M365 Security Expert

Job Description

The Microsoft 365 Security Expert (E5) is part of the Information Security team and reports to the CISO. The role is responsible for defining, implementing, operationalizing, and continuously improving the security posture of the Microsoft 365 environment (E5 licensing).

The position acts as a domain expert for M365 security and as a technical reference point for IT teams, operational security, and governance teams. The role combines security architecture, advanced configuration, operations, and continuous improvement.

Primary Mission

Ensure the protection of identities, endpoints, data, and collaborative M365 environments by applying Zero Trust principles and Microsoft best practices.

Responsibilities:

Identity and Access Security (Entra ID)

• Design and maintain advanced Conditional Access policies (MFA, risk-based access, compliant devices, session controls).
• Configure and operate Microsoft Entra ID Identity Protection (user and sign-in risk detection).
• Manage M365 RBAC roles and enforce the principle of least privilege.
• Implement and maintain Privileged Identity Management (PIM) strategies.
• Monitor and continuously improve the identity-related security posture.

Microsoft Defender XDR (E5)

• Act upstream of SOC analysis of M365-related security incidents by deploying, configuring, and operating:
  • Microsoft Defender for Endpoint
  • Defender for Office 365
  • Defender for Identity
  • Defender for Cloud Apps
• Ensure signal integration and effective use of the Defender XDR ecosystem.
• Collaborate with the SOC to optimize detection and response capabilities.

Microsoft Intune and Endpoint Security

• Define and maintain device management strategies using Microsoft Intune, including:
  • Compliance policies
  • Security configurations
  • Update management
  • Application control
• Integrate Intune with Conditional Access features to control access to M365 resources.
• Standardize secure configurations for Windows workstations and mobile devices.
• Contribute to the strategy for managing corporate devices and BYOD.

SharePoint Online and Teams Security & Governance

• Define and enforce security standards for:
  • SharePoint Online
  • Microsoft Teams
  • OneDrive
• Control external access and guest management.
• Govern permissions, external sharing, and the lifecycle of sites and teams.
• Reduce risks related to data sprawl and shadow IT.
• Implement controls aligned with collaborative use cases.

Governance, Security Posture, and Continuous Improvement

• Continuously analyze and improve the Secure Score and overall security posture.
• Translate CISO requirements into concrete technical M365 security controls.
• Document configuration and operational standards.
• Participate in the development of security policies related to M365 usage.
• Contribute to user awareness initiatives focused on collaboration and data-related risks.

Note: Microsoft Purview governance is primarily handled by another Infosec team function related to DLP. However, experience with Purview is considered an asset and may be leveraged as needed.

Qualifications

Requirements

• 3 to 7 years of experience in advanced administration and/or security of Microsoft 365.
• Strong expertise in the security components of the Microsoft 365 E5 license.
• Significant hands-on experience with Microsoft Intune.
• Solid understanding of Zero Trust principles.
• Proven ability to secure a production M365 environment.
• Ability to operate within a governed structure reporting to a CISO.
• Structured, risk-based approach with a strong focus on continuous improvement.

Assets (Nice to Have)

• Relevant certifications (MS-102, SC-300, SC-400, AZ-500, or equivalent).
• Experience in regulated environments or environments with high security requirements.
• Knowledge of security challenges related to collaboration, data, and AI within Microsoft 365.

Additional Information

Additional information

Here are the many benefits to ensure your personal and professional well-being as well as financial health:

• Remote, in-office, or hybrid work, with the option of flexible hours to promote balance and performance
• Group insurance plan and group RRSP with employer participation in effect from day one
• Minimum of 3 weeks vacation + 5 days personal leave per year
• Access to a telemedicine service and a complete assistance program for all employees and their family
• Access to a leading e-learning platform and hours allocated for training and professional development
• More than 40 years of expertise in the health IT field opens the door to many career opportunities
• Projects integrating Agile methodology
• Employee discount program
• An organizational culture rooted in the values of courage, determination, excellence, and collaboration around which we come together to develop technology solutions for the healthcare field.

If you are interested in this position, we would be very happy to tell you more about the role, the team, and life at LGI Healthcare Solutions.