Consultant, Cybersecurity

JOB DESCRIPTION OVERVIEW
CREO Consultants lead and deliver complex, security-focused engagements across Microsoft cloud and endpoint ecosystems. You will serve as a trusted advisor to client executives and technical teams, owning outcomes from scoping and solution design through execution, reporting, and remediation guidance. This role is ideal for a hands-on practitioner who can both architect and build, with strength in Identity & Access Management (IAM), Microsoft Azure/M365 security, and automation using PowerShell. Consultants work autonomously, mentor analysts, and contribute to proposals, statements of work (SOWs), and reusable delivery accelerators.

POSITION RESPONSIBILITIES

• Vulnerability & Framework Assessment Responsibilities

• Schedule, run, and interpret vulnerability scans using tools like Tenable or Qualys
• Track and report on remediation progress in collaboration with client IT teams
• Assist with readiness assessments for SOC 2, ISO 27001, and NIST CSF
• Map client controls to framework requirements and identify gaps
• Client Leadership & Delivery

• Own end-to-end delivery for security engagements (e.g., M365 hardening, Sentinel deployments, MDR onboarding, external/internal assessments).
• Translate business risk into technical requirements; create architectures, roadmaps, and prioritized remediation plans.
• Facilitate client workshops, runbooks, and executive readouts; produce clear, actionable deliverables and presentations.
• Coordinate cross-functional teams; track scope, risks, issues, and dependencies; ensure on-time, on-budget delivery.
• Identity & Access Management

• Design and implement secure identity architectures in Microsoft Entra ID (Azure AD), including tenant configuration baselines.
• Engineer Conditional Access policies, MFA, passwordless, risk-based access (Identity Protection), and step-up authentication.
• Establish role-based access control (RBAC), Privileged Identity Management (PIM), Just-In-Time (JIT) access, and access reviews.
• Build joiner/mover/leaver lifecycle processes; integrate HRIS/IDaaS; govern external/guest access and B2B collaboration.
• Harden identities for hybrid environments (Entra Connect/Cloud Sync), legacy protocols, service principals, and workload identities.
• Microsoft Cloud Security (Azure & M365)

• Deploy and tune Microsoft Sentinel (data connectors, analytics rules, UEBA, workbooks, automation rules, hunting queries).
• Implement Defender for Cloud and Microsoft 365 Defender (Endpoint, Identity, Office 365, Cloud Apps) with secure configurations.
• Design secure landing zones (network segmentation, Private Link, Key Vault, managed identities, logging/monitoring).
• Apply Zero Trust principles across identity, device, network, apps, and data; document security baselines and exceptions.
• Integrate third-party controls (e.g., CrowdStrike) with Microsoft security for holistic detection and response.
• Engineering & Automation (Powershell/Devops)

• Develop robust PowerShell tooling and modules to automate Entra ID, Exchange Online, Defender, Intune, and Graph API workflows.
• Create automation runbooks (e.g., Azure Automation, Functions) for repetitive administrative and incident response tasks.
• Use KQL for analytics and threat hunting; build reusable dashboards and reports.
• Follow secure coding standards, version control (Git), and CI/CD practices for infrastructure-as-code where applicable.
• Detection, Response & Vulnerability Management

• Triage and investigate alerts; lead incident response playbooks, root-cause analysis, and containment/remediation guidance.
• Correlate telemetry across Sentinel, Microsoft 365 Defender, and endpoint tools; develop custom detections and enrichments.
• Coordinate vulnerability scanning/validation and remediation with client teams; communicate risk and business impact.
• Prepare client-ready IT deliverables.

• Help design visually compelling and insightful IT presentations and reports, translating complex technical data into clear, actionable insights for clients
• Your deliverables will include detailed technical documentation, spreadsheets, IT models, PowerPoint decks, and status reports, all designed to communicate intricate information in an accessible and professional manner
• Collate data from vulnerability scans and penetration tests to create client deliverables
  

• Collect data for analysis of business problems.
  • Assist in gathering, organizing, and analyzing data to address business challenges from an IT perspective
  • Work with clients to understand their technical requirements, conducting research, and synthesizing information to inform technology-related recommendations
  • Build Excel models to analyze IT-related data, such as system performance metrics, cost reduction, network optimization, and user engagement
  • Conduct vendor interviews, create IT-related surveys, and develop reports that provide valuable insights for client decision-making
    
• Record information and disperse it to those who need it

• Play a critical role in recording and summarizing technical discussions during internal and client meetings
• Help capture essential IT-related details, ensuring that all important information is documented accurately and distributed to relevant stakeholders
• Effective communication, both written and verbal, will be key in keeping the project team aligned, ensuring technical solutions are clearly communicated, and tracking action items and project progress
• Governance, Risk & Compliance (GRC)

• Map controls to frameworks (NIST CSF/800-53, ISO 27001, SOC 2); document policies/standards and exceptions.
• Support audit readiness and evidence collection; drive continuous improvement with measurable KPIs.
• Knowledge Sharing & Practice Development

• Mentor analysts; perform peer reviews; contribute playbooks, templates, and accelerators.
• Assist pre-sales with scoping, level-of-effort, and solution narratives; participate in client demos and POCs.
• Maintain high level of billable time
• Annual billable utilization target: 1,700 hours

• 6+ years in cybersecurity with significant client-facing consulting experience.
• Deep Microsoft 365 administration and security configuration experience.
• Advanced PowerShell scripting (module development, Graph API, REST), automation runbooks, and CLI tooling.
• Hands-on IAM engineering: Conditional Access, MFA/passwordless, PIM/JIT, RBAC, access reviews, lifecycle (joiner/mover/leaver).
• Azure and Microsoft security engineering: Sentinel, Defender for Cloud, Microsoft 365 Defender, secure landing zones, logging/monitoring.
• Strong analytical and communication skills; ability to translate technical risk for executives and practitioners.
• Bachelor’s degree in a relevant field or equivalent experience.
• This role is open to remote candidates; however, preference will be given to those located in Durham, NC.

• Microsoft Certified: Identity and Access Administrator Associate (SC-300).
• Microsoft Certified: Azure Security Engineer Associate (AZ-500).
• Strongly preferred: Cybersecurity Architect Expert (SC-100); Security Operations Analyst Associate (SC-200).

• Experience integrating CrowdStrike Falcon with Microsoft security tools.
• Experience with Infrastructure-as-Code (Bicep/Terraform) and policy (Azure Policy, Defender for Cloud).
• Scripting beyond PowerShell (e.g., Python) for data analysis and automation.
• Experience with data protection and compliance controls (DLP, Purview).

Please note: This application may be reviewed in part by automated systems to help identify qualified candidates.

RYZT7xi6cS