Microsoft 365/Azure Security Analyst (Back-Office, L1–L2)

We’re adding a back-office security analyst to our Microsoft cloud team. You’ll harden and operate Microsoft 365 and Azure security controls with a focus on Exchange Online, DLP/encryption, Conditional Access, and Microsoft Defender. This is an individual-contributor role with no customer calls; you’ll collaborate with the security team, work independently day-to-day, and get structured training where needed.

what you’ll do
Security operations:
* Monitor and respond to alerts across Microsoft Defender for Endpoint, Defender for Office 365, Identity, and Cloud Apps
* Triage, document, and escalate incidents following playbooks; contribute to tuning and suppression rules
* Run periodic threat hunting and hygiene checks (exposed mail rules, risky sign-ins, legacy auth, stale devices)

Exchange Online & mail security:
* Administer anti-spam/anti-phish policies, Safe Links/Safe Attachments, transport rules, and mailbox security baselines
* Review and remediate risky mailbox configurations and forwarding; maintain quarantine and user-reported phishing workflows

Data protection:
* Operate and tune DLP policies for Exchange/SharePoint/OneDrive/Teams
* Manage sensitivity labels, encryption, and auto-labeling policies; validate protection on real content samples

Identity & access:
* Build, test, and iterate Conditional Access policies (MFA, device state, location, risk) with break-glass safeguards
* Assist with identity hygiene: risky users/sign-ins, role reviews, app consent, legacy protocols, privileged access checks

Devices & apps (light Intune):
* Enforce core baselines: disk encryption, firewall, AV/EDR, OS patch posture, blocked apps
* Help with onboarding devices into Intune and Defender for Endpoint; validate sensor health and exposure scores

your toolkit
* Microsoft 365 E5 security stack: Defender for Endpoint, Office 365, Identity, Cloud Apps; Purview DLP/Labels
* Azure AD (Entra ID) core security: CA policies, risky sign-ins, app registrations/permissions
* Exchange Online Protection (EOP), Advanced Threat Protection policies
* Intune device compliance and configuration (foundational exposure)
* KQL/Sentinel familiarity is a plus (nice to have)

what you already know
Must-haves
* 1–3 years in Microsoft 365/Azure administration or security operations (helpdesk to L1 SOC experience fits)
* Hands-on with Exchange Online security features and mail flow troubleshooting
* Comfortable creating/tuning Conditional Access and DLP/sensitivity label policies
* Working knowledge of Defender for Endpoint and Defender for Office 365 alert triage
* Clear written communication and habit of documenting steps and outcomes

Nice to have
* Basic KQL for queries and hunting; Sentinel or similar SIEM exposure
* Intune device compliance/config profiles; Autopilot basics
* Experience with Secure Score and identity governance reviews

how we work
Work type: back-office, no customer calls
Schedule: full-time preferred; part-time considered for strong candidates
Collaboration: async updates, ticket-driven tasks, weekly team sync
Training: playbooks, shadowing on complex changes, access to labs and learning paths