Job Description

Key Requirements

• Contractor must be a U.S. citizen. Security clearance is not required.
• Experience with Defender, Sentinel, Intune, Entra ID, Okta, Tenable, Purview, Varonis, AI solutions and related security monitoring, SCORM 2.0

• Knowledge of NIST 800-171 / CMMC
• SOC / security operations experience
• Preferred certifications: SC-200, CISSP

Past Performance

• Support during IT transformations
• Defender/SIEM operations
• Vulnerability management experience
• DLP rollout based on Varonis and Purview

Tasks and Responsibilities

Security Configuration & Hardening
 Assist with implementation and validation of:
o CIS baseline configurations (L1 minimum)
o Secure configuration of endpoints, identities, and cloud services

 Validate security configurations across:
o Entra ID (Azure AD)
o Intune-managed devices
o Microsoft 365 services
 Identify and remediate configuration drift

Vulnerability Management
 Validate agent deployment and reporting coverage
 Perform vulnerability triage and prioritization
 Track remediation progress and validate closure
 Identify gaps in scanning coverage (devices, subnets, cloud resources)

Microsoft Defender Support
 Assist with configuration, tuning, and validation of:
o Microsoft Defender for Endpoint
o Defender for Cloud Apps
o Defender for Identity

 Ensure:
o Devices are properly onboarded
o Telemetry is being received
o Alerts are actionable and tuned
 Support Advanced Hunting queries and validation
 Assist configuration and install of ARC on servers

Logging & Monitoring
 Validate log ingestion into Microsoft Sentinel and/or SIEM
 Ensure telemetry coverage across:
o Endpoints
o Identities
o Cloud applications
 Identify gaps in logging or integration
 Assist in alert tuning and reduction of false positives
 Validate integrations (e.g., Okta, Defender, M365, network tools)

Identity
 Okta MFA support
 Access Reviews
Migration Security Validation
 Validate security posture before, during, and after migration waves:
o Devices properly onboarded to security tools
o Policies applied correctly
o No loss of visibility or control
 Identify and escalate security gaps introduced by migration activities
 Mobile Device MAM/MDM support

Data Loss Prevention
 Design and Concept Review, in particular to cover AI workloads and telemetry received via
Defender CSPM/AI modules
 Definition and implementation of related:
o Purview Rules
o Intune Policies

o Varonis Configuration
o CSPM/AI Monitoring and the related Sentinel Alerting
o BAU process (playbooks, support, changes)
o Creation of Documentation and Training Material in SCORM 2.0 format in collaboration
with our internal training department

Out of Scope:
 The Contractor System Administrator will not be responsible for
o Application Development
o System Administration
o Network Design, Maintenance and Engineering
o Data Science and Machine Learning
o Cloud or Infrastructure Architecture
o Project Management
o Enterprise IT Governance