At a Glance
- Tasks: Investigate and remediate identity-based attack paths using cutting-edge security tools.
- Company: Join a forward-thinking tech company focused on security and governance.
- Benefits: Competitive salary, flexible working options, and opportunities for professional growth.
- Other info: Dynamic team environment with excellent career advancement opportunities.
- Why this job: Make a real impact in cybersecurity while working with the latest technologies.
- Qualifications: Experience in security tools and a passion for protecting digital identities.
The predicted salary is between 60000 - 80000 € per year.
M365 Entra Security investigates identity‑based attack paths (DCSync, Golden Ticket, Pass‑the‑Hash) and remediates exposures. Operates Defender for Cloud Apps for SaaS discovery, OAuth app governance, conditional access app control (reverse proxy), session policies, and shadow IT reporting. Investigates alerts and incidents in the Defender XDR portal using KQL advanced hunting; builds custom detections, suppression rules, and automated playbooks.
SIEM and SOAR - Microsoft Sentinel: Operates Microsoft Sentinel for the estate, including data connectors (M365, Entra, Defender XDR, Azure Activity, Office 365, Threat Intelligence, Syslog/CEF), workspace architecture, retention, and cost optimisation. Authors analytics rules (scheduled, NRT, Fusion, Microsoft Security), builds watchlists, threat intelligence integrations (TAXII / MISP), and User Entity Behaviour Analytics (UEBA). Develops KQL detection content aligned to MITRE ATT, operates hunting queries, bookmarks, and incident investigation graphs. Builds SOAR automation using Azure Logic Apps playbooks for incident enrichment, containment (e.g., disable user, force password reset, isolate device), and notification. Operates the 24/7 Sentinel‑based monitoring stack in collaboration with the NOC analyst function.
Information Protection and Data Governance - Microsoft Purview: Designs and operates Microsoft Purview Information Protection, including sensitivity labels, label policies, auto‑labelling (client and service‑side), encryption with rights management, and co‑authoring on encrypted documents. Builds and tunes Data Loss Prevention (DLP) policies for Exchange, SharePoint, OneDrive, Teams chat, Endpoint DLP, and Power Platform; manages policy tips, overrides, and incident review. Operates Insider Risk Management policies, content explorer, activity explorer, and communication compliance where in scope. Designs retention policies, retention labels, and records management aligned to the customer's records retention schedules and applicable public‑sector records management frameworks. Operates eDiscovery (Standard and Premium): cases, holds, collections, reviews, custodian management, and chain‑of‑custody documentation. Operates Microsoft Purview Data Map, Data Catalog, and Data Estate Insights for the Microsoft Fabric / Power BI estate, including lineage, classification scans, and Data Loss Prevention for Fabric. Maintains audit and reporting using Purview Audit (Standard / Premium), Compliance Manager templates (ISO 27001, GDPR, NIS2), and customer‑managed Compliance Manager assessments.
Identity Security and Zero Trust: Defines and maintains the Conditional Access policy baseline using a documented policy framework (Persona‑based or Microsoft Zero Trust deployment guidance), including emergency / break‑glass access, named locations, and report‑only validation. Operates Entra ID Protection - sign‑in risk, user risk, risk policies, and risk investigation - including alignment with Defender XDR for unified incident view. Governs privileged access via PIM, role‑assignable groups, access reviews, and Just‑In‑Time elevation; co‑owns break‑glass account procedures with the AD/Entra Specialist. Operates Entra Permissions Management (CIEM) where licensed, providing visibility of multi‑cloud permission risk.
Compliance and Audit: Maintains ISO 27001 control evidence and aligns with the customer's certification and surveillance audits; acts as the technical lead for any audit observation related to the Microsoft estate. Maintains GDPR records of processing, supports Data Protection Impact Assessments for new applications, and operates technical and organisational measures (TOMs). Maps controls to NIST CSF, NIS2 (where applicable as an essential / important entity), and Microsoft Secure Score / Identity Secure Score; maintains a target posture and quarterly improvement plan. Produces monthly security KPIs for the SLA report - Secure Score trend, MFA coverage, DLP incidents, phishing simulation results, vulnerability remediation, patch compliance - and quarterly executive risk reports.
Microsoft Copilot and AI Governance: Operates the security envelope for Microsoft 365 Copilot and Copilot Studio including SharePoint sharing hygiene ('oversharing'), sensitivity‑label‑aware grounding, restricted SearchableContent, and Copilot interaction audit log review. Defines and enforces a Responsible AI policy aligned with Microsoft's Responsible AI Standard - fairness, reliability, safety, privacy, security, inclusiveness, transparency, and accountability.
Mandatory Technical Skills: Microsoft Defender XDR (full stack) and Microsoft Sentinel - analytics, hunting (KQL), incident management, and SOAR playbook authoring. Microsoft Purview - Information Protection, DLP, Insider Risk, Records Management, eDiscovery, Audit, and Compliance Manager. Entra ID security: Conditional Access, MFA, PIM, Identity Protection, External Identities, and Permissions Management. Zero Trust architecture knowledge per Microsoft Zero Trust deployment guidance; ability to lead a Zero Trust roadmap discussion with senior stakeholders. ISO 27001:2022 control set; GDPR Articles 5, 6, 9, 25, 28, 30, 32‑34; awareness of NIS2 and applicable national cyber‑security guidance. KQL (Kusto Query Language) - fluent across Defender Advanced Hunting, Sentinel, and Log Analytics. PowerShell automation across Microsoft Graph Security, ExchangeOnlineManagement, and Compliance modules.
Desirable Technical Skills: Threat hunting using Sigma rules, MITRE ATT.
M365 / Entra Security & Governance Specialist employer: VE3
As a leading employer in the tech industry, we offer a dynamic work environment that fosters innovation and collaboration. Our commitment to employee growth is evident through continuous training opportunities and a culture that values diversity and inclusion. Located in a vibrant area, we provide competitive benefits and a supportive atmosphere where you can thrive as an M365 / Entra Security & Governance Specialist.
StudySmarter Expert Advice🤫
We think this is how you could land M365 / Entra Security & Governance Specialist
✨Tip Number 1
Network, network, network! Get out there and connect with folks in the industry. Attend meetups, webinars, or even online forums related to M365 and security. You never know who might have a lead on your dream job!
✨Tip Number 2
Show off your skills! Create a portfolio or a GitHub repository showcasing your projects, especially those involving KQL, Microsoft Sentinel, or Defender XDR. This gives potential employers a taste of what you can do beyond just a CV.
✨Tip Number 3
Prepare for interviews by practising common questions related to M365 security and governance. Think about how you would handle specific scenarios, like investigating identity-based attacks or operating DLP policies. Confidence is key!
✨Tip Number 4
Don’t forget to apply through our website! We’ve got loads of opportunities waiting for you, and applying directly can sometimes give you an edge. Plus, it’s super easy to keep track of your applications that way!
We think you need these skills to ace M365 / Entra Security & Governance Specialist
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the M365 Entra Security & Governance role. Highlight relevant experience and skills that match the job description, especially around Microsoft Defender XDR, KQL, and compliance frameworks.
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about security and governance in the M365 environment. Mention specific projects or experiences that relate to the responsibilities outlined in the job description.
Showcase Your Technical Skills:Don’t forget to showcase your technical skills prominently. Mention your experience with tools like Microsoft Sentinel, Purview, and your proficiency in KQL. This will help us see how you can hit the ground running!
Apply Through Our Website:We encourage you to apply through our website for the best chance of getting noticed. It’s the easiest way for us to keep track of your application and ensure it reaches the right people!
How to prepare for a job interview at VE3
✨Know Your Tech Inside Out
Make sure you’re well-versed in Microsoft Defender XDR, Sentinel, and Purview. Brush up on KQL and PowerShell automation, as these will likely come up during the interview. Being able to discuss specific scenarios where you've used these tools will show your practical experience.
✨Understand Zero Trust Principles
Familiarise yourself with Zero Trust architecture and how it applies to identity security. Be prepared to discuss how you would implement Conditional Access policies and manage privileged access. This shows that you not only know the theory but can apply it in real-world situations.
✨Prepare for Scenario-Based Questions
Expect questions that ask you to solve hypothetical problems related to identity-based attacks or data governance. Practice articulating your thought process clearly and logically, as this will demonstrate your analytical skills and problem-solving abilities.
✨Showcase Your Compliance Knowledge
Be ready to discuss ISO 27001, GDPR, and other compliance frameworks relevant to the role. Highlight any experience you have with audits or compliance management, as this is crucial for the position. It’s a great way to show you understand the importance of security in governance.
