Senior Security Cyber Engineer
Encompass Digital Media
Role Overview
The Senior Cyber Security Engineer serves as a hands-on Subject Matter Expert (SME) responsible for the operational oversight and administration of enterprise cybersecurity technologies within a Microsoft-centric environment. This is a technology ownership role with no direct people management responsibilities. The position focuses on maintaining platform effectiveness, supporting incident response activities, and ensuring security controls operate reliably and efficiently.
This role collaborates closely with an external Security Operations Center (SOC) and internal IT teams to support a secure, stable, and compliant environment.
About the Team & Environment
You will join a tight-knit global IT team with low turnover and strong collaboration across infrastructure, user support, and security disciplines. The organization operates within a mature security framework, supported by established policies, tested procedures, and executive leadership that values cybersecurity as a core business function.
The environment is generally proactive, structured, and watchful—focused on prevention, monitoring, and continuous improvement rather than constant firefighting. At the same time, the team maintains the skills, tools, and discipline necessary to respond effectively when incidents occur.
This role is positioned within a stable organization that values operational excellence, accountability, and steady advancement in security maturity.
Key Responsibilities
- Serve as the operational SME for enterprise cybersecurity platforms, including endpoint protection, identity security, zero trust controls, and SIEM technologies.
- Administer and support the Microsoft security stack, including Microsoft Defender (Endpoint, Cloud, Identity), Microsoft Sentinel (incident investigation, log analysis, KQL query support), Microsoft Entra ID (authentication, Conditional Access, access governance), Microsoft Intune (endpoint security configuration and MDM), and Microsoft Purview (DLP and information protection support).
- Participate directly in escalated or complex security incidents, engaging hands-on within Sentinel and Defender as needed for investigation and root cause analysis.
- Collaborate with an external SOC provider to review escalations, support investigations, refine detection workflows, and improve operational effectiveness.
- Support Zero Trust implementation leveraging Zscaler (ZIA/ZPA) and assist with secure access troubleshooting.
- Serve as an escalation point to User Support Services for advanced security-related issues, including endpoint alerts, authentication anomalies, and policy conflicts.
- Support Azure security monitoring activities, including Azure Firewall logs, VNet-related telemetry, and log integration into Microsoft Sentinel.
- Assist in patch governance oversight and validation of endpoint security configurations.
- Participate in internal and external audit activities by providing documentation and operational evidence supporting the effectiveness of security controls.
- Uphold policies and procedures aligned with recognized security frameworks such as CISA guidance, ISO standards, and MITRE ATT&CK.
- Utilize ticketing systems to document, track, and report on activities.
- Maintain awareness of evolving cybersecurity threats and recommend practical operational improvements.
Required Experience & Technical Qualifications
- 5–7+ years of progressive cybersecurity experience in enterprise environments, with at least 3 years directly administering Microsoft security technologies.
- Demonstrated hands-on experience operating and supporting Microsoft Defender for Endpoint (alert investigation, device isolation, remediation workflows), Microsoft Sentinel (incident review, log analysis, basic-to-intermediate KQL query development), Microsoft Entra ID (Conditional Access policies, MFA enforcement, identity security troubleshooting), Microsoft Intune (endpoint security policies, device compliance, MDM configuration), and Microsoft Purview (DLP policy support and data protection controls).
- Practical experience investigating security incidents, including reviewing SIEM and EDR alerts, correlating identity, endpoint, and network telemetry, performing root cause analysis, and supporting containment and remediation activities.
- Experience working within a Microsoft 365 / Azure cloud environment, including Azure Firewall log review, VNet security fundamentals, and integration of cloud logs into Microsoft Sentinel.
- Working knowledge of Zero Trust principles and experience supporting secure access platforms such as Zscaler (ZIA/ZPA) or equivalent.
- Experience collaborating with a third-party SOC, including reviewing escalations, validating alert quality, and refining response workflows.
- Working knowledge of Layer 2 and Layer 3 networking concepts, including troubleshooting related to firewalls, routing, segmentation, and secure remote access.
- Experience supporting audit activities by gathering technical evidence and validating operational control effectiveness.
Preferred Certifications
- Microsoft security certifications such as SC-200 (Security Operations Analyst), SC-300 (Identity and Access Administrator), or SC-100 (Cybersecurity Architect).
- GIAC certifications aligned to security operations or incident response (e.g., GCIH, GCED).
- Relevant SANS training in incident response, detection engineering, or Microsoft security operations.
- CISSP or other advanced cybersecurity certifications are considered a plus but not required.
What Success Looks Like
- Achieves full operational ownership of the organization’s cybersecurity platforms and controls within a Microsoft-centric environment.
- Demonstrates comprehensive understanding and confident administration of Microsoft Defender, Sentinel, Entra ID, Intune, Purview, and Zero Trust technologies.
- Independently manages and supports core security systems and controls, engaging vendors and the external SOC appropriately while maintaining internal accountability.
- Effectively leads or supports escalated incident investigations, including log analysis, KQL query development, telemetry correlation, and root cause analysis.
- Establishes strong operational alignment with the external SOC provider, ensuring efficient escalation handling and continuous improvement of detection and response processes.
- Validates that security controls are functioning as intended and proactively identifies opportunities to strengthen operational effectiveness.
- Serves as a reliable technical escalation point for internal IT teams on security-related matters.
- Contributes to the organization’s next phase of cybersecurity maturity by identifying practical enhancements to tools, processes, and monitoring capabilities.