M365 Security Expert

Company Description

For over 40 years, LGI has built software that healthcare organizations depend on. AI is now at the heart of that work — not as a destination, but as the engine behind our next generation of mission-critical solutions and our enduring mission: helping healthcare organizations perform at their best. 

We're looking for exceptional people who are passionate about technology, relentless in their standards, and driven to push what's possible further.  At LGI, curiosity isn't a nice-to-have, it's how we work. We're looking for talent who explore and innovate by instinct and want their work to matter beyond the codebase: shaping decisions, enhancing processes, and enabling healthcare practitioners. 

Job Description

The Microsoft 365 Security Expert (E5) is part of the Information Security team and reports to the CISO. The role is responsible for defining, implementing, operationalizing, and continuously improving the security posture of the Microsoft 365 environment (E5 licensing).

The position acts as a domain expert for M365 security and as a technical reference point for IT teams, operational security, and governance teams. The role combines security architecture, advanced configuration, operations, and continuous improvement.

Primary Mission

Ensure the protection of identities, endpoints, data, and collaborative M365 environments by applying Zero Trust principles and Microsoft best practices.

Responsibilities:

Identity and Access Security (Entra ID)

• Design and maintain advanced Conditional Access policies (MFA, risk-based access, compliant devices, session controls).
• Configure and operate Microsoft Entra ID Identity Protection (user and sign-in risk detection).
• Manage M365 RBAC roles and enforce the principle of least privilege.
• Implement and maintain Privileged Identity Management (PIM) strategies.
• Monitor and continuously improve the identity-related security posture.

Microsoft Defender XDR (E5)

• Act upstream of SOC analysis of M365-related security incidents by deploying, configuring, and operating:
  • Microsoft Defender for Endpoint
  • Defender for Office 365
  • Defender for Identity
  • Defender for Cloud Apps
• Ensure signal integration and effective use of the Defender XDR ecosystem.
• Collaborate with the SOC to optimize detection and response capabilities.

Microsoft Intune and Endpoint Security

• Define and maintain device management strategies using Microsoft Intune, including:
  • Compliance policies
  • Security configurations
  • Update management
  • Application control
• Integrate Intune with Conditional Access features to control access to M365 resources.
• Standardize secure configurations for Windows workstations and mobile devices.
• Contribute to the strategy for managing corporate devices and BYOD.

SharePoint Online and Teams Security & Governance

• Define and enforce security standards for:
  • SharePoint Online
  • Microsoft Teams
  • OneDrive
• Control external access and guest management.
• Govern permissions, external sharing, and the lifecycle of sites and teams.
• Reduce risks related to data sprawl and shadow IT.
• Implement controls aligned with collaborative use cases.

Governance, Security Posture, and Continuous Improvement

• Continuously analyze and improve the Secure Score and overall security posture.
• Translate CISO requirements into concrete technical M365 security controls.
• Document configuration and operational standards.
• Participate in the development of security policies related to M365 usage.
• Contribute to user awareness initiatives focused on collaboration and data-related risks.

Note: Microsoft Purview governance is primarily handled by another Infosec team function related to DLP. However, experience with Purview is considered an asset and may be leveraged as needed.

Qualifications

Requirements

• 3 to 7 years of experience in advanced administration and/or security of Microsoft 365.
• Strong expertise in the security components of the Microsoft 365 E5 license.
• Significant hands-on experience with Microsoft Intune.
• Solid understanding of Zero Trust principles.
• Proven ability to secure a production M365 environment.
• Ability to operate within a governed structure reporting to a CISO.
• Structured, risk-based approach with a strong focus on continuous improvement.

Assets (Nice to Have)

• Relevant certifications (MS-102, SC-300, SC-400, AZ-500, or equivalent).
• Experience in regulated environments or environments with high security requirements.
• Knowledge of security challenges related to collaboration, data, and AI within Microsoft 365.

Additional Information

Why join LGI? 

• A workplace built on trust, autonomy and collaboration 
• The opportunity to grow, perform and work alongside curious and talented colleagues 
• A continuous learning culture with dedicated training time, a renowed skills development platform and access to cutting-edge tools 
• Stimulating projects that advance healthcare technology and support the work of over 320,000 professionals, benefiting more than 6 million patients 
• A comprehensive benefits package including group insurance from day one, a group RRSP with employer contributions, 24/7 telemedicine, an employee and family assistance program, and a minimum of 3 weeks vacation per year 

At LGI Healthcare Solutions, we value diversity, equity, and inclusion. We believe that a diversity of experiences, perspectives, and backgrounds contributes to our success. We are committed to fostering an inclusive, equitable, and respectful work environment where everyone can thrive and reach their full potential. We encourage all qualified individuals to apply. 

Interested? Join Us!