Cloud Engineer / Security and Compliance Specialist

Company Description

Arηs is a fully independent group of companies specialized in managing complex IT projects and systems for large organisations, focusing on state-of-the-art software development, digital trust, cloud, data science, mobile development, machine learning and infrastructure services.

We are composed of 16 entities across 8 countries worldwide that are unified by the Arηs Group, with more than 2500 consultants. This corporate structure enables us to respond quickly to market changes and customer requests, and to communicate and make decisions without layers of bureaucracy.

Established in 2016, the Greek entity Arηs Developments Hellas aims to extend Arηs Group activities dedicated to the European market providing high-quality services in Software Development, covering the entire application development lifecycle.

Job Description

1. Security Policy Development:

• Develop and implement comprehensive security policies for the M365 environment.
• Ensure policies align with organizational and regulatory requirements.
• Regularly review and update security policies to address emerging threats.
• Communicate and enforce security policies across the organization.

2. Compliance Management:

• Ensure compliance with regulatory requirements and organizational standards.
• Implement and manage data loss prevention (DLP) policies.
• Conduct regular compliance audits and risk assessments.
• Develop and maintain compliance documentation and records.

3. Advanced Threat Protection:

• Configure and manage Microsoft Defender for Office 365.
• Implement Advanced Threat Protection (ATP) policies to detect and mitigate threats.
• Monitor threat analytics and respond to security incidents.
• Conduct regular security assessments and vulnerability scans.

4. Conditional Access and Identity Protection:

• Implement and manage conditional access policies in Azure AD.
• Configure identity protection policies to safeguard user accounts.
• Monitor access patterns and detect suspicious activities.
• Ensure multi-factor authentication (MFA) is enforced.

5. Data Encryption and Information Protection:

• Configure and manage data encryption policies.
• Implement Azure Information Protection (AIP) for data classification and labelling.
• Ensure data protection policies are applied to sensitive information.
• Monitor and report on data protection compliance.

6. eDiscovery and Legal Hold Management:

• Implement and manage eDiscovery and legal hold processes.
• Ensure that data required for legal proceedings is preserved.
• Conduct regular audits of eDiscovery and legal hold configurations.
• Provide training and support for eDiscovery users.

7. Security Monitoring and Reporting:

• Monitor the security health of the M365 environment using Microsoft 365 Security Center.
• Generate security reports and provide insights for improvement.
• Utilize security information and event management (SIEM) tools.
• Identify and address security incidents promptly.

8. Automation and Scripting:

• Develop and maintain PowerShell scripts to automate security and compliance tasks.
• Implement automated workflows using Power Automate.
• Create automated solutions for compliance reporting and monitoring.
• Maintain and update existing automation scripts.

9. User Training and Awareness:

• Develop and deliver security training programs for end-users.
• Promote security awareness and best practices across the organization.
• Guide secure use of M365 tools.
• Conduct regular security awareness campaigns.

10. Continuous Improvement:

• Stay up-to-date with the latest M365 security and compliance features.
• Continuously improve security and compliance processes.
• Participate in security and compliance forums and training.
• Propose and implement new security measures and enhancements

Qualifications

1) Microsoft 365 Security Features:

• Advanced knowledge of Microsoft 365 security features and configurations.
• Experience with Microsoft Defender for Office 365 and ATP policies.
• Proficiency in configuring and managing conditional access and identity protection.
• Knowledge of data encryption and Azure Information Protection (AIP).

2) Compliance Management:

• Strong understanding of regulatory compliance requirements (e.g., GDPR, HIPAA).
• Experience with data loss prevention (DLP) policies and compliance audits.
• Proficiency in conducting risk assessments and developing compliance documentation.
• Knowledge of eDiscovery and legal hold management.

3) PowerShell Scripting:

• Proficient in writing and executing PowerShell scripts for security and compliance tasks.
• Ability to develop and maintain scripts for automation.
• Experience with automating compliance reporting and monitoring.
• Knowledge of script debugging and error handling.

4) Security Monitoring and Reporting:

• Proficient in using Microsoft 365 Security Center and SIEM tools.
• Ability to generate security reports and provide insights.
• Experience with monitoring and responding to security incidents.
• Knowledge of security information and event management (SIEM) best practices.

5) Advanced Threat Protection:

• Expertise in configuring and managing ATP policies.
• Experience with threat detection and mitigation. 
• Proficiency in conducting security assessments and vulnerability scans.
• Ability to respond to and mitigate security incidents.

6) Conditional Access and Identity Protection:

• Advanced knowledge of conditional access policies in Azure AD.
• Experience with configuring and managing identity protection policies.
• Proficiency in enforcing multi-factor authentication (MFA).
• Knowledge of monitoring access patterns and detecting suspicious activities.

7) Data Encryption and Information Protection:

• Skilled in configuring and managing data encryption policies.
• Experience with Azure Information Protection (AIP).
• Ability to apply data protection policies to sensitive information.
• Knowledge of monitoring and reporting on data protection compliance.

8) eDiscovery and Legal Hold Management:

• Proficient in implementing and managing eDiscovery and legal hold processes.
• Experience with auditing eDiscovery and legal hold configurations.
• Knowledge of data preservation for legal proceedings.
• Ability to provide training and support for eDiscovery users.

9) User Training and Awareness:

• Experience promoting security awareness and best practices.
• Proficiency in guiding the secure use of M365 tools.

10) Continuous Improvement:

• Commitment to staying current with M365 security and compliance features.
• Proactive in implementing new security measures and enhancements.
• Participation in security and compliance forums and training.
• Ability to propose and implement continuous improvement initiatives.

11) Organizational Skills:

• Strong organizational skills to manage multiple tasks and priorities effectively.
• Attention to detail in managing the M365 environment and the Microsoft Intune Platform.

12) Bachelor’s degree in Computer Science, Information Technology, or a related field plus 6 years of relevant experience.

13)Full proficiency in the English language. French language proficiency is of advantage.

14) Strong customer relationship skills, including negotiating complex and sensitive situations under pressure.