What are the responsibilities and job description for the Security Engineer (Microsoft 365 Security & Detection) position at Platform Accounting Group?
Description
Due to continuing growth, we are seeking a Security Engineer focused on securing and monitoring a Microsoft 365–centric environment. This role is responsible for detecting and responding to threats across Entra ID (Azure AD), Microsoft Defender, Intune-managed endpoints, and Microsoft 365 services including Exchange Online, SharePoint, and Teams.
You will play a key role in improving visibility, strengthening access controls, and building scalable detection and response capabilities across cloud and endpoint systems.
Who we are:
Platform Accounting Group is a rapidly growing professional services firm providing tax, accounting, assurance, IT consulting, and wealth management services to small and medium sized businesses and their owners. We currently have 50 offices across 15 states with much more growth on the horizon. Enjoy a professional and dynamic work environment while making work/life balance a priority.
What you will do:
Core Knowledge & Experience
Due to continuing growth, we are seeking a Security Engineer focused on securing and monitoring a Microsoft 365–centric environment. This role is responsible for detecting and responding to threats across Entra ID (Azure AD), Microsoft Defender, Intune-managed endpoints, and Microsoft 365 services including Exchange Online, SharePoint, and Teams.
You will play a key role in improving visibility, strengthening access controls, and building scalable detection and response capabilities across cloud and endpoint systems.
Who we are:
Platform Accounting Group is a rapidly growing professional services firm providing tax, accounting, assurance, IT consulting, and wealth management services to small and medium sized businesses and their owners. We currently have 50 offices across 15 states with much more growth on the horizon. Enjoy a professional and dynamic work environment while making work/life balance a priority.
What you will do:
- Monitor and investigate alerts across Microsoft Defender (Defender for Endpoint, Defender for Identity, Defender for Office 365) and associated security platforms
- Analyze Entra ID (Azure AD) sign-in logs, audit logs, and risky sign-in activity to identify potential account compromise or misuse
- Respond to security incidents involving endpoints, identities, email, and collaboration platforms
- Tune and optimize detection rules, alert thresholds, and signal-to-noise ratios within SIEM and Microsoft security tools
- Perform log analysis and basic threat hunting using tools such as Microsoft Sentinel, Defender Advanced Hunting, and audit logs
- Implement and validate Conditional Access policies, MFA enforcement, and identity protection controls
- Support endpoint security through Intune and Defender for Endpoint, including policy enforcement, device compliance, and response actions
- Collaborate with IT to harden Microsoft 365 configurations (Exchange Online, SharePoint, Teams) and reduce attack surface
- Support vulnerability management by identifying gaps and coordinating remediation across systems and endpoints
- Maintain clear and audit-ready documentation of incidents, controls, and response activities
- Assist with eDiscovery, audit requests, and compliance-related investigations when required
- Identify gaps in monitoring, coverage, or controls and recommend improvements to security architecture
Core Knowledge & Experience
- Strong understanding of Microsoft 365 security architecture, including Entra ID, Exchange Online, SharePoint, and Teams
- Experience with Microsoft Defender security stack (Defender for Endpoint, Office 365, Identity, or Cloud Apps)
- Familiarity with identity security concepts such as MFA, Conditional Access, and identity risk
- Experience with endpoint management and security using Microsoft Intune or similar platforms
- Working knowledge of incident response processes and common attack techniques (phishing, credential abuse, lateral movement)
- Log analysis and threat hunting using Microsoft Sentinel or Defender Advanced Hunting (KQL experience preferred)
- Experience configuring and tuning alerts in SIEM, EDR, or cloud-native security tools
- Scripting or automation using PowerShell, KQL, or Python
- Experience with email security, phishing analysis, and investigation within Exchange Online
- Ability to investigate and document security incidents with clarity and precision
- Strong communication skills with both technical and non-technical stakeholders
- Ability to collaborate across IT, infrastructure, and compliance teams
- Strong ownership mindset and ability to drive issues through resolution
- Continuous learning mindset with interest in cloud security and advanced detection
- Experience with Microsoft Purview (compliance, audit, or eDiscovery)
- Familiarity with regulatory or compliance frameworks (e.g., SOC 2, GLBA, HIPAA)
- Exposure to automation, detection engineering, or security orchestration (SOAR)
- Experience supporting security operations in a cloud-first or hybrid environment
- Experience with AVD and Azure infrastructure
- Opportunity for advancement within a rapidly growing professional services firm
- Competitive compensation
- 401(k) and medical benefits