Consultant, Cybersecurity
CREO, Durham, NC, United States
Job Description Overview
CREO Consultants lead and deliver complex, security-focused engagements across Microsoft cloud and endpoint ecosystems. You will serve as a trusted advisor to client executives and technical teams, owning outcomes from scoping and solution design through execution, reporting, and remediation guidance. This role is ideal for a hands‑on practitioner who can both architect and build, with strength in Identity & Access Management (IAM), Microsoft Azure/M365 security, and automation using PowerShell. Consultants work autonomously, mentor analysts, and contribute to proposals, statements of work (SOWs), and reusable delivery accelerators.
Position Responsibilities
Vulnerability & Framework Assessment Responsibilities
Schedule, run, and interpret vulnerability scans using tools like Tenable or Qualys
Track and report on remediation progress in collaboration with client IT teams
Assist with readiness assessments for SOC 2, ISO 27001, and NIST CSF
Map client controls to framework requirements and identify gaps
Client Leadership & Delivery
Own end-to-end delivery for security engagements (e.g., M365 hardening, Sentinel deployments, MDR onboarding, external/internal assessments)
Translate business risk into technical requirements; create architectures, roadmaps, and prioritized remediation plans
Facilitate client workshops, runbooks, and executive readouts; produce clear, actionable deliverables and presentations
Coordinate cross-functional teams; track scope, risks, issues, and dependencies; ensure on-time, on-budget delivery
Identity & Access Management
Design and implement secure identity architectures in Microsoft Entra ID (Azure AD), including tenant configuration baselines
Engineer Conditional Access policies, MFA, passwordless, risk-based access (Identity Protection), and step-up authentication
Establish role-based access control (RBAC), Privileged Identity Management (PIM), Just-In-Time (JIT) access, and access reviews
Build joiner/mover/leaver lifecycle processes; integrate HRIS/IDaaS; govern external/guest access and B2B collaboration
Harden identities for hybrid environments (Entra Connect/Cloud Sync), legacy protocols, service principals, and workload identities
Microsoft Cloud Security (Azure & M365)
Deploy and tune Microsoft Sentinel (data connectors, analytics rules, UEBA, workbooks, automation rules, hunting queries)
Implement Defender for Cloud and Microsoft 365 Defender (Endpoint, Identity, Office 365, Cloud Apps) with secure configurations
Design secure landing zones (network segmentation, Private Link, Key Vault, managed identities, logging/monitoring)
Apply Zero Trust principles across identity, device, network, apps, and data; document security baselines and exceptions
Integrate third-party controls (e.g., CrowdStrike) with Microsoft security for holistic detection and response
Engineering & Automation (Powershell/Devops)
Develop robust PowerShell tooling and modules to automate Entra ID, Exchange Online, Defender, Intune, and Graph API workflows
Create automation runbooks (e.g., Azure Automation, Functions) for repetitive administrative and incident response tasks
Use KQL for analytics and threat hunting; build reusable dashboards and reports
Follow secure coding standards, version control (Git), and CI/CD practices for infrastructure-as-code where applicable
Detection, Response & Vulnerability Management
Triage and investigate alerts; lead incident response playbooks, root-cause analysis, containment/remediation guidance
Correlate telemetry across Sentinel, Microsoft 365 Defender, and endpoint tools; develop custom detections and enrichments
Coordinate vulnerability scanning/validation and remediation with client teams; communicate risk and business impact
Prepare client-ready IT deliverables
Help design visually compelling and insightful IT presentations and reports, translating complex technical data into clear, actionable insights for clients
Your deliverables will include detailed technical documentation, spreadsheets, IT models, PowerPoint decks, and status reports, all designed to communicate intricate information in an accessible and professional manner
Collate data from vulnerability scans and penetration tests to create client deliverables
Collect data for analysis of business problems
Assist in gathering, organizing, and analyzing data to address business challenges from an IT perspective
Work with clients to understand their technical requirements, conducting research, and synthesizing information to inform technology-related recommendations
Build Excel models to analyze IT-related data, such as system performance metrics, cost reduction, network optimization, and user engagement
Conduct vendor interviews, create IT-related surveys, and develop reports that provide valuable insights for client decision-making
Record information and disperse it to those who need it
Play a critical role in recording and summarizing technical discussions during internal and client meetings
Help capture essential IT-related details, ensuring that all important information documented accurately and distributed to relevant stakeholders
Effective communication, both written and verbal, will be key in keeping the project team aligned, ensuring technical solutions are clearly communicated, and tracking action items and project progress
Governance, Risk & Compliance (GRC)
Map controls to frameworks (NIST CSF/800-53, ISO 27001, SOC 2); document policies/standards and exceptions
Support audit readiness and evidence collection; drive continuous improvement with measurable KPIs
Knowledge Sharing & Practice Development
Mentor analysts; perform peer reviews; contribute playbooks, templates, and accelerators
Assist pre-sales with scoping, level-of-effort, and solution narratives; participate in client demos and POCs
Maintain high level of billable time
Annual billable utilization target: 1,700 hours
Required Qualifications, Skills, and Experience
6+ years in cybersecurity with significant client-facing consulting experience
Deep Microsoft 365 administration and security configuration experience
Advanced PowerShell scripting (module development, Graph API, REST), automation runbooks, and CLI tooling
Hands‑on IAM engineering: Conditional Access, MFA/passwordless, PIM/JIT, RBAC, access reviews, lifecycle (joiner/mover/leaver)
Azure and Microsoft security engineering: Sentinel, Defender for Cloud, Microsoft 365 Defender, secure landing zones, logging/monitoring
Strong analytical and communication skills; ability to translate technical risk for executives and practitioners
Bachelor’s degree in a relevant field or equivalent experience
This role is open to remote candidates; however, preference will be given to those located in Durham, NC
Certifications (Required or within 6 months)
Microsoft Certified: Identity and Access Administrator Associate (SC-300)
Microsoft Certified: Azure Security Engineer Associate (AZ-500)
Strongly preferred: Cybersecurity Architect Expert (SC-100); Security Operations Analyst Associate (SC-200)
Additional Desired, but Not Required
Experience integrating CrowdStrike Falcon with Microsoft security tools
Experience with Infrastructure-as-Code (Bicep/Terraform) and policy (Azure Policy, Defender for Cloud)
Scripting beyond PowerShell (e.g., Python) for data analysis and automation
Experience with data protection and compliance controls (DLP, Purview)
#J-18808-Ljbffr
Position Responsibilities
Vulnerability & Framework Assessment Responsibilities
Schedule, run, and interpret vulnerability scans using tools like Tenable or Qualys
Track and report on remediation progress in collaboration with client IT teams
Assist with readiness assessments for SOC 2, ISO 27001, and NIST CSF
Map client controls to framework requirements and identify gaps
Client Leadership & Delivery
Own end-to-end delivery for security engagements (e.g., M365 hardening, Sentinel deployments, MDR onboarding, external/internal assessments)
Translate business risk into technical requirements; create architectures, roadmaps, and prioritized remediation plans
Facilitate client workshops, runbooks, and executive readouts; produce clear, actionable deliverables and presentations
Coordinate cross-functional teams; track scope, risks, issues, and dependencies; ensure on-time, on-budget delivery
Identity & Access Management
Design and implement secure identity architectures in Microsoft Entra ID (Azure AD), including tenant configuration baselines
Engineer Conditional Access policies, MFA, passwordless, risk-based access (Identity Protection), and step-up authentication
Establish role-based access control (RBAC), Privileged Identity Management (PIM), Just-In-Time (JIT) access, and access reviews
Build joiner/mover/leaver lifecycle processes; integrate HRIS/IDaaS; govern external/guest access and B2B collaboration
Harden identities for hybrid environments (Entra Connect/Cloud Sync), legacy protocols, service principals, and workload identities
Microsoft Cloud Security (Azure & M365)
Deploy and tune Microsoft Sentinel (data connectors, analytics rules, UEBA, workbooks, automation rules, hunting queries)
Implement Defender for Cloud and Microsoft 365 Defender (Endpoint, Identity, Office 365, Cloud Apps) with secure configurations
Design secure landing zones (network segmentation, Private Link, Key Vault, managed identities, logging/monitoring)
Apply Zero Trust principles across identity, device, network, apps, and data; document security baselines and exceptions
Integrate third-party controls (e.g., CrowdStrike) with Microsoft security for holistic detection and response
Engineering & Automation (Powershell/Devops)
Develop robust PowerShell tooling and modules to automate Entra ID, Exchange Online, Defender, Intune, and Graph API workflows
Create automation runbooks (e.g., Azure Automation, Functions) for repetitive administrative and incident response tasks
Use KQL for analytics and threat hunting; build reusable dashboards and reports
Follow secure coding standards, version control (Git), and CI/CD practices for infrastructure-as-code where applicable
Detection, Response & Vulnerability Management
Triage and investigate alerts; lead incident response playbooks, root-cause analysis, containment/remediation guidance
Correlate telemetry across Sentinel, Microsoft 365 Defender, and endpoint tools; develop custom detections and enrichments
Coordinate vulnerability scanning/validation and remediation with client teams; communicate risk and business impact
Prepare client-ready IT deliverables
Help design visually compelling and insightful IT presentations and reports, translating complex technical data into clear, actionable insights for clients
Your deliverables will include detailed technical documentation, spreadsheets, IT models, PowerPoint decks, and status reports, all designed to communicate intricate information in an accessible and professional manner
Collate data from vulnerability scans and penetration tests to create client deliverables
Collect data for analysis of business problems
Assist in gathering, organizing, and analyzing data to address business challenges from an IT perspective
Work with clients to understand their technical requirements, conducting research, and synthesizing information to inform technology-related recommendations
Build Excel models to analyze IT-related data, such as system performance metrics, cost reduction, network optimization, and user engagement
Conduct vendor interviews, create IT-related surveys, and develop reports that provide valuable insights for client decision-making
Record information and disperse it to those who need it
Play a critical role in recording and summarizing technical discussions during internal and client meetings
Help capture essential IT-related details, ensuring that all important information documented accurately and distributed to relevant stakeholders
Effective communication, both written and verbal, will be key in keeping the project team aligned, ensuring technical solutions are clearly communicated, and tracking action items and project progress
Governance, Risk & Compliance (GRC)
Map controls to frameworks (NIST CSF/800-53, ISO 27001, SOC 2); document policies/standards and exceptions
Support audit readiness and evidence collection; drive continuous improvement with measurable KPIs
Knowledge Sharing & Practice Development
Mentor analysts; perform peer reviews; contribute playbooks, templates, and accelerators
Assist pre-sales with scoping, level-of-effort, and solution narratives; participate in client demos and POCs
Maintain high level of billable time
Annual billable utilization target: 1,700 hours
Required Qualifications, Skills, and Experience
6+ years in cybersecurity with significant client-facing consulting experience
Deep Microsoft 365 administration and security configuration experience
Advanced PowerShell scripting (module development, Graph API, REST), automation runbooks, and CLI tooling
Hands‑on IAM engineering: Conditional Access, MFA/passwordless, PIM/JIT, RBAC, access reviews, lifecycle (joiner/mover/leaver)
Azure and Microsoft security engineering: Sentinel, Defender for Cloud, Microsoft 365 Defender, secure landing zones, logging/monitoring
Strong analytical and communication skills; ability to translate technical risk for executives and practitioners
Bachelor’s degree in a relevant field or equivalent experience
This role is open to remote candidates; however, preference will be given to those located in Durham, NC
Certifications (Required or within 6 months)
Microsoft Certified: Identity and Access Administrator Associate (SC-300)
Microsoft Certified: Azure Security Engineer Associate (AZ-500)
Strongly preferred: Cybersecurity Architect Expert (SC-100); Security Operations Analyst Associate (SC-200)
Additional Desired, but Not Required
Experience integrating CrowdStrike Falcon with Microsoft security tools
Experience with Infrastructure-as-Code (Bicep/Terraform) and policy (Azure Policy, Defender for Cloud)
Scripting beyond PowerShell (e.g., Python) for data analysis and automation
Experience with data protection and compliance controls (DLP, Purview)
#J-18808-Ljbffr