-
Deep knowledge of Microsoft M365 platform including Azure Active Directory Identity Protection, Microsoft Defender, Exchange Online Protection, Azure Identity Protection, Data Loss Prevention, Sensitivity Labels, Advanced Threat Protection, Microsoft Intune and Conditional Access Policies, etc.
-
Hands-on experience in implementing Information and Cyber Security in multi-cloud platforms including GCP, Azure and AWS.
-
Hands-on experience with Microsoft Azure platform including Azure Sentinel, Microsoft Cloud App Security, Microsoft 365 Security Centre, Microsoft Security \& Compliance Centre, etc.
-
Hands-on experience in implementing security hardening in cloud-based systems, network, endpoint and cloud infrastructure
-
Build technical solutions and security tools to help mitigate security vulnerabilities and automate repeatable tasks
-
Deliver subject matter expertise of Office 365 with emphasis on security, architectural design, migration, management and support of implementations
-
Provide overall Office 365 security expertise including strong knowledge of Azure Active Directory, Azure Information Protection, Microsoft Enterprise Mobility Security, SharePoint and OneDrive Security and related technologies
-
Develop and implement the overall AD design based on organizational requirements such as AD forest, domains, organizational unit (OU) structures and Establish trust relationships between domains and forests if required
-
Implement and maintain DNS (Domain Name System) for AD, Configure and manage Group Policies to enforce security settings and configurations
-
Subject matter expert of Azure AD Zero Trust components implementation -- Single Sign-On, Conditional Access (SAML, OAuth, etc.), MFA, Azure AD proxy, device authentication and health validation, least privilege access, etc.
-
Strong skills in Microsoft's advanced security and networking services like ExpressRoute, Key Vault, Active Directory, Sentinel, and DDoS Protection to support dynamic and immutable Azure Cloud infrastructure
-
Office 365 tenant
-
Exchange Online Protection
-
SharePoint Online
-
OneDrive for Business
-
Intune (Conditional Access \ MDM \ MAM)
-
Clients (Outlook, Outlook for Mac, IMAP, POP3, Mobile Devices)
-
Permissions (Tenant \ Security \& Compliance Center \ Exchange Online)
-
Data Loss Prevention, Archiving, eDiscovery and Compliance
-
Strong PowerShell scripting skills
-
Strong skills in documenting system configurations, standards and procedures
-
Create and update technical project documentation (i.e. technical and configuration runbook, implementation plan, etc.)
-
Document detailed design and define technical solutions that consider the enterprise architecture strategies, current state environment and constraints
-
Lead and participate in ongoing Office 365 security and strategy discussions
-
Identify opportunities for efficiencies by leveraging automation and other techniques
-
Prepare change requests, plan and coordinate all implementations for production and non-production environments
-
Provides development and L2/L3 production support along with other team members.
-
Collaborates effectively with the development teams to work on and assess defects
-
Stay current of all things Office 365, including changes and updates, roadmap, releases, and third-party solutions
-
Infrastructure as Code
-
ATP
-
Host and End-point Security
-
CASB
-
Active Directory and Azure/Entra Active Directory
-
GCP
-
AWS
-
IAM
-
PAM
-
MFA
-
Enterprise and Integrated DLP, Rights Management
-
PKI -- Internal / External
-
Encryption and Key Management including HSM
-
Email Security
-
Management and Automation Tools
-
Configuration Management
-
Logging, Monitoring and SIEM tools
-
Threat prevention and extraction
-
6 years of hands on working experience in the participation of engineering and design of IaaS/PaaS/SaaS platforms
-
Passionate about evangelizing standards around application and infrastructure security
-
Strong core foundation experience in fundamental cloud technologies and services
-
Education at the bachelor or master level in Computer Science or equivalent technology related experience
-
Excellent knowledge and relevant experience in security domains related to Identity and Access Management, Data Security and Loss Prevention, End Point Protection, Cloud security, Vulnerability and Threat Management, etc.
-
Strong knowledge of Infrastructure Security (Perimeter Security, Network Solutions, hardening etc.), Security of cloud-based services and applications
-
Experienced with security and risk control frameworks related to cloud, including CSA, CIS, NIST, etc.
-
Superior problem solving and decision-making skills to resolve work issues with the ability to work under pressure in a dynamic environment
-
Highly self-motivated, self-directed and attentive to detail
-
Strong communication (verbal/written) and good interpersonal skills to build relationships with internal and external business partners and vendors
-
Strong desire to implement change and contribute to the organization
-
One or more industry recognized information security professional designations (e.g. CISSP, CISA, etc.) is an asset
-
Experience with implementing Privileged Access Management products or solutions to large enterprise organizations is an asset
-
Knowledge of the Financial Services industry is a definite asset
