Ennoble Care - Cybersecurity Analyst

• Identity & Access Security • Manage and refine Conditional Access policies across Entra ID • Administer Privileged Identity Management (PIM) and enforce least-privilege • Monitor and respond to identity-based threats (token theft, MFA bypass, impossible travel) • Drive adoption of phishing-resistant MFA (FIDO2/passkeys, Windows Hello for Business, certificate-based auth) and deploy token-theft protections — token protection, Continuous Access Evaluation, and sign-in risk-based Conditional Access • Ability to conduct quarterly tabletop exercises for anticipation of threats and corrective action plans. • Conduct regular entitlement reviews and clean up stale access • Email & Messaging Security • Harden Exchange Online Protection: Safe Links, Safe Attachments, anti-phishing policies, quarantine management • Own email authentication: configure and maintain SPF, DKIM, and DMARC records in DNS, monitor DMARC aggregate reports for spoofing and broken senders, and drive the domain to enforcement (p=reject) • Strengthen mail transport and anti-spoofing posture (MTA-STS, TLS-RPT, ARC), and enable BIMI once DMARC is at enforcement • Investigate and respond to BEC, phishing, and account compromise incidents • Own the user phishing-reporting workflow (Report Phishing button, submissions triage) and rapid email remediation — ZAP and tenant-wide message purge — with a target time-to-contain for reported messages • Design and execute simulated phishing campaigns to measure and improve user resilience • Run the security awareness and human-risk program (Attack Simulation Training, onboarding and recurring training, just-in-time coaching, targeted remediation for repeat clickers) and report on click-rate and report-rate trends over time • Threat Detection & Response • Write and tune KQL queries in Microsoft Defender Advanced Hunting • Triage Defender alerts, investigate incidents end-to-end, and document findings • Coordinate with our MDR provider on endpoint detections • Own the incident response lifecycle from detection through remediation and lessons learned • Data Protection & Compliance • Implement Microsoft Purview information protection labels, DLP policies, and retention rules • Collect and maintain evidence for HIPAA compliance assessments and SOC 2 readiness • Support cyber insurance renewals with accurate risk documentation • Security Posture & Partnership • Work with our external Microsoft security partner to execute posture improvement roadmaps • Track and improve Microsoft Secure Score across identity, devices, apps, and data • Own the security workstream during M&A integrations (approximately one acquisition per quarter) • Evaluate and recommend security tooling additions as the program matures