.
- Secure Score and Compliance Score improvement strategies.
- Microsoft Sentinel and KQL‑based investigations.
- Zero Trust, CIS/NIST/SOC2/HIPAA/PCI knowledge.
Certifications (Preferred)
- SC‑200, SC‑300, SC‑400
- AZ‑500
- MD‑102
- Security+ or equivalent
- CISSP (or equivalent experience)
Soft Skills
- Strong communication skills; ability to explain complex security topics clearly.
- Excellent documentation and runbook habits.
- Collaborative and client‑focused mindset.
- High ownership and accountability in a fast‑moving environment.
What We Value
- A proactive approach to security and continuous improvement.
- Commitment to delivering exceptional service to clients.
- A collaborative team environment and willingness to support broader organizational goals.
Join Us
If you're ready to help secure and modernize Microsoft 365 environments for a diverse client base, we’d love to hear from you. Please submit your resume and a brief note outlining relevant experience.
Only shortlisted candidates will be contacted.
Job Type: Full‑timeBenefits:
(Part of the standard Conscious Networks package)
- 401(k)
- 401(k) matching
- Health insurance
- Dental insurance
- Vision insurance
- Paid time off
- Tuition reimbursement
- Employee discount
Language:
Work Location:
- Remote (U.S.), with occasional on‑site visits as needed.
Job Types: Full-time, Permanent
Pay: $103,783.88 - $124,987.03 per year
Benefits:
- 401(k)
- 401(k) matching
- Dental insurance
- Employee discount
- Health insurance
- Paid time off
- Tuition reimbursement
- Vision insurance
Work Location: Remote