Support for Cloud Security and Compliancy

Summary

Join the NATO Communications and Information Agency (NCIA) Cloud Operations team as a Cloud Security and Compliance Engineer. Support NATO's modernization of IT services by leveraging public cloud technologies (Microsoft Azure, M365, Amazon AWS). Develop and implement comprehensive security policies for the M365 environment, ensuring compliance with regulatory requirements. Manage Microsoft Defender products and services, implement Advanced Threat Protection policies, and conduct regular security assessments. Configure data encryption policies and manage Microsoft Purview for data governance. The role involves security monitoring, reporting, automation, scripting, and user training. This is a remote position requiring a NATO SECRET security clearance.

Requirements

• In-depth knowledge of Microsoft Defender products and services (i.e. Microsoft Defender XDR. Microsoft Defender for Endpoint, Microsoft Defender for office 365, Microsoft Defender for Identity, Microsoft Sentinel)
• Proficiency in scripting and automation tools (e.g., PowerShell, KQL)
• In-depth knowledge of Microsoft Purview for data governance
• Experience in security monitoring and compliancy
• Strong analytical skills to assess and improve security processes and workflows
• Ability to troubleshoot complex security issues and implement effective solutions
• Understanding of security best practices and compliance requirements
• Experience conducting audits and ensuring adherence to regulatory standards
• Excellent communication skills to effectively collaborate with IT teams, stakeholders, and end-users
• Ability to document processes clearly and provide training on Security and Compliancy tools and practices
• Strong organizational skills to manage multiple tasks and priorities effectively
• Attention to detail in managing user accounts, groups, and access controls
• Ability to work effectively as part of a team and share knowledge and resources
• Willingness to collaborate with colleagues to solve complex issues
• The Contractor has strong customer relationship skills, including negotiating complex and sensitive situations under pressure
• Full proficiency in the English language
• Technical Expertise (Minimum 5 years of experience)
• Analytical and Problem-Solving Skills (Minimum 3 years of experience)
• Security and Compliance Knowledge (Minimum 4 years of experience)
• Communication and Collaboration (Minimum 3 years of experience)
• Organizational Skills (Minimum 3 years of experience)
• Team Collaboration (Minimum 2 years of experience)
• NATO SECRET security clearance

Responsibilities

• Develop and implement comprehensive security policies for the M365 environment
• Ensure policies align with organizational and regulatory requirements
• Regularly review and update security policies to address emerging threats
• Communicate and enforce security policies across the organization
• Ensure compliance with regulatory requirements and organizational standards
• Implement and manage data loss prevention (DLP) policies
• Conduct regular compliance audits and risk assessments
• Develop and maintain compliance documentation and records
• Configure and manage Microsoft Defender products and services (i.e. Microsoft Defender XDR. Microsoft Defender for Endpoint, Microsoft Defender for office 365 , Microsoft Defender for Identity, Microsoft Sentinel)
• Implement Advanced Threat Protection (ATP) policies to detect and mitigate threats
• Monitor threat analytics and respond to security incidents
• Conduct regular security assessments and vulnerability scans
• Configure and manage data encryption policies
• Configure and manage Microsoft Purview for data governance
• Ensure data protection policies are applied to sensitive information
• Monitor and report on data protection compliance
• Implement and manage eDiscovery and legal hold processes
• Ensure that data required for legal proceedings is preserved
• Conduct regular audits of eDiscovery and legal hold configurations
• Provide training and support for eDiscovery users
• Monitor the security health of the M365 environment using Microsoft 365 Security Center
• Generate security reports and provide insights for improvement
• Utilize security information and event management (SIEM) tools
• Identify and address security incidents promptly
• Develop and maintain scripts (i.e. PowerShell, KQL) to automate security and compliance tasks
• Implement automated workflows using Power Automate
• Create automated solutions for compliance reporting and monitoring
• Maintain and update existing automation scripts
• Develop and deliver security training programs for end-users
• Promote security awareness and best practices across the organization
• Provide guidance on secure use of M365 tools
• Conduct regular security awareness campaigns
• Stay up-to-date with the latest M365 security and compliance features
• Continuously improve security and compliance processes
• Participate in security and compliance forums and training
• Propose and implement new security measures and enhancements
• Complete the activities/tasks agreed in each sprint meeting as per section 3 above
• Produce sprint completion reports (format: e-mail update) or the formal documentation required per specific task
• The Contractor will participate in the daily reporting and planning activities (daily stand-ups) as well as the required participation in workshops, events and conferences related to the supported services, as requested by the Senior Service Delivery Manager

Preferred Qualifications

French language proficiency is of advantage

Benefits

Off-Site Discount: 5%