Security Engineer (Microsoft 365 Security & Detection)

Due to continuing growth, we are seeking a Security Engineer focused on securing and monitoring a Microsoft 365–centric environment. This role is responsible for detecting and responding to threats across Entra ID (Azure AD), Microsoft Defender, Intune-managed endpoints, and Microsoft 365 services including Exchange Online, SharePoint, and Teams.

You will play a key role in improving visibility, strengthening access controls, and building scalable detection and response capabilities across cloud and endpoint systems.

Who we are:

Platform Accounting Group is a rapidly growing professional services firm providing tax, accounting, assurance, IT consulting, and wealth management services to small and medium sized businesses and their owners. We currently have 50+ offices across 15 states with much more growth on the horizon. Enjoy a professional and dynamic work environment while making work/life balance a priority.

What you will do:

• Monitor and investigate alerts across Microsoft Defender (Defender for Endpoint, Defender for Identity, Defender for Office 365) and associated security platforms
• Analyze Entra ID (Azure AD) sign-in logs, audit logs, and risky sign-in activity to identify potential account compromise or misuse
• Respond to security incidents involving endpoints, identities, email, and collaboration platforms
• Tune and optimize detection rules, alert thresholds, and signal-to-noise ratios within SIEM and Microsoft security tools
• Perform log analysis and basic threat hunting using tools such as Microsoft Sentinel, Defender Advanced Hunting, and audit logs
• Implement and validate Conditional Access policies, MFA enforcement, and identity protection controls
• Support endpoint security through Intune and Defender for Endpoint, including policy enforcement, device compliance, and response actions
• Collaborate with IT to harden Microsoft 365 configurations (Exchange Online, SharePoint, Teams) and reduce attack surface
• Support vulnerability management by identifying gaps and coordinating remediation across systems and endpoints
• Maintain clear and audit-ready documentation of incidents, controls, and response activities
• Assist with eDiscovery, audit requests, and compliance-related investigations when required
• Identify gaps in monitoring, coverage, or controls and recommend improvements to security architecture

What we look for:

Core Knowledge & Experience

• Strong understanding of Microsoft 365 security architecture, including Entra ID, Exchange Online, SharePoint, and Teams
• Experience with Microsoft Defender security stack (Defender for Endpoint, Office 365, Identity, or Cloud Apps)
• Familiarity with identity security concepts such as MFA, Conditional Access, and identity risk
• Experience with endpoint management and security using Microsoft Intune or similar platforms
• Working knowledge of incident response processes and common attack techniques (phishing, credential abuse, lateral movement)

Technical Skills (One or More of the Following)

• Log analysis and threat hunting using Microsoft Sentinel or Defender Advanced Hunting (KQL experience preferred)
• Experience configuring and tuning alerts in SIEM, EDR, or cloud-native security tools
• Scripting or automation using PowerShell, KQL, or Python
• Experience with email security, phishing analysis, and investigation within Exchange Online

Operational & Behavioral Skills

• Ability to investigate and document security incidents with clarity and precision
• Strong communication skills with both technical and non-technical stakeholders
• Ability to collaborate across IT, infrastructure, and compliance teams
• Strong ownership mindset and ability to drive issues through resolution
• Continuous learning mindset with interest in cloud security and advanced detection

Preferred, but Not Required

• Experience with Microsoft Purview (compliance, audit, or eDiscovery)
• Familiarity with regulatory or compliance frameworks (e.g., SOC 2, GLBA, HIPAA)
• Exposure to automation, detection engineering, or security orchestration (SOAR)
• Experience supporting security operations in a cloud-first or hybrid environment
• Experience with AVD and Azure infrastructure 

What we offer:

• Opportunity for advancement within a rapidly growing professional services firm
• Competitive compensation
• 401(k) and medical benefits