The Senior Azure / Microsoft 365 Security Engineer is a senior individual contributor within the Security Architecture and Engineering organization. This role serves as a technical authority and execution lead for securing Dentsply Sirona's Azure and Microsoft 365 platforms, partnering closely with Cloud Engineering, Identity, Workplace Technology, and Security Operations teams.

This role owns the design, engineering, and continuous improvement of security controls across Azure and Microsoft 365, including identity protection, workload and network security, email and collaboration protection, data protection, and security monitoring integrations. The Senior Engineer is expected to operate with minimal direction, lead complex initiatives end-to-end, and act as a trusted advisor to both technical and security leadership.

This role also provides senior-level support to Security Operations by ensuring high-quality telemetry, detection coverage, and automation alignment across the Microsoft ecosystem

Role Scope Includes:

• Owning Azure and Microsoft 365 security architecture patterns and engineering standards.
• Leading implementation and optimization of Microsoft security platforms (Defender, Purview, Entra ID, Intune).
• Acting as a senior escalation point for complex cloud and identity security issues.
• Driving security posture improvement, risk reduction, and operational maturity across Microsoft platforms.

Responsibilities:

Azure & Microsoft 365 Security Architecture

• Design and maintain secure Azure landing zone and subscription patterns, including management groups, policy enforcement, network segmentation, and secure service exposure.
• Define and enforce identity and access architecture using Microsoft Entra ID (Azure AD), RBAC, Conditional Access, Privileged Identity Management (PIM), and managed identities.
• Establish and maintain Zero Trust-aligned controls across Azure and Microsoft 365 workloads.

Microsoft Defender & Platform Protection

• Lead the design, deployment, and tuning of Microsoft Defender capabilities, including:
  • Defender for Cloud
  • Defender for Endpoint
  • Defender for Identity
  • Defender for Office 365
  • Defender for Cloud Apps
• Own secure configuration baselines, posture management, and remediation workflows aligned to Microsoft Secure Score and internal risk priorities.
• Partner with SecOps to reduce alert fatigue, improve signal-to-noise ratio, and enhance incident response workflows.

Microsoft Purview & Data Protection

• Design and implement Microsoft Purview capabilities, including:
  • Sensitivity labeling and information protection
  • Data Loss Prevention (DLP) across Exchange, SharePoint, OneDrive, and Teams
  • Records management and data lifecycle controls
• Partner with Legal, Privacy, and Compliance teams to ensure data protection controls align with regulatory and business requirements.

Engineering Enablement & Continuous Improvement

• Define security standards, patterns, and guardrails that enable cloud and workplace teams to deploy securely by default.
• Review and influence Infrastructure-as-Code (ARM, Bicep, Terraform) and CI/CD pipelines to embed security controls early.
• Mentor junior engineers and act as a technical leader across Security Architecture & Engineering initiatives.

Requirements:

Education

• Bachelor's degree in Cybersecurity, Computer Science, Engineering, Information Systems, or equivalent experience.

Experience

• 7-10+ years of progressive experience in cybersecurity engineering, with deep hands-on experience in Azure and Microsoft 365 security.
• Proven experience designing and operating enterprise-scale cloud security controls.
• Strong experience integrating cloud platforms with SIEM/SOC operations.

Key Skills & Knowledge

• Advanced knowledge of Microsoft Entra ID, Conditional Access, PIM, RBAC, and identity threat protection.
• Expert-level experience with Microsoft Defender (KQL, analytics rules, automation).
• Strong understanding of cloud security architecture, Zero Trust principles, and shared responsibility models.
• Ability to communicate complex security concepts to engineering teams and senior leadership.

Certifications (Strongly Preferred)

• Microsoft Certified: Azure Security Engineer Associate (or successor).
• Microsoft SC-100 (Cybersecurity Architect) or equivalent senior-level certification.
• CISSP, CCSP, or GIAC cloud-focused certifications.
• Familiarity with NIST CSF / NIST SP 800-53 / ISO 27001 control frameworks.

Workforce Alignment

• Responsibilities align to NIST NICE Framework Secure Infrastructure and Cloud Security Engineering work roles, supporting standardized career progression and workforce planning