Compliance Security and Microsoft Cloud Analyst

Job Description

Eccalon is seeking a Compliance Security and Microsoft Cloud Analyst position that will play a critical role in both Cyber Compliance Operations and Cloud Security Engineering. This is a long-term career opportunity ideal for individuals who want to grow both their compliance knowledge and hands-on Microsoft Cloud Security engineering expertise.

The selected candidate will help drive cybersecurity compliance initiatives aligned with Department of Defense (DoD) frameworks (NIST 800-53, NIST 800-171 / 172, FedRAMP and CMMC L1 / L2 / L3), while also designing, configuring, and implementing Microsoft Azure Government and M365 GCC High security controls across client environments.

This position offers the ability to advance technical engineering skills, earn high-level security certifications, and grow into a leadership track in cloud security and compliance operations.

Responsibilities

Cloud Security Engineering (Azure Gov and M365 GCC High)

• Assist in designing, configuring, and implementing Microsoft Azure Government and M365 GCC High security controls.
• Support Azure Gov resource hardening, including Virtual Machines, Key Vaults, Storage Accounts, Defender for Cloud, Sentinel, Azure Policies, and Conditional Access.
• Assist with Microsoft 365 GCC High Security & Compliance Center configurations, including DLP, Sensitivity Labels, Insider Risk, and Compliance Manager setup for CMMC and NIST alignment.
• Configure and monitor Azure Sentinel Workbooks, Cloud Security Posture Management (CSPM), Defender for Endpoint (Gov), and Defender for Identity integrations.
• Conduct Microsoft Secure Score reviews and remediation within GCC High and Azure Gov environments.
• Assist in developing automated security monitoring dashboards and reporting using Azure Monitor, Microsoft Sentinel GCC High.
• Support Azure network security hardening, including NSGs, ASGs, Private Endpoints, and Firewall rules.
• Help develop and document Zero Trust Architecture alignment using Microsoft Cloud-native tools.

Cyber Compliance Operations

• Research, identify, and map NIST and DoD cybersecurity controls (NIST 800-53, 800-171 / 172, FedRAMP (M) and CMMC) to Microsoft Cloud implementations and On-premises environments.
• Assist with System Security Plan (SSP), Policies, Procedures, and Plan of Action & Milestones (POA&M) documentation for client environments.
• Support control gap analysis, evidence collection, and audit preparation for DoD contractor compliance.
• Conduct security control validation testing (manual and automated), for both on-premises and cloud based systems.
• Document and report on control effectiveness, remediation plans, and risk mitigation actions.
• Assist with preparing security architecture diagrams showing how Microsoft Cloud services map to compliance controls.
• Support client teams during external CMMC, NIST, or DFARS audits and assessments.
• Help draft and revise Policies, Standards, and Procedures (PSPs) to align with DoD cybersecurity requirements.

Required Qualifications

• Bachelor’s in Cybersecurity, Cyber Defense or equivalencies.
• Strong understanding of Microsoft Azure Government (IaaS / PaaS / SaaS) security configurations.
• Hands-on experience with Microsoft 365 GCC High security and compliance solutions.
• Familiar with Microsoft Defender XDR stack (Defender for Endpoint, Identity, Office 365, Cloud Apps) for GCC High.
• Working knowledge of Azure AD / Entra ID security policies, Role-Based Access Control (RBAC), and Privileged Identity Management (PIM).
• Experience with Azure Sentinel deployment and use case creation.
• Familiarity with Azure Policy, Blueprints, and Resource Locks for governance and compliance.
• Experience in NIST 800-53, 800-171, 800-172, FedRAMP (M) and CMMC L1 / L2 / L3 control frameworks.
• Proficient in security documentation writing for Policies, Standards, System Security Plans, and POA&Ms.
• Proficient in network security concepts, firewall rule sets, and enterprise network topology diagrams.
• Critical Thinking and Problem Solving
• Strong Verbal and Written Communication
• Professional and Technical Writing
• Collaboration and Teamwork
• Multitasking and Task Prioritization
• Adaptability and Initiative
• Knowledge of Assessment and Audit Management Processes

Preferred Qualifications

• Master’s degree in information assurance and cyber security.
• Strong knowledge of Microsoft Security Best Practices for Cloud (Azure Gov, M365 GCC High).
• Ability to interpret DoD contract security clauses (DFARS, CMMC, NIST requirements) and apply them to cloud environments.
• Familiarity with Microsoft Compliance Manager and Secure Score tools in GCC High.
• Exposure to Defender for Cloud recommendations, regulatory compliance dashboards, and Microsoft Sentinel analytics rules.
• Proficient in evaluating data protection (at rest, in transit, and in use) in both cloud and on-premises environments.
• Ability to conduct technical research and compliance gap analysis, followed by Microsoft technology specific security remediation steps.

Certifications (Preferred or obtainable within the first 12 months) :

• Microsoft Certified : Azure Security Engineer Associate - AZ 500
• Microsoft Certified : Cybersecurity Architect Expert - SC 100
• Microsoft Certified : Information Protection and Compliance Administrator Associate - SC 401
• Microsoft Cloud Administration (others) : - SC 900 or SC 200 or SC 300
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)

Behavioral Skills :

• Servant Leadership Mindset : Proactively supports the team and organizational mission
• Detail-Oriented : Consistently delivers thorough and accurate work
• Team-Oriented : Works collaboratively across departments and client teams
• Self-Motivated : Able to work independently and seek guidance when needed
• Organized and Decisive : Able to manage multiple priorities with efficiency
• Interpersonal Effectiveness : Builds strong, positive, and professional relationships

Growth Opportunity

This position offers a dual career track (Cloud Security Engineering + Compliance Operations).

You will gain hands-on Microsoft Cloud Security Engineering expertise, DoD cyber compliance expertise, and management experience, with the opportunity to grow into an Enterprise Compliance & Cloud Security Team Lead role.