Responsibilities:
Design, implement, and manage security controls and configurations within the Microsoft ecosystem, with a focus on Entra ID and Purview.
Manage identity and access governance (IAG) using Entra ID, including conditional access policies, privileged identity management (PIM), and multi-factor authentication (MFA).
Utilize Microsoft Purview for data governance, data loss prevention (DLP), eDiscovery, and compliance management to meet defense contractor requirements.
Configure and maintain security solutions across cloud (Azure/Microsoft 365) and on-premises environments.
Lead the organization's vulnerability detection and remediation efforts, utilizing industry-standard tools to identify, prioritize, and track security flaws.
Conduct comprehensive risk analysis and assessments (RAAs) on new and existing systems, providing actionable recommendations to mitigate identified threats.
Develop and implement patching and configuration management strategies to reduce the attack surface.
Respond to and investigate security incidents, performing root cause analysis and implementing preventative measures.
Ensure all security measures and procedures comply with mandatory defense industry regulations and frameworks (e.g., NIST SP 800-171, CMMC).
Participate in internal and external audits related to security compliance.
Develop and maintain security documentation, including System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and standard operating procedures (SOPs).
Technical Implementation & Management
Vulnerability & Risk Management
Compliance & Defense Sector Expertise
Minimum Requirements:
- Bachelor's degree in Computer Science, Information Technology, Cyber Security, or a related field (or equivalent work experience).
Minimum of 5 years of experience in a dedicated Cyber Security or Information Assurance role.
Proven experience working directly for or extensively with a U.S. defense contractor, including familiarity with controlled unclassified information (CUI) handling and protection.
Demonstrable expertise in Microsoft Entra ID (formerly Azure AD) administration, including tenant configuration, governance, and security feature deployment.
Hands-on experience with Microsoft Purview, particularly in managing data governance, compliance, and DLP policies.
Specialized experience in vulnerability management lifecycle (scanning, analysis, prioritization, remediation tracking) and using associated tools.
Strong background in security risk analysis, threat modeling, and formulating mitigation strategies.
Preferred Skills & Experience:
Excellent written and verbal communication skills, with the ability to articulate complex security risks to both technical and non-technical stakeholders.
Proficiency with scripting languages (e.g., PowerShell, Python) for automation of security tasks.
Familiarity with Security Information and Event Management (SIEM) platforms.
Relevant security certifications such as: GIAC, CASP+, CEH, or Microsoft certifications (e.g., SC-300, SC-400, AZ-500) are highly desirable.
Top Skills
Hermeus Los Angeles, California, USA Office
Los Angeles, CA, United States
Similar Jobs
What you need to know about the Los Angeles Tech Scene
Key Facts About Los Angeles Tech
- Number of Tech Workers: 375,800; 5.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Snap, Netflix, SpaceX, Disney, Google
- Key Industries: Artificial intelligence, adtech, media, software, game development
- Funding Landscape: $11.6 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Strong Ventures, Fifth Wall, Upfront Ventures, Mucker Capital, Kittyhawk Ventures
- Research Centers and Universities: California Institute of Technology, UCLA, University of Southern California, UC Irvine, Pepperdine, California Institute for Immunology and Immunotherapy, Center for Quantum Science and Engineering
