Security Engineer

General Description

The Security Engineer plays a key role in protecting NorthWinds Technology Solutions, its affiliated companies, and its clients by designing, implementing, and maintaining enterprise security solutions. This position focuses heavily on the Microsoft security ecosystem, including endpoint protection, identity security, and related capabilities.

This role is responsible for strengthening the organization’s security posture through proactive monitoring, detection, and response, while working cross-functionally with infrastructure, cloud, and application teams. The Security Engineer will also participate in vulnerability management, incident response, and the ongoing evolution of security architecture and controls.

Core Responsibilities

Security Operations & Monitoring

• Monitor, investigate, and respond to security alerts across Microsoft security and other platforms (Purview, Defender suite, SIEM, Entra ID)
• Analyze logs and telemetry to identify suspicious activities and potential threats
• Support incident response activities, including containment, eradication, and root cause analysis
• Maintain and improve detection rules, analytics, and alert tuning

Microsoft Security Platform

Administer and Optimize:

• Microsoft Defender for Endpoint, Identity, Cloud Apps, and Office 365
• Microsoft Entra ID (Azure AD) security controls and tools
• Microsoft Purview controls and tools

Additional responsibilities:

• Develop and maintain automated workflows and playbooks
• Integrate Microsoft security tools with other enterprise systems

Vulnerability & Risk Management

• Conduct vulnerability assessments and coordinate remediation efforts
• Partner with infrastructure and application teams to prioritize and mitigate risks
• Contribute to risk tracking, reporting, and audit readiness (SOC 2, HIPAA, etc.)

Architecture & Engineering

• Work with the Security Architect to identify and recommend improvements to enterprise security architecture
• Assist with the implementation of security controls across cloud (Azure/AWS) and on-premises environments
• Support identity and access management initiatives, including MFA, conditional access, and least privilege

Compliance & Governance

• Assist with audits, security reviews, and third-party assessments
• Ensure alignment with organizational security policies and regulatory requirements
• Provide input into security standards, procedures, and documentation

Collaboration & Enablement

• Work closely with infrastructure, network, and application teams to embed security controls
• Provide technical guidance and support for security best practices
• Help drive security awareness across engineering teams

Key Skills

• Identity and access management (IAM)
• Network security fundamentals (TCP/IP, firewalls, segmentation, switching, and routing)
• Windows and cloud security principles
• SIEM platforms and operations
• Experience with vulnerability management and remediation processes
• Familiarity with security frameworks and compliance standards (SOC 2, HIPAA, NIST, CIS)
• AWS networking, security configuration, and tools
• Strong analytical, troubleshooting, and problem-solving skills
• Linux terminal and PowerShell experience
• Copilot administration and machine learning familiarity
• Effective communication and collaboration skills

Key Characteristics

• Detail-oriented and proactive in identifying and mitigating risks
• Strong ownership mindset with the ability to drive security initiatives forward
• Collaborative, team-first approach across infrastructure and security functions
• Continuous learner who stays up to date on evolving threats and technologies

Required Qualifications

• 3–5 years of experience in cybersecurity, security engineering, or security operations
• Hands-on experience with Microsoft security technologies, including:
• Microsoft Defender suite (Endpoint, Identity, Cloud Apps, Office 365)
• Microsoft Entra ID (Azure AD) security features and Intune administration
• Experience with endpoint detection and response (EDR/XDR) and SIEM platforms

Preferred Qualifications

• Microsoft certifications (SC-200, SC-300, AZ-500, or equivalent)
• Experience with automation and scripting (PowerShell, Python)
• Exposure to cloud security (Azure and/or AWS)
• Experience implementing conditional access policies and Zero Trust principles
• Knowledge of threat intelligence and detection engineering

Work Conditions

• Participation in an on-call rotation may be required
• Primarily remote work environment
• Limited travel (<5%)