Compliance Security and Microsoft Cloud Analyst

Job Description

Eccalon is seeking a Compliance Security and Microsoft Cloud Analyst position that will play a critical role in both Cyber Compliance Operations and Cloud Security Engineering. This is a long-term career opportunity ideal for individuals who want to grow both their compliance knowledge and hands-on Microsoft Cloud Security engineering expertise.

The selected candidate will help drive cybersecurity compliance initiatives aligned with Department of Defense (DoD) frameworks (NIST 800-53, NIST 800-171/172, FedRAMP and CMMC L1/L2/L3), while also designing, configuring, and implementing Microsoft Azure Government and M365 GCC High security controls across client environments.

This position offers the ability to advance technical engineering skills, earn high-level security certifications, and grow into a leadership track in cloud security and compliance operations.

Responsibilities

• Cloud Security Engineering (Azure Gov and M365 GCC High)
  • Assist in designing, configuring, and implementing Microsoft Azure Government and M365 GCC High security controls.
  • Support Azure Gov resource hardening, including Virtual Machines, Key Vaults, Storage Accounts, Defender for Cloud, Sentinel, Azure Policies, and Conditional Access.
  • Assist with Microsoft 365 GCC High Security & Compliance Center configurations, including DLP, Sensitivity Labels, Insider Risk, and Compliance Manager setup for CMMC and NIST alignment.
  • Configure and monitor Azure Sentinel Workbooks, Cloud Security Posture Management (CSPM), Defender for Endpoint (Gov), and Defender for Identity integrations.
  • Conduct Microsoft Secure Score reviews and remediation within GCC High and Azure Gov environments.
  • Assist in developing automated security monitoring dashboards and reporting using Azure Monitor, Microsoft Sentinel GCC High.
  • Support Azure network security hardening, including NSGs, ASGs, Private Endpoints, and Firewall rules.
  • Help develop and document Zero Trust Architecture alignment using Microsoft Cloud-native tools.

• Cyber Compliance Operations
  • ???????Research, identify, and map NIST and DoD cybersecurity controls (NIST 800-53, 800-171/172, FedRAMP (M) and CMMC) to Microsoft Cloud implementations and On-premises environments.
  • Assist with System Security Plan (SSP), Policies, Procedures, and Plan of Action & Milestones (POA&M) documentation for client environments.
  • Support control gap analysis, evidence collection, and audit preparation for DoD contractor compliance.
  • Conduct security control validation testing (manual and automated), for both on-premises and cloudbased systems.
  • Document and report on control effectiveness, remediation plans, and risk mitigation actions.
  • Assist with preparing security architecture diagrams showing how Microsoft Cloud services map to compliance controls.
  • Support client teams during external CMMC, NIST, or DFARS audits and assessments.
  • Help draft and revise Policies, Standards, and Procedures (PSPs) to align with DoD cybersecurity requirements.

Required Qualifications

• Bachelor’s in Cybersecurity, Cyber Defense or equivalencies.
• Strong understanding of Microsoft Azure Government (IaaS/PaaS/SaaS) security configurations.
• Hands-on experience with Microsoft 365 GCC High security and compliance solutions.
• Familiar with Microsoft Defender XDR stack (Defender for Endpoint, Identity, Office 365, Cloud Apps) for GCC High.
• Working knowledge of Azure AD/Entra ID security policies, Role-Based Access Control (RBAC), and Privileged Identity Management (PIM).
• Experience with Azure Sentinel deployment and use case creation.
• Familiarity with Azure Policy, Blueprints, and Resource Locks for governance and compliance.
• Experience in NIST 800-53, 800-171, 800-172, FedRAMP (M) and CMMC L1/L2/L3 control frameworks.
• Proficient in security documentation writing for Policies, Standards, System Security Plans, and POA&Ms.
• Proficient in network security concepts, firewall rule sets, and enterprise network topology diagrams.
• Critical Thinking and Problem Solving
• Strong Verbal and Written Communication
• Professional and Technical Writing
• Collaboration and Teamwork
• Multitasking and Task Prioritization
• Adaptability and Initiative
• Knowledge of Assessment and Audit Management Processes

Preferred Qualifications

• Master’s degree in information assurance and cyber security.
• Strong knowledge of Microsoft Security Best Practices for Cloud (Azure Gov, M365 GCC High).
• Ability to interpret DoD contract security clauses (DFARS, CMMC, NIST requirements) and apply them to cloud environments.
• Familiarity with Microsoft Compliance Manager and Secure Score tools in GCC High.
• Exposure to Defender for Cloud recommendations, regulatory compliance dashboards, and Microsoft Sentinel analytics rules.
• Proficient in evaluating data protection (at rest, in transit, and in use) in both cloud and on-premises environments.
• Ability to conduct technical research and compliance gap analysis, followed by Microsoft technologyspecific security remediation steps.

• Certifications (Preferred or obtainable within the first 12 months):
  • Microsoft Certified: Azure Security Engineer Associate
    • AZ 500
  • Microsoft Certified: Cybersecurity Architect Expert
    • SC 100
  • Microsoft Certified: Information Protection and Compliance Administrator Associate
    • SC 401
  • Microsoft Cloud Administration (others):
    • SC 900 or
    • SC 200 or
    • SC 300 or
• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)

Behavioral Skills:

• Servant Leadership Mindset: Proactively supports the team and organizational mission

• Detail-Oriented: Consistently delivers thorough and accurate work
• Team-Oriented: Works collaboratively across departments and client teams
• Self-Motivated: Able to work independently and seek guidance when needed
• Organized and Decisive: Able to manage multiple priorities with efficiency
• Interpersonal Effectiveness: Builds strong, positive, and professional relationships