CREO
Job Description Overview
CREO Consultants lead and deliver complex, security-focused engagements across Microsoft cloud and endpoint ecosystems. You will serve as a trusted advisor to client executives and technical teams, owning outcomes from scoping and solution design through execution, reporting, and remediation guidance. This role is ideal for a hands‑on practitioner who can both architect and build, with strength in Identity & Access Management (IAM), Microsoft Azure/M365 security, and automation using scripting languages such as PowerShell and Python. Consultants work autonomously, mentor analysts, and contribute to proposals, statements of work (SOWs), and reusable delivery accelerators.
Position Responsibilities
Vulnerability & Framework Assessment Responsibilities
Schedule, run, and interpret vulnerability scans using tools like Tenable or Qualys.
Track and report on remediation progress in collaboration with client IT teams.
Assist with readiness assessments for SOC 2, ISO 27001, and NIST CSF.
Map client controls to framework requirements and identify gaps.
Client Leadership & Delivery
Own end‑to‑end delivery for security engagements (e.g., M365 hardening, Sentinel deployments, conditional access rules, external/internal assessments).
Translate business risk into technical requirements; create architectures, roadmaps, and prioritized remediation plans.
Facilitate client workshops, runbooks, and executive readouts; produce clear, actionable deliverables and presentations.
Coordinate cross‑functional teams; track scope, risks, issues, and dependencies; ensure on‑time, on‑budget delivery.
Identity & Access Management
Design and implement secure identity architectures in Microsoft Entra ID (Azure AD), including tenant configuration baselines.
Engineer Conditional Access policies, MFA, risk‑based access (Identity Protection), and step‑up authentication.
Establish RBAC, Privileged Identity Management (PIM), Just‑In‑Time (JIT) access, and access reviews.
Build joiner/mover/leaver lifecycle processes; integrate HRIS/IDaaS; govern external/guest access and B2B collaboration.
Harden identities for hybrid environments (Entra Connect/Cloud Sync), legacy protocols, service principals, and workload identities.
Microsoft Cloud Security (Azure & M365)
Deploy and tune Microsoft Sentinel (data connectors, analytics rules, UEBA, workbooks, automation rules, hunting queries).
Implement Defender for Cloud and Microsoft 365 Defender (Endpoint, Identity, Office 365, Cloud Apps) with secure configurations.
Design secure landing zones (network segmentation, Private Link, Key Vault, managed identities, logging/monitoring).
Apply Zero Trust principles across identity, device, network, apps, and data; document security baselines and exceptions.
Integrate third‑party controls (e.g., CrowdStrike) with Microsoft security for holistic detection and response.
Engineering & Automation (PowerShell / DevOps)
Develop robust PowerShell tooling and modules to automate Entra ID, Exchange Online, Defender, Intune, and Graph API workflows.
Create automation runbooks (e.g., Azure Automation, Functions) for repetitive administrative and incident response tasks.
Use KQL for analytics and threat hunting; build reusable dashboards and reports.
Follow secure coding standards, version control (Git), and CI/CD practices for infrastructure‑as‑code where applicable.
Detection, Response & Vulnerability Management
Triage and investigate alerts; lead incident response playbooks, root‑cause analysis, and containment/remediation guidance.
Correlate telemetry across Sentinel, Microsoft 365 Defender, and endpoint tools; develop custom detections and enrichments.
Coordinate vulnerability scanning/validation and remediation with client teams; communicate risk and business impact.
Prepare client‑ready IT deliverables and visually compelling reports, translating complex technical data into clear, actionable insights.
Required Qualifications, Skills, and Experience
6+ years in cybersecurity with significant client‑facing consulting experience.
Deep Microsoft 365 administration and security configuration experience.
Advanced PowerShell scripting (module development, Graph API, REST), automation runbooks, and CLI tooling.
Hands‑on IAM engineering: Conditional Access, MFA/passwordless, PIM/JIT, RBAC, access reviews, lifecycle (joiner/mover/leaver).
Azure and Microsoft security engineering: Sentinel, Defender for Cloud, Microsoft 365 Defender, secure landing zones, logging/monitoring.
Strong analytical and communication skills; ability to translate technical risk for executives and practitioners.
Bachelor’s degree in a relevant field or equivalent experience.
Certifications (Required or Within 6 Months)
Microsoft Certified: Identity and Access Administrator Associate (SC‑300).
Microsoft Certified: Azure Security Engineer Associate (AZ‑500).
Strongly preferred: Cybersecurity Architect Expert (SC‑100); Security Operations Analyst Associate (SC‑200).
Additional Desired but Not Required
Experience integrating CrowdStrike Falcon with Microsoft security tools.
Experience with Infrastructure‑as‑Code (Bicep/Terraform) and policy (Azure Policy, Defender for Cloud).
Scripting beyond PowerShell (e.g., Python) for data analysis and automation.
Experience with data protection and compliance controls (DLP, Purview).
This application may be reviewed in part by automated systems to help identify qualified candidates.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology
Industries Business Consulting and Services
#J-18808-Ljbffr
Position Responsibilities
Vulnerability & Framework Assessment Responsibilities
Schedule, run, and interpret vulnerability scans using tools like Tenable or Qualys.
Track and report on remediation progress in collaboration with client IT teams.
Assist with readiness assessments for SOC 2, ISO 27001, and NIST CSF.
Map client controls to framework requirements and identify gaps.
Client Leadership & Delivery
Own end‑to‑end delivery for security engagements (e.g., M365 hardening, Sentinel deployments, conditional access rules, external/internal assessments).
Translate business risk into technical requirements; create architectures, roadmaps, and prioritized remediation plans.
Facilitate client workshops, runbooks, and executive readouts; produce clear, actionable deliverables and presentations.
Coordinate cross‑functional teams; track scope, risks, issues, and dependencies; ensure on‑time, on‑budget delivery.
Identity & Access Management
Design and implement secure identity architectures in Microsoft Entra ID (Azure AD), including tenant configuration baselines.
Engineer Conditional Access policies, MFA, risk‑based access (Identity Protection), and step‑up authentication.
Establish RBAC, Privileged Identity Management (PIM), Just‑In‑Time (JIT) access, and access reviews.
Build joiner/mover/leaver lifecycle processes; integrate HRIS/IDaaS; govern external/guest access and B2B collaboration.
Harden identities for hybrid environments (Entra Connect/Cloud Sync), legacy protocols, service principals, and workload identities.
Microsoft Cloud Security (Azure & M365)
Deploy and tune Microsoft Sentinel (data connectors, analytics rules, UEBA, workbooks, automation rules, hunting queries).
Implement Defender for Cloud and Microsoft 365 Defender (Endpoint, Identity, Office 365, Cloud Apps) with secure configurations.
Design secure landing zones (network segmentation, Private Link, Key Vault, managed identities, logging/monitoring).
Apply Zero Trust principles across identity, device, network, apps, and data; document security baselines and exceptions.
Integrate third‑party controls (e.g., CrowdStrike) with Microsoft security for holistic detection and response.
Engineering & Automation (PowerShell / DevOps)
Develop robust PowerShell tooling and modules to automate Entra ID, Exchange Online, Defender, Intune, and Graph API workflows.
Create automation runbooks (e.g., Azure Automation, Functions) for repetitive administrative and incident response tasks.
Use KQL for analytics and threat hunting; build reusable dashboards and reports.
Follow secure coding standards, version control (Git), and CI/CD practices for infrastructure‑as‑code where applicable.
Detection, Response & Vulnerability Management
Triage and investigate alerts; lead incident response playbooks, root‑cause analysis, and containment/remediation guidance.
Correlate telemetry across Sentinel, Microsoft 365 Defender, and endpoint tools; develop custom detections and enrichments.
Coordinate vulnerability scanning/validation and remediation with client teams; communicate risk and business impact.
Prepare client‑ready IT deliverables and visually compelling reports, translating complex technical data into clear, actionable insights.
Required Qualifications, Skills, and Experience
6+ years in cybersecurity with significant client‑facing consulting experience.
Deep Microsoft 365 administration and security configuration experience.
Advanced PowerShell scripting (module development, Graph API, REST), automation runbooks, and CLI tooling.
Hands‑on IAM engineering: Conditional Access, MFA/passwordless, PIM/JIT, RBAC, access reviews, lifecycle (joiner/mover/leaver).
Azure and Microsoft security engineering: Sentinel, Defender for Cloud, Microsoft 365 Defender, secure landing zones, logging/monitoring.
Strong analytical and communication skills; ability to translate technical risk for executives and practitioners.
Bachelor’s degree in a relevant field or equivalent experience.
Certifications (Required or Within 6 Months)
Microsoft Certified: Identity and Access Administrator Associate (SC‑300).
Microsoft Certified: Azure Security Engineer Associate (AZ‑500).
Strongly preferred: Cybersecurity Architect Expert (SC‑100); Security Operations Analyst Associate (SC‑200).
Additional Desired but Not Required
Experience integrating CrowdStrike Falcon with Microsoft security tools.
Experience with Infrastructure‑as‑Code (Bicep/Terraform) and policy (Azure Policy, Defender for Cloud).
Scripting beyond PowerShell (e.g., Python) for data analysis and automation.
Experience with data protection and compliance controls (DLP, Purview).
This application may be reviewed in part by automated systems to help identify qualified candidates.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Information Technology
Industries Business Consulting and Services
#J-18808-Ljbffr