Systems Engineer – Microsoft 365 Security & Compliance Endpoint Security Engineer (GCC)

Leidos is seeking an experienced M365 Security and Compliance Administrator to join our Information Technology team. This role requires a seasoned professional who can strategically manage and enhance the security and compliance posture of the M365 environment within a GCC (Government Community Cloud) tenant particularly in a federal agency context. This senior engineering role sits at the center of the organizations device identity and M365 security ecosystem. The engineer is responsible for protecting enterprise Windows macOS iOS/iPadOS endpoints; ensuring compliant reliable access to M365 services and driving rapid engineering responses to vulnerabilities outages and operational risks. The successful candidate will apply with deep technical expertise cross-platform engineering capability and high operational security judgment.

Role Summary: Responsible for securing and maintaining compliance of the Microsoft 365 (M365) ecosystem and enterprise endpoints. Leads security governance implements and enforces controls across M365 email identity devices and telemetry and provides incident response and audit/ATO support to ensure alignment with federal and organizational security requirements.

Primary Responsibilities

Strategic security oversight & governance

• Lead the development implementation and ongoing management of M365 security policies standards and technical guardrails aligned to federal requirements and organizational controls.

• Own governance for data protection capabilities including document classification labeling retention and Data Loss Prevention (DLP) using Microsoft Purview.

Email security & compliance management (Exchange Online)

• Define and enforce email security policies such as encryption sensitivity labeling and secure mail flow to reduce unauthorized disclosure.

• Implement and maintain email encryption solutions (S/MIME and/or Microsoft Information Protection) to protect confidentiality of email communications.

• Administer and monitor anti-spam anti-phishing and anti-malware protections to defend against evolving threats.

Identity access and conditional access (Entra ID)

• Engineer and validate device-compliancebased Conditional Access policies across Windows macOS and mobile platforms.

• Investigate and remediate Conditional Access failures identity anomalies and external/guest access issues including M365 B2B trust and secure partner collaboration requirements.

Endpoint & device security engineering (Intune)

• Design test and deploy Intune configuration and compliance policies for Windows macOS and iOS/iPadOS including Enrollment Status Pages (ESPs) and OOBE workflows.

• Develop remediation scripts (PowerShell/platform scripts/configuration profiles) to close compliance gaps and enforce security baselines.

• Coordinate enterprise rollout of urgent vulnerability mitigations and validated vendor fixes; support vulnerability reviews and baseline rebuilds.

Risk management & compliance assurance (ATO / controls)

• Establish and operate a risk management approach to identify assess and mitigate security risks across the M365 ecosystem.

• Support ATO/control assessment activities by drafting implementation statements collecting artifacts and providing evidence aligned to audit/logging requirements.

Security monitoring SIEM and telemetry engineering (Defender / Sentinel)

• Lead integration and operational management of Microsoft Defender and Microsoft Sentinel for threat detection alerting and response across M365.

• Build and maintain SIEM integrations/connectors (e.g. M365 collaboration and identity systems) and develop ingestion pipelines (e.g. Azure Function Apps) for third-party logs.

• Tune audit retention analytic rules and alert logic to improve signal quality and investigation readiness.

Incident response & operational support / collaboration

• Provide Tier 3 troubleshooting for device compliance failures identity/access incidents telemetry gaps and OS/app protection issues.

• Partner with cross-functional teams to align security solutions with business objectives deliver technical leadership and support enterprise syncs and operational reviews.

Continuous improvement & innovation

• Stay current on M365 security/compliance updates industry trends and emerging capabilities; drive improvements to security posture and operational efficiency (including use of GCC Copilot where appropriate).

Platform Scope / Tooling Microsoft 365 (GCC) Microsoft Purview (DLP/labels/classification/retention) Exchange Online Entra ID & Conditional Access Microsoft Intune Microsoft Defender Microsoft Sentinel Azure (Function Apps / Log Analytics) plus integrations with collaboration/IT systems (e.g. ticketing and SaaS log sources).

Day in the Life

Morning

• Review Sentinel incidents Defender telemetry gaps and compliance drift.

• Respond to overnight CAP failures Slack EMM issues or OS update regressions.

• Join device/enterprise standups.

Midday

• Build/test remediation scripts (CVE fixes NTLM disablement compliance corrections).

• Deploy or test Intune configuration profiles ESP changes or app protection updates.

• Troubleshoot support cases with Microsoft (Purview DSPM Copilot logs Okta connector).

Afternoon

• Conduct cross-team investigations (external-user access anomalies Teams meeting forensics).

• Validate CAP behaviors across platforms using test devices.

• Work on ATO evidence packages and documentation.

End of Day

• Update Jira tasks Confluence documentation and CR submissions.

• Send status updates on active investigations mitigations and test results.

Required Qualifications

Technical Skills

• Expert-level Intune engineering across Windows/macOS/iOS/iPadOS.

• Advanced PowerShell for remediation automation and OS image manipulation.

• Deep experience with Microsoft Defender (XDR Endpoint Cloud Apps).

• Hands-on with Sentinel SIEM Function Apps and cross-platform telemetry pipelines.

• Strong understanding of CAP architecture and identity risk enforcement.

• Experience with ATO control evidence compliance mapping and audit support.

Soft Skills

• Growth mindset and willingness to learn emerging security domains.

• Strong cross-team collaboration (Cyber Ops EA ICAM Comms).

• Excellent communicationclear summaries user-impact translation and documentation.

• High reliability ownership and situational awareness during high-severity events.

Preferred Qualifications

• Prior experience in federal security high-compliance or highassurance environments.

• Experience with Jamf Okta connectors Copilot audit logging Graph API operations.

• Experience with mSCP baseline engineering and macOS security hardening.

• Prior involvement in enterprise-wide Conditional Access enforcement.

If youre looking for comfort keep scrolling. At Leidos we outthink outbuild and outpace the status quo because the mission demands it. Were not hiring followers. Were recruiting the ones who disrupt provoke and refuse to fail. Step 10 is ancient history. Were already at step 30 and moving faster than anyone else dares.

Original Posting:

Pay Range:

The Leidos pay range for this job level is a general guideline onlyand not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job education experience knowledge skills and abilities as well as internal equity alignment with market data applicable bargaining agreement (if any) or other law.