Cloud Security Engineer - Public Sector, IT Operations

Job Summary:

The Cloud Security Engineer is responsible for planning, implementing, upgrading, and monitoring security-based measures for the protection of the organization’s cloud-based digital platforms and related data. This role may be charged with analyzing and revising existing cloud infrastructure and implementing new and enhanced security related designs and methodologies. In addition, this position is familiar with and helps institute best practices that meet or exceed FedRAMP, NIST, and Cybersecurity Maturity Model Certification (CMMC). The Cloud Security Engineer focuses on the secure configuration and deployment of services within Microsoft GCC High and other platforms to support business operations, and ensures high performance and reliability of technology services that support the firm's mission.

Job Duties:

• Collaborates with Public Sector and BDO National IT teams on standards, configuration recommendations, and best practices for the secure management of Microsoft 365 GCC High services, including Office, Entra ID, Intune, Defender, and Purview
• Institutes policies for identity, device, and access management using Zero Trust principles and security baselines
• Reviews results from configuration management/testing, profiling, and assessment tooling to address vulnerabilities, misconfigurations, and/or access risks
• Implements, maintains, and monitors backup and disaster recovery strategies for M365 environment
• Participates in the Change Control Board
• Monitors for and investigates emerging cyber threats in BDO Public Sector cloud environment, and works with staff on recommending and implementing defensive actions
• Contributes to System Security Plans (SSPs), Plan of Action & Milestones (POA&Ms), and other artifacts for audit readiness
• Performs maintenance and enhancements on existing security alerts to reduce false positives
• Leads the remediation efforts of vulnerabilities within cloud resources
• Leads the Incident Response Team which includes monitoring for and determining Indicators of Compromise
• Collaborates with security operations professionals to analyze triaged security alerts to determine the appropriate escalation and remediation paths
• Designs and implements security related technologies such as MFA, FIDO2, endpoint detection and response (EDR), and mobile device management (MDM) within a GCC High tenant
• Aligns enterprise IT planning with cybersecurity risk management strategies using NIST SP 800-171 and other applicable frameworks
• Performs and reports phishing testing and develops necessary training
• Escalates critical issues to management
• Documents and maintains policies and procedures
• Other duties as required 

Supervisory Responsibilities: 

• Directs day-to-day activities/workload of staff, as needed 

Qualifications, Knowledge, Skills, and Abilities:

Education:

• High school diploma or GED, required
• Bachelor's degree in Cloud Computing, Information Technology, Information Science, Informatics, or Information Systems, preferred

Experience:

• Three (3) or more years of experience providing IT systems security support or incident response, required

License/Certifications:

• SC-100 – Microsoft Certified Cybersecurity Architect Expert, preferred
• AZ-305 – Azure Solutions Architect Expert, preferred
• AZ-500 – Azure Security Engineer Associate, preferred

Software:

• Proficiency with Microsoft Intune, Entra ID/Azure AD, Microsoft 365 Admin Center, and Microsoft Defender for Endpoint, required
• Proficiency with Microsoft Office Suite, preferred
• Proficiency with Power BI, Apple Business Manager, and MacOS and iOS management via Intune, preferred

Language:

• N/A

Other Knowledge, Skills, and Abilities: 

• Strong verbal and written communication skills
• Excellent interpersonal and customer relationship skills
• Capacity to work in a deadline-driven environment while handling multiple complex projects/tasks simultaneously with a focus on details
• Capable of successfully multi-tasking while working independently or within a group environment
• Familiar with various regulatory policies (PCI, HIPAA, GLBA and other statutory regulations) as they relate to data security and IT policies, procedures, and standards
• Basic awareness of PCI-DSS, ISO 2700x, FISMA, and other industry recommended security frameworks
• Strong understanding of security breach detection and mitigation
• Ability to rely on extensive experience and judgment to plan and accomplish goals
• Capable of working well under pressure while dealing with unexpected issues in a professional manner
• Capacity to communicate and interact with all levels of employees and management
• Ability to interact and build consensus among people
• Ability to work after standard business hours and travel, as needed
• Ability to design capabilities to find solutions to less common and more complex system problems

Join us at BDO, where you will find more than a career, you’ll find a place where your work is impactful, and you are valued for your individuality. We offer flexibility and opportunities for advancement. Our culture is centered around making meaningful connections, approaching interactions with curiosity, and being true to yourself, all while making a positive difference in the world. 

At BDO, our purpose of helping people thrive every day is at the heart of everything we do. Together, we are focused on delivering exceptional and sustainable outcomes and value for our people, our clients, and our communities. BDO is proud to be an ESOP company, reflecting a culture that puts people first, by sharing financially in our growth in value with our U.S. team.  BDO professionals provide assurance, tax and advisory services for a diverse range of clients across the U.S. and in over 160 countries through our global organization.

BDO is the first large accounting and advisory organization to implement an Employee Stock Ownership Plan (ESOP). A qualified retirement plan, the ESOP offers participants a stake in the firm’s success through beneficial ownership and a unique opportunity to enhance their financial well-being. The ESOP stands as a compelling addition to our comprehensive compensation and Total Rewards benefits* offerings. The annual allocation to the ESOP is fully funded by BDO through investments in company stock and grants employees the chance to grow their wealth over time as their shares vest and grow in value with the firm’s success, with no employee contributions. 

We are committed to delivering exceptional experiences to middle market leaders by sharing insight-driven perspectives, helping companies take business as usual to better than usual. With industry knowledge and experience, a breadth and depth of resources, and unwavering commitment to quality, we pride ourselves on:

• Welcoming diverse perspectives and understanding the experience of our professionals and clients
• Empowering team members to explore their full potential
• Our talented team who brings varying skills, knowledge and experience to proactively help our clients navigate an expanding array of complex challenges and opportunities
• Celebrating ingenuity and innovation to transform our business and help our clients transform theirs
• Focus on resilience and sustainability to positively impact our people, clients, and communities
• BDO Total Rewards that encompass so much more than traditional “benefits.”  Click here to find out more!

*Benefits may be subject to eligibility requirements.

Equal Opportunity Employer, including disability/vets