Cybersecurity & Compliance Administrator

Microsoft Purview Administration (Compliance & Data Governance) • Configure and manage Purview capabilities to support compliance objectives, including data classification and labeling, data loss prevention (DLP), retention and deletion policies, eDiscovery workflows, and compliance reporting. • Develop and maintain Purview‑derived compliance artifacts and evidence outputs to support assessments, audits, due diligence, and continuous monitoring aligned to CMMC 2.0 Level 2 and NIST SP 800‑171. • Define and operate data retention and deletion procedures, integrating with Purview retention controls where appropriate Microsoft Defender Administration (Threat Protection & Security Operations) • Configure, tune, and operate Microsoft Defender security controls across identity, endpoints, email/collaboration, and cloud applications, consistent with licensing and compliance scope. • Monitor alerts, investigate suspicious activity, and drive remediation actions; reducing noise through continuous tuning and improvements. • Establish and maintain detection and response playbooks, including alert triage, escalation paths, documentation requirements, and post-incident follow-up. Incident Response & Threat Prevention • Own and maintain the Security Incident Response Plan, including severity definitions, roles and responsibilities, evidence handling, escalation paths, and internal/external communication procedures. • Lead security incident response from identification through containment, eradication, recovery, and lessons learned. • Perform root-cause analysis and coordinate corrective actions with IT administrative staff and relevant stakeholders. • Proactively implement threat prevention measures: hardening, secure configuration baselines, conditional access/MFA enforcement support, and policy-driven risk reduction. • Maintain an incident register covering actual, attempted, and suspected security incidents (including phishing attempts), investigations performed, and outcomes. Compliance Enablement (CMMC L2 / NIST Controls) • Maintain the System Security Plan (SSP) and Plan of Actions & Milestones (POA&M) for in‑scope systems, ensuring clear implementation statements, ownership, and evidence references. • Support definition and maintenance of the CUI boundary, including systems, users, endpoints, networks, and data flows. • Translate CMMC and NIST control requirements into concrete configurations, procedures, and ongoing monitoring activities across Microsoft 365, on‑prem infrastructure, and restricted or air‑gapped environments. • Collect, organize, and maintain audit‑ready evidence to support internal assessments, customer diligence, and third‑party assessments. • Define and maintain a centralized logging strategy (SIEM) spanning cloud and on‑prem environments, including ingestion of logs from identity systems, endpoints, email, servers, firewalls, VPNs, and IDS/IPS platforms. On‑Prem & Air‑Gapped Security • Establish and operate secure data transfer procedures for air‑gapped and restricted environments, including removable media governance, integrity validation, malware scanning, and chain‑of‑custody documentation. • Partner with Network Architecture to design and maintain secure monitoring architectures for restricted and air‑gapped environments, including TAP/SPAN placement, IDS deployment, and segmentation alignment with OT/ICS security best practices Security Engineering & Integrations • Support integrations between cloud-based services and the Microsoft security/compliance ecosystem (e.g., log sources, alerting, ticketing workflows, SSO/identity integrations). • Contribute to automation where appropriate (e.g., scheduled scripts, workflows, or playbook-style response actions). Cross-Functional Collaboration & Communication • Work closely with IT and engineering teams to ensure smooth operations and secure-by-default practices. • Document, categorize, and prioritize security issues to ensure efficient escalation and resolution. • Enforce approved security, compliance, and privacy policies and contribute to ongoing policy development and improvement. • Collaborate with Network Architecture on secure network design, segmentation strategy, and enforcement controls including firewall policy, IDS/IPS, and Zero Trust network principles. • Collaborate with Network Architecture on secure network design, segmentation strategy, and enforcement controls including firewall policy, IDS/IPS, and Zero Trust network principles • Implement privacy impact assessments (PIAs) for new systems or processes involving personal data. • Partner with Legal and HR to document the company’s GDPR and CCPA applicability position, including the basis where such laws do not apply. • Support inclusion of appropriate data privacy and security terms in third‑party contracts and service agreements.
• Education: Bachelor’s degree (or equivalent practical experience) in information technology, cybersecurity, information systems, or a related field. • Experienece: 7+ years of experience in security administration, security operations, compliance operations, or adjacent IT roles with direct security responsibility. • Demonstrated hands‑on experience administering Microsoft 365 security and compliance services, including Microsoft Purview and Microsoft Defender in an enterprise environment. • Proven background in security incident response, investigation, and documentation in regulated or high‑risk environments. • Working knowledge of system security best practices, access control, secure configuration, and audit logging. • Strong written and verbal communication skills; able to translate technical security risk into clear, actionable steps and documentation. • Comfortable operating as a self‑directed individual contributor in a fast‑paced and evolving environment. • Excellent technical and interpersonal communication skills; able to translate security risk into actionable steps. • Comfortable in a fast-paced, dynamic, and ambiguous environment. • Positive attitude, strong ownership mindset, strong professional judgement and ability to earn trust and maintain professional relationships. • Must be a U.S. citizen or national, U.S. permanent resident (current Green Card holder), or lawfully admitted into the U.S. as a refugee of granted asylum
• Direct experience implementing or operating CMMC Level 2 and/or NIST SP 800‑171 controls, including evidence collection and assessment preparation. • Experience with centralized logging or SIEM platforms and detection playbook development. • Experience with cloud-based service integrations (webhooks/REST APIs) and security-relevant automation. • Experience with security-related scripting/automation practices and languages (Python, JavaScript, Ansible, SOAR‑style workflows etc.). • Familiarity with hybrid cloud and on‑prem infrastructure in regulated environments, including air‑gapped networks.