Job Description
About the role
We are looking for a Cloud Security and Integrations Engineer with expertise in Microsoft 365 security, cloud integration, and identity management to join our rapidly growing company. You will play a pivotal role in safeguarding our organisation's cloud infrastructure, maintaining robust security configurations, and enabling seamless integration between our various systems.
You will also be monitoring and enhancing our Microsoft 365 security posture, managing cloud-based identity solutions, and implementing secure system integrations, whilst working closely with stakeholders throughout Sibylline and with external partners. You will collaborate with the Microsoft 365 Architect and other teams across the company to implement robust security measures, design and deploy automated processes, and establish secure integrations with third-party applications.
Additionally, you will be supporting incident response activities, contributing to compliance efforts, and driving security awareness across the organisation. This position requires a security-focused mindset with particular emphasis on cloud security best practices and zero-trust principles.
Responsibilities
* Monitor, assess, and enhance Microsoft 365 security configurations across the entire tenant - Including, but not limited to, Azure, Defender, Entra, Intune, and 3rd party software
* Support the Microsoft 365 Architect with research and implementation of cloud systems
* Implement and manage data loss prevention (DLP) policies, sensitivity labels, and advanced threat protection measures
* Conduct regular security assessments of Microsoft 365 environment to identify and remediate potential security gaps
* Design and implement Conditional Access policies that seek to harden security standards while maintaining staff accessibility
* Evaluate, integrate, and onboard 3rd party software with appropriate security policies and SSO configuration
* Conduct periodic reviews of 3rd party software integrated with Microsoft 365
* Develop and maintain secure integrations and automated workflows between Microsoft 365 and other business-critical applications
* Implement security controls for data flows between integrated systems
* Provide weekly updates to the Director of Tech and the wider team regarding recent security incidents, or any new vulnerabilities that need to be addressed
* Monitor security logs and alerts from Microsoft 365 Defender suite and track remediation of identified security issues
* Create regular security reports for technical and non-technical stakeholders
* Conduct and support internal audit efforts related to ISO-27001, Cyber Essentials, regular security audits of cloud configurations and any other relevant frameworks
* Develop and maintain security policies and procedures for cloud environments
* Respond to and investigate security incidents related to cloud environments and M365 and develop incident response playbooks for common cloud security scenarios.
Requirements
* Minimum 3 years of experience in cloud security, with specific focus on Microsoft 365 security and administration
* Relevant certifications such as Microsoft Certified: Security, Compliance, and Identity Fundamentals, Microsoft 365 Certified: Security Administrator Associate, or similar certifications
* Demonstrated expertise in Azure Active Directory/Entra ID, Single Sign-On (SSO) implementation, and identity management
* Strong experience configuring and managing Microsoft Defender for Office 365, Defender for Endpoint, and other M365 security components
* Experience with Conditional Access policies and implementing zero-trust security principles
* Hands-on experience integrating Microsoft 365 with third-party applications and implementing appropriate security controls
* Experience with Microsoft Intune for device management and security
* Understanding of data protection regulations and compliance requirements (particularly ISO-27001 and Cyber Essentials)
* Experience monitoring and responding to security alerts and incidents
* Knowledge of cloud security best practices and frameworks
* Ability to communicate security concepts effectively to both technical and non-technical audiences
* Strong analytical and problem-solving skills
* Experience with audit and compliance initiatives.
Nice to have
* Additional certifications such as Certified Information Systems Security Professional (CISSP), Microsoft Certified: Azure Security Engineer Associate, or Certified Cloud Security Professional (CCSP)
* Experience with cloud security posture management tools
* Knowledge of secure API integration principles
* Experience with cloud-based SIEM solutions, particularly Microsoft Sentinel.
Additional Information
Interview Process
* Initial call with our Talent Acquisition team member
* Interview with the hiring manager
* Panel interview with some of the team members and hiring managers at Sibylline
Research indicates that certain groups are less likely to apply for a position unless they meet every single requirement. If you feel you meet some of the requirements and can offer a unique perspective to this role, we strongly encourage you to apply—you might be the perfect fit we're looking for!
Sibylline is committed to the recruitment and selection of candidates without regard for sexual orientation, gender, ethnicity, age, political beliefs, culture and lifestyle. We are committed to fostering a business culture that reflects these values and promotes equal opportunity.