At a Glance
- Tasks: Investigate and remediate identity-based attack paths using M365 Entra Security.
- Company: Join a forward-thinking tech company focused on security and governance.
- Benefits: Flexible freelance contract, competitive pay, and opportunities for skill development.
- Other info: Dynamic role with potential for growth in a fast-paced environment.
- Why this job: Make a real difference in cybersecurity while working with cutting-edge technologies.
- Qualifications: Experience in Microsoft Defender XDR, Sentinel, and KQL is essential.
The predicted salary is between 60000 - 80000 € per year.
M365 Entra Security investigates identity-based attack paths (DCSync, Golden Ticket, Pass-the-Hash) and remediates exposures. Operates Defender for Cloud Apps for SaaS discovery, OAuth app governance, conditional access app control (reverse proxy), session policies, and shadow IT reporting. Investigates alerts and incidents in the Defender XDR portal using KQL advanced hunting; builds custom detections, suppression rules, and automated playbooks.
SIEM and SOAR - Microsoft Sentinel: Operates Microsoft Sentinel for the estate, including data connectors (M365, Entra, Defender XDR, Azure Activity, Office 365, Threat Intelligence, Syslog/CEF), workspace architecture, retention, and cost optimisation. Authors analytics rules (scheduled, NRT, Fusion, Microsoft Security), builds watchlists, threat intelligence integrations (TAXII / MISP), and User Entity Behaviour Analytics (UEBA). Develops KQL detection content aligned to MITRE ATT, operates hunting queries, bookmarks, and incident investigation graphs. Builds SOAR automation using Azure Logic Apps playbooks for incident enrichment, containment (e.g., disable user, force password reset, isolate device), and notification. Operates the 24/7 Sentinel‑based monitoring stack in collaboration with the NOC analyst function.
Information Protection and Data Governance - Microsoft Purview: Designs and operates Microsoft Purview Information Protection, including sensitivity labels, label policies, auto‑labelling (client and service‑side), encryption with rights management, and co‑authoring on encrypted documents. Builds and tunes Data Loss Prevention (DLP) policies for Exchange, SharePoint, OneDrive, Teams chat, Endpoint DLP, and Power Platform; manages policy tips, overrides, and incident review. Operates Insider Risk Management policies, content explorer, activity explorer, and communication compliance where in scope. Designs retention policies, retention labels, and records management aligned to the customer's records retention schedules and applicable public‑sector records management frameworks. Operates eDiscovery (Standard and Premium): cases, holds, collections, reviews, custodian management, and chain‑of‑custody documentation. Operates Microsoft Purview Data Map, Data Catalog, and Data Estate Insights for the Microsoft Fabric / Power BI estate, including lineage, classification scans, and Data Loss Prevention for Fabric. Maintains audit and reporting using Purview Audit (Standard / Premium), Compliance Manager templates (ISO 27001, GDPR, NIS2), and customer‑managed Compliance Manager assessments.
Identity Security and Zero Trust: Defines and maintains the Conditional Access policy baseline using a documented policy framework (Persona‑based or Microsoft Zero Trust deployment guidance), including emergency / break‑glass access, named locations, and report‑only validation. Operates Entra ID Protection – sign‑in risk, user risk, risk policies, and risk investigation – including alignment with Defender XDR for unified incident view. Governs privileged access via PIM, role‑assignable groups, access reviews, and Just‑In‑Time elevation; co‑owns break‑glass account procedures with the AD/Entra Specialist. Operates Entra Permissions Management (CIEM) where licensed, providing visibility of multi‑cloud permission risk.
Compliance and Audit: Maintains ISO 27001 control evidence and aligns with the customer's certification and surveillance audits; acts as the technical lead for any audit observation related to the Microsoft estate. Maintains GDPR records of processing, supports Data Protection Impact Assessments for new applications, and operates technical and organisational measures (TOMs). Maps controls to NIST CSF, NIS2 (where applicable as an essential / important entity), and Microsoft Secure Score / Identity Secure Score; maintains a target posture and quarterly improvement plan. Produces monthly security KPIs for the SLA report – Secure Score trend, MFA coverage, DLP incidents, phishing simulation results, vulnerability remediation, patch compliance – and quarterly executive risk reports.
Microsoft Copilot and AI Governance: Operates the security envelope for Microsoft 365 Copilot and Copilot Studio including SharePoint sharing hygiene ('oversharing'), sensitivity‑label‑aware grounding, restricted SearchableContent, and Copilot interaction audit log review. Defines and enforces a Responsible AI policy aligned with Microsoft's Responsible AI Standard – fairness, reliability, safety, privacy, security, inclusiveness, transparency, and accountability.
Mandatory Technical Skills: Microsoft Defender XDR (full stack) and Microsoft Sentinel – analytics, hunting (KQL), incident management, and SOAR playbook authoring. Microsoft Purview – Information Protection, DLP, Insider Risk, Records Management, eDiscovery, Audit, and Compliance Manager. Entra ID security: Conditional Access, MFA, PIM, Identity Protection, External Identities, and Permissions Management. Zero Trust architecture knowledge per Microsoft Zero Trust deployment guidance; ability to lead a Zero Trust roadmap discussion with senior stakeholders. ISO 27001:2022 control set; GDPR Articles 5, 6, 9, 25, 28, 30, 32–34; awareness of NIS2 and applicable national cyber‑security guidance. KQL (Kusto Query Language) – fluent across Defender Advanced Hunting, Sentinel, and Log Analytics. PowerShell automation across Microsoft Graph Security, ExchangeOnlineManagement, and Compliance modules.
Desirable Technical Skills: Threat hunting using Sigma rules, MITRE ATT.
M365 / Entra Security & Governance Specialist (Freelance/Contract) employer: VE3
As a leading employer in the cybersecurity sector, we offer a dynamic work environment that fosters innovation and collaboration. Our commitment to employee growth is evident through continuous training opportunities and a culture that values diversity and inclusion. Located in a vibrant tech hub, we provide competitive benefits and the chance to work on cutting-edge projects that make a real impact in the field of security and governance.
StudySmarter Expert Advice🤫
We think this is how you could land M365 / Entra Security & Governance Specialist (Freelance/Contract)
✨Tip Number 1
Network, network, network! Get out there and connect with people in the M365 and security space. Attend meetups, webinars, or even online forums. You never know who might have a lead on a freelance gig or contract opportunity!
✨Tip Number 2
Show off your skills! Create a portfolio or a GitHub repository showcasing your projects related to M365, Entra, and security governance. This gives potential clients a taste of what you can do and sets you apart from the competition.
✨Tip Number 3
Don’t just apply for jobs; reach out directly! If you see a company you’d love to work with, send them a message. Express your interest and highlight how your skills align with their needs. It’s all about making that personal connection.
✨Tip Number 4
Keep an eye on our website for the latest opportunities! We regularly post freelance and contract roles that could be perfect for you. Plus, applying through us means you’ll get the inside scoop on what we’re looking for!
We think you need these skills to ace M365 / Entra Security & Governance Specialist (Freelance/Contract)
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the M365 Entra Security role. Highlight your experience with identity-based attack paths and any relevant tools like Microsoft Sentinel or Defender XDR. We want to see how your skills match up with what we're looking for!
Show Off Your Skills:In your application, don’t just list your skills—show us how you've used them in real-world scenarios. Whether it's building custom detections or operating DLP policies, give us examples that demonstrate your expertise. We love a good story!
Be Clear and Concise:When writing your application, keep it clear and to the point. Use bullet points where possible to make it easy for us to read. We appreciate straightforward communication, especially when it comes to complex topics like Zero Trust architecture.
Apply Through Our Website:We encourage you to apply through our website for the best chance of getting noticed. It helps us keep track of applications and ensures you’re considered for the role. Plus, it’s super easy to do!
How to prepare for a job interview at VE3
✨Know Your Tech Inside Out
Make sure you’re well-versed in the technical skills listed in the job description, especially Microsoft Defender XDR, Sentinel, and KQL. Brush up on your knowledge of Zero Trust architecture and be ready to discuss how you've applied these technologies in past roles.
✨Prepare Real-World Examples
Think of specific instances where you've tackled identity-based attack paths or managed DLP policies. Be ready to share these experiences during the interview, as they’ll demonstrate your practical knowledge and problem-solving skills.
✨Familiarise Yourself with Compliance Standards
Since compliance is a big part of this role, make sure you understand ISO 27001 and GDPR regulations. Prepare to discuss how you’ve maintained compliance in previous positions and how you would approach it in this new role.
✨Ask Insightful Questions
Prepare thoughtful questions about the company’s current security posture and their approach to incident management. This shows your genuine interest in the role and helps you gauge if the company aligns with your career goals.
