Platform Accounting Group logo

Security Engineer (Microsoft 365 Security & Detection)

Platform Accounting Group
21 hours ago
Full-time
On-site
Cottonwood Heights, Utah, United States

Description

Due to continuing growth, we are seeking a Security Engineer focused on securing and monitoring a Microsoft 365–centric environment. This role is responsible for detecting and responding to threats across Entra ID (Azure AD), Microsoft Defender, Intune-managed endpoints, and Microsoft 365 services including Exchange Online, SharePoint, and Teams.

You will play a key role in improving visibility, strengthening access controls, and building scalable detection and response capabilities across cloud and endpoint systems.


Who we are:

Platform Accounting Group is a rapidly growing professional services firm providing tax, accounting, assurance, IT consulting, and wealth management services to small and medium sized businesses and their owners. We currently have 50+ offices across 15 states with much more growth on the horizon. Enjoy a professional and dynamic work environment while making work/life balance a priority.


What you will do:

  • Monitor and investigate alerts across Microsoft Defender (Defender for Endpoint, Defender for Identity, Defender for Office 365) and associated security platforms
  • Analyze Entra ID (Azure AD) sign-in logs, audit logs, and risky sign-in activity to identify potential account compromise or misuse
  • Respond to security incidents involving endpoints, identities, email, and collaboration platforms
  • Tune and optimize detection rules, alert thresholds, and signal-to-noise ratios within SIEM and Microsoft security tools
  • Perform log analysis and basic threat hunting using tools such as Microsoft Sentinel, Defender Advanced Hunting, and audit logs
  • Implement and validate Conditional Access policies, MFA enforcement, and identity protection controls
  • Support endpoint security through Intune and Defender for Endpoint, including policy enforcement, device compliance, and response actions
  • Collaborate with IT to harden Microsoft 365 configurations (Exchange Online, SharePoint, Teams) and reduce attack surface
  • Support vulnerability management by identifying gaps and coordinating remediation across systems and endpoints
  • Maintain clear and audit-ready documentation of incidents, controls, and response activities
  • Assist with eDiscovery, audit requests, and compliance-related investigations when required
  • Identify gaps in monitoring, coverage, or controls and recommend improvements to security architecture

What we look for:

Core Knowledge & Experience

  • Strong understanding of Microsoft 365 security architecture, including Entra ID, Exchange Online, SharePoint, and Teams
  • Experience with Microsoft Defender security stack (Defender for Endpoint, Office 365, Identity, or Cloud Apps)
  • Familiarity with identity security concepts such as MFA, Conditional Access, and identity risk
  • Experience with endpoint management and security using Microsoft Intune or similar platforms
  • Working knowledge of incident response processes and common attack techniques (phishing, credential abuse, lateral movement)

Technical Skills (One or More of the Following)

  • Log analysis and threat hunting using Microsoft Sentinel or Defender Advanced Hunting (KQL experience preferred)
  • Experience configuring and tuning alerts in SIEM, EDR, or cloud-native security tools
  • Scripting or automation using PowerShell, KQL, or Python
  • Experience with email security, phishing analysis, and investigation within Exchange Online

Operational & Behavioral Skills

  • Ability to investigate and document security incidents with clarity and precision
  • Strong communication skills with both technical and non-technical stakeholders
  • Ability to collaborate across IT, infrastructure, and compliance teams
  • Strong ownership mindset and ability to drive issues through resolution
  • Continuous learning mindset with interest in cloud security and advanced detection

Preferred, but Not Required

  • Experience with Microsoft Purview (compliance, audit, or eDiscovery)
  • Familiarity with regulatory or compliance frameworks (e.g., SOC 2, GLBA, HIPAA)
  • Exposure to automation, detection engineering, or security orchestration (SOAR)
  • Experience supporting security operations in a cloud-first or hybrid environment
  • Experience with AVD and Azure infrastructureΒ 

What we offer:

  • Opportunity for advancement within a rapidly growing professional services firm
  • Competitive compensation
  • 401(k) and medical benefits