What are the responsibilities and job description for the Information System Security Engineer position at DANASTAR Professional Services, LLC?
Senior Azure Security Engineer & O365 – Eastbay Systems
Hybrid – Washington, DC (3 days onsite per week)
Eastbay Systems is expanding our cloud security engineering team and seeking a Senior Azure Security Engineer with deep experience securing Azure and Microsoft 365 environments in compliance-driven government and regulated industries. This is a hybrid role requiring three days onsite each week in Washington, DC. The position is hands-on and architecture-focused, emphasizing Azure security, IAM, automation, NIST CSF 2.0 alignment, and FedRAMP-compliant continuous monitoring.
⸻
Key Responsibilities
• Lead Azure security engineering, hardening, and continuous monitoring aligned to FedRAMP, FISMA/RMF, and NIST CSF 2.0 frameworks.
• Architect secure Azure solutions including identity, networking, segmentation, encryption, automation, and SIEM integrations.
• Engineer IAM controls using Azure AD, Conditional Access, PIM, B2B, and Zero Trust principles mapped to FedRAMP/NIST control families.
• Configure and operationalize Microsoft Sentinel, Defender suite, Secure Score, and Azure-native monitoring/threat detection.
• Build and maintain IaC using Bicep, ARM, Terraform, and automation frameworks such as PowerShell or Ansible.
• Conduct vulnerability assessments (Tenable/Nessus), risk analysis, and remediation aligned to FedRAMP and NIST CSF 2.0 categories.
• Secure and manage Microsoft 365/O365 (including GCC High), Exchange Online, Intune, SharePoint, Teams, DLP/MDM/MAM.
• Document architectures, system baselines, boundary diagrams, and FedRAMP security package content (SSP, POA&M, evidence).
• Provide engineering guidance and mapping to NIST CSF 2.0 Identify/Protect/Detect/Respond/Recover functions.
⸻
Required Skills & Experience
• Extensive hands-on experience in Azure security architecture, NSGs/ASGs, firewalls, encryption, segmentation, and monitoring.
• Deep understanding of FedRAMP, NIST CSF 2.0, and FISMA/RMF requirements.
• Expert-level experience with Azure AD, RBAC, Conditional Access, OAuth, SSO, MFA, and workload identity management.
• Strong background in cloud security operations, SIEM pipelines, Defender/Sentinel, incident response, and threat analytics.
• Infrastructure-as-Code (IaC) experience using Bicep, ARM, Terraform and automation with PowerShell/Ansible.
• Experience with STIGs, CIS Benchmarks, Azure Security Benchmark, and compliance-driven hardening.
• Deep knowledge of Microsoft 365/O365/GCC High security configuration and governance.
• AI automation experience with Copilot, Claude, Gemini, etc. (preferred).
• Certifications such as Azure Solutions Architect Expert, CISSP, AZ-500, SC-100 are a strong plus.
⸻
Bonus / Preferred Experience
• Kubernetes/AKS security
• GCC High and multi-tenant boundary security
• RHEL security administration
• Secure Score remediation automation
• B2B/B2C identity federation
⸻
Role Details
• Job Type: Full-time
• Schedule: Hybrid – 3 days onsite in Washington, DC, 2 days remote
• Benefits: 401(k), health/dental/vision insurance, FSA, PTO