Lead MS Security Engineer

Job Title: Security Engineer II (MS Lead)
Work Location: Downtown Fort Worth (on-site)
Duration: 6 month contract-to-hire
Education/Experience Required: Microsoft Security stack subject matter expertise (SME)

Job Description & Responsibilities:

• Engineer, configure, and maintain Microsoft Defender suite (Defender for Endpoint, Defender for Identity, Defender for Office 365, Defender for Cloud Apps) across the enterprise environment
• Manage daily security alert triage, investigation, and remediation while simultaneously driving project backlog to completion
• Design and architect security solutions for cross-functional teams including Networking, Service Delivery, and Digital Workplace to execute against
• Lead a security engineering team of two direct peers, providing technical mentorship, workload prioritization, and escalation support
• Administer and enforce security policies through Microsoft Entra ID (Conditional Access, identity governance, access reviews, lifecycle workflows)
• Manage endpoint security posture via Microsoft Intune, including compliance policies, configuration profiles, and mobile device onboarding
• Deploy and maintain Microsoft Security Baselines across endpoints and infrastructure
• Develop and tune Attack Surface Reduction (ASR) rules in Defender aligned to current best practices
• Implement and manage Microsoft Purview capabilities including Data Security Posture Management (DSPM) for AI
• Audit and remediate stale user accounts, orphaned devices, interactive service accounts, and non-compliant endpoint objects within Active Directory
• Enforce communication security controls such as external Teams messaging restrictions and authenticated SMTP policies
• Evaluate, restrict, and block non-approved AI tools across the environment
• Integrate security telemetry with SIEM/logging platforms (e.g., Defender for Identity to Sumo Logic)
• Leverage Microsoft Security Copilot to augment investigation, reporting, and response workflows
• Manage Secure Boot certificate updates and AD structural lockdowns for endpoint object organization
• Collaborate with leadership on security roadmap and contribute to the team's growth trajectory toward a Security Manager function

Skills & Qualifications:

• 5 7+ years of hands-on security engineering experience with deep focus on the Microsoft Security stack
• ~2+ years of experience in a Team Lead or senior individual contributor role with direct responsibility for guiding peers or junior engineers
• Subject Matter Expert-level proficiency across Microsoft Defender suite, Microsoft Entra ID, and Microsoft Intune
• Strong working knowledge of Active Directory administration, Group Policy, and endpoint lifecycle management
• Experience deploying and managing Microsoft Security Baselines and Attack Surface Reduction policies
• Familiarity with Microsoft Purview, Security Copilot, and Microsoft 365 security and compliance tooling
• Demonstrated ability to architect security solutions and hand off actionable implementation plans to cross-functional infrastructure teams
• Experience integrating Microsoft security telemetry with third-party SIEM or log aggregation platforms
• Ability to balance reactive alert-driven work with proactive project execution in parallel
• Strong communication skills with the ability to translate technical security concepts for non-technical stakeholders and cross-functional teams
• Microsoft security certifications (SC-200, SC-300, AZ-500, MS-102) are a plus but not required

Preferred / Nice-to-have Skills:

• Experience with Sumo Logic for log aggregation, query building, or dashboard creation
• Familiarity with Fortinet security products (FortiGate, FortiAnalyzer, or related)
• Experience working alongside or within a ReliaQuest (GreyMatter) MSSP engagement, including alert co-management, tuning, or escalation workflows

For more information or to view other opportunities, visit us at (url removed).
Paladin Consulting is an EEOC employer.