Key skills
AzureCloudCyber SecurityiOSJamfMacOSAzure ADEntra IDActive DirectoryCommunicationCritical ThinkingCloud Security
About this role
Role Overview
- Partner directly with the Director of Security to execute BWE’s security roadmap initiatives.
- Break down strategic objectives into actionable engineering tasks.
- Identify risks, blockers, and configuration gaps across BWE’s environment.
- Propose structured, risk-based solutions aligned with BWE’s business priorities.
- Design and implement access governance standards across BWE’s environment.
- Review and rationalize roles, security groups, and privileged access.
- Secure app registrations and service principals.
- Implement least privilege and Conditional Access policies.
- Support lifecycle automation for joiner, mover, and leaver processes.
- Assess and improve BWE’s Azure security posture.
- Harden RBAC role assignments and resource access.
- Configure and tune Microsoft identity, endpoint, and cloud security tools.
- Evaluate current tool configurations and implement improvements aligned with security best practices.
- Strengthen mobile device management configuration and compliance policies for Apple devices.
- Align Apple device management with identity and access controls.
- Improve monitoring, logging, and endpoint visibility across macOS and iOS.
- Configure and tune enterprise security tools to align with BWE’s risk and compliance requirements.
- Develop configuration baselines and technical implementation standards.
- Reduce alert noise through intelligent tuning.
- Validate control effectiveness through testing and review.
- Author technical standards and implementation guides for BWE’s security environment.
- Document control ownership and lifecycle management.
- Translate complex technical risks into clear communication for stakeholders.
- Support audit readiness through structured documentation.
Requirements
- 7+ years in cybersecurity engineering or security architecture.
- Strong hands-on experience with Microsoft Entra ID, Azure AD, and Active Directory in hybrid environments.
- Experience securing Azure environments and implementing RBAC.
- Experience configuring Conditional Access and MFA.
- Experience with Microsoft endpoint and cloud security tools.
- Experience securing macOS and iOS using a mobile device management platform.
- Demonstrated experience configuring and optimizing enterprise security tools.
- Experience building technical standards and structured processes.
- Strong analytical and critical thinking ability.
- Strong written and verbal communication skills.
- Experience supporting SOC 2 or regulated environments.
- Ability to connect security decisions to business outcomes and communicate risk in terms that resonate with non-technical stakeholders.
- Relevant security certifications strongly valued, including CISSP, Microsoft certifications such as SC-200 or AZ-500, GIAC certifications such as GSEC or GCIH, or Jamf 200.
Tech Stack
- Azure
- Cloud
- Cyber Security
- iOS
- Jamf
- MacOS
Benefits
- Health insurance
- Paid time off
- Flexible work arrangements
- Professional development opportunities