M365 Security and Compliance Administrator

Looking for an opportunity to make an impact?

At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers’ success. We empower our teams, contribute to our communities, and operate sustainably. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. Our Mission, Vision, and Values guide the way we do business.

If this sounds like a mission you want to be a part of, keep reading!

Civilian Health Solutions uses a wide range of capabilities in Digital Modernization, Mission Software Systems, and enabling technologies like Artificial Intelligence and Machine Learning to support our customers’ mission in advancing biomedical research and protecting public health. Our team’s focus is ensuring our health customers have the right solutions to keep pace with an ever-evolving public health landscape and prevent the next public health crisis.  To explore and learn more, click here!

Your greatest work is ahead!

Candidates MUST:

be located in the United States for the current three consecutive years

be US Citizen or US person with the ability to obtain a Public Trust Clearance level 4

have the ability to travel to Washington, DC or Rockville, MD and be able to work Eastern time zone hours.

Summary:

Leidos is seeking an experienced M365 Security and Compliance Administrator to join our Information Technology team. This role requires a seasoned professional who can strategically manage and enhance the security and compliance posture of the M365 environment within a GCC (Government Community Cloud) tenant, particularly in a federal agency context.

Key Responsibilities:

Strategic Security Oversight and Governance:

• Lead the development, implementation, and management of comprehensive security policies and frameworks for the M365 environment, ensuring alignment with federal regulations and organizational standards.
• Oversee the configuration and enforcement of compliance settings, including data governance, document classification, and data loss prevention (DLP) using Microsoft Purview, to safeguard sensitive information.
• Email Security and Compliance Management:
• Develop and enforce email security policies, including encryption, sensitivity labeling, and secure email flow management, to prevent unauthorized access and data breaches.
• Ensure the implementation of Secure/Multipurpose Internet Mail Extensions (S/MIME) or Microsoft Information Protection (MIP) for email encryption to enhance data confidentiality in email communications.
• Manage and monitor spam filtering, anti-phishing measures, and malware protection within Exchange Online to protect against evolving email threats.

Risk Management and Compliance Assurance:

• Establish and maintain robust data protection and compliance strategies, including the management of Capstone emails and document classification, to ensure adherence to federal and organizational regulations.
• Develop and execute a risk management framework that proactively identifies, evaluates, and mitigates potential security risks and vulnerabilities within the M365 ecosystem.

Collaboration and Stakeholder Engagement:

• Collaborate with cross-functional teams to ensure that security and compliance solutions effectively support organizational objectives and business needs.
• Engage with stakeholders to gather requirements, provide technical leadership, and align security initiatives with strategic goals, particularly concerning M365 B2B trust relationships and secure collaboration with external partners.

Security Monitoring and Incident Response:

• Lead the integration and management of Microsoft Defender and Sentinel solutions to provide comprehensive security monitoring, threat detection, and incident response capabilities across the M365 environment.
• Oversee the configuration and management of security alerts, policies, and automated response actions, ensuring a proactive approach to threat management and data protection.

Continuous Improvement and Innovation:

• Stay current with M365 security and compliance updates, industry trends, and emerging technologies to continuously enhance the security posture and operational efficiency of the M365 environment.
• Utilize tools such as GCC Copilot to optimize security workflows and improve compliance processes across the organization.

Required Qualifications and Experience:

• Bachelor’s degree in computer science, Information Technology, or a related field with 8-10 years of relevant experience.
• Minimum of 5 years of hands-on experience in M365 administration.
• Strong understanding of M365 security and compliance capabilities.
• Possess one or more Microsoft 365 certifications. E.g., Microsoft Certified: Security, Compliance, and Identity Fundamentals, Security Administrator Associate, Information Protection Administrator Associate, Identity and Access Administrator Associate etc.
• Excellent communication and collaboration skills.
• Working experience with a federal agency is highly desired.

Desired Skills:

• Expertise in managing M365 B2B collaboration and establishing trust relationships among multiple federal agencies, ensuring secure external sharing and compliance.
• Proficiency in managing guest user access and configuring Conditional Access policies to support secure collaboration across different organizations.
• Strong understanding of data governance, lifecycle management, and compliance in a multi-tenant environment.
• Experience with security frameworks and best practices for cloud environments, particularly in the context of federal regulations.
• Familiarity with Agile development methodologies.
• Proficiency with tools such as JIRA, Confluence, and Zendesk.

hhsnih

Original Posting Date:

While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.