We are seeking a highly skilled Principal Microsoft 365 Security & Compliance Engineer with deep expertise in implementing, managing, and optimizing security controls across our Microsoft ecosystem. The ideal candidate will have extensive hands-on experience with Microsoft Purview, Defender for Endpoint, Azure Active Directory (Entra) Identity Protection, Intune security configurations, and Jamf Pro security management. This role requires demonstrated proficiency in security policy implementation, compliance frameworks, data loss prevention (DLP), and advanced PowerShell scripting for security automation. The successful candidate will drive our security strategy and implement robust compliance protocols across our diverse technology landscape with a focus on protecting sensitive data and maintaining regulatory compliance. **In this role, you will...** **Security & Compliance Management** + Design, implement, and maintain comprehensive Data LossPrevention (DLP) policies across Microsoft 365, including + Exchange Online,SharePoint Online, OneDrive, and Teams + Lead the implementation of Microsoft Purview InformationProtection for data classification, labeling, and protection across theorganization + Develop and enforce Conditional Access and Zero Trust securitypolicies to secure access to corporate resources + Ensure compliance with regulatory requirements including HIPAA,FedRAMP, SOC II, GDPR, and CCPA + Create and maintain security baselines and hardening policiesfor Windows and macOS endpoints per NIST 800-171 requirements + Conduct regular security assessments and compliance audits ofMicrosoft 365 environments + Lead the implementation of SDLC practices for secure systemsimplementation and integration **Endpoint Security Management** + Implement and maintain advanced security configurations in JamfPro for macOS fleet, including security policies, + restrictions, andcompliance reporting + Configure and manage Microsoft Defender for Endpoint across allplatforms, including threat and vulnerability + management, attack surfacereduction, and response actions + Design and implement secure Mobile Application Management (MAM)policies to protect corporate data on mobile devices + Create and enforce endpoint encryption policies for all manageddevices + Implement secure configurations for USB device control andexternal media protection + Develop and maintain endpoint security reporting and compliancedashboards **Identity & Access Security** + Implement and manage Azure AD Identity Protection to identify,investigate, and remediate identity-based risks + Configure and maintain Multi-Factor Authentication (MFA) andPasswordless Authentication strategies + Design and implement Privileged Access Management solutions foradministrative accounts + Create and maintain secure access policies for all corporateapplications and resources + Implement and maintain security for SharePoint advancedpermissions management + Ensure proper separation of duties and least privilege accessprinciples across all systems **Security Integration & Automation** + Develop Advanced PowerShell scripts to automate securitymonitoring, reporting, and remediation + Create integrations using Microsoft Graph API for security datacorrelation and analysis + Implement security log collection and analysis across Microsoft365 services + Design and implement security integrations between Microsoftsecurity tools and third-party solutions + Automate security compliance reporting and vulnerabilityremediation workflows + Integrate enterprise search solutions like Glean with DLPinfrastructure to ensure search results comply with security policies **Security Operations** + Monitor and respond to security incidents and alerts fromMicrosoft 365 Defender suite + Provide expert-level troubleshooting for security-relatedissues across the Microsoft ecosystem + Develop and maintain security incident response procedures + Collaborate with IT operations teams to ensure security bestpractices are followed + Provide security guidance and consultation for new technologyimplementations + Create and deliver security awareness training for end users **You've Got What It Takes If You Have...** + 7+ years of experience implementing and managing securitysolutions within Microsoft 365 environments + Deep expertise with Microsoft Purview compliance solutions andData Loss Prevention (DLP) implementation + Extensive experience with Microsoft Defender for Endpoint andadvanced threat protection + Advanced knowledge of Azure Active Directory security features,including Conditional Access and Identity Protection + Strong experience with Jamf Pro security management forenterprise macOS environments + Experience implementing and managing Intune security policiesfor Windows and mobile devices + Thorough understanding of compliance frameworks includingHIPAA, FedRAMP, SOC II, and GDPR + Advanced proficiency in PowerShell scripting for securityautomation and compliance reporting + Experience with Microsoft Graph API for security management andreporting + Bachelor's degree in cybersecurity, information systems, orrelated field (or equivalent experience) **Extra dose of awesome if you have...** + CompTIA Security+ certification + Certified Information Systems Security Professional (CISSP)certification + Microsoft 365 Certified: Security Administrator Associate orMicrosoft 365 Certified: Enterprise Administrator Expert + Experience implementing Zero Trust security architectures + Familiarity with cloud SIEM solutions such as MicrosoftSentinel + Experience with security automation and orchestration + Strong verbal and written communication skills with ability totranslate technical security concepts to non-technical stakeholders + This position is critical for maintainingour security posture and compliance status across our Microsoft environment andrequires a candidate who can balance robust security controls with businessoperational needs. \#LI-Onsite Equal Employment Opportunity has been, and will continue to be, a fundamental commitment at Cornerstone OnDemand. All qualified applicants are given consideration regardless of race, color, gender, age, sexual orientation, national origin, marital status, citizenship status, disability, veteran status, or any other protected class as provided in applicable Federal, State, or Local fair employment laws. If you have a disability or special need that requires accommodation, please contact us at [email protected]