Australia onlyLab3 is one of the largest Azure engineering practices in the Australasia region with a focus on Cloud & DevOps, Data, IoT & AI, Modern Workplace, Security, and Network services. We have an opportunity for a Senior Engineer with our Professional Services Team. As part of our Security Practice, the Senior Engineer is responsible for delivering the high-profile delivery of large-scale Azure security solutions within our client’s environment. You will support, uplift and drive the overall delivery of the transformation while leveraging Security solutions and unique LAB3 products to architect, build and deploy client environments. Must be based in Australia (anywhere) and have NV1 security clearance. We are open to both permanent and contract options.
The role:
- Design and deliver Azure and Microsoft cloud security solutions aligned to Microsoft best practices and Zero Trust principles.
- Deploy, operate, and continuously improve Microsoft security platforms, including Defender for Cloud (CSPM/CWPP), Sentinel (SIEM/SOAR), and Defender XDR.
- Uplift security posture through Secure Score improvement, regulatory compliance, threat detection, threat hunting, automation, and incident response.
- Engineer and support identity and access security across Active Directory and Microsoft Entra ID, including hybrid and cloud native environments.
- Design and implement identity lifecycle management (Joiner, Mover, Leaver) using Entra ID Governance, access packages, entitlement management, and access reviews.
- Implement strong and passwordless authentication strategies, including phishing resistant MFA, FIDO2, and Windows Hello for Business.
- Design and manage workload, service, and external identities (B2B, B2C, cross tenant), ensuring least privilege access and secure authentication.
- Deliver data protection capabilities using Microsoft Purview, including data classification, sensitivity labelling, and Data Loss Prevention.
- Implement endpoint security and hardening aligned to Microsoft security baselines, including Windows Defender Application Control (WDAC).
- Embed security controls into Infrastructure as Code and CI/CD pipelines, championing DevSecOps practices and automation.
- Build and maintain security automation and orchestration across cloud, identity, and security platforms.
- Contribute to solution architecture, design reviews, and reference architectures in collaboration with architects and peers.
- Provide hands on support for complex security incidents, platform optimisation, and transition to operations.
- Engage with client stakeholders to gather requirements, provide recommendations, and deliver secure, scalable solutions.
- Promote security best practices, frameworks, and value propositions across client environments and internal delivery teams.
- Provide technical leadership through mentoring, knowledge sharing, and support of engineers and consultants.
- Adhere to LAB3’s Information Security Management System (ISMS) policies and procedures.
Required tech skills:
- Microsoft Cloud & Security Platform skills
◦ Deep hands-on expertise across Microsoft Azure security services and cloud native security controls. ◦ Microsoft Defender for Cloud (CSPM & CWPP) including Secure Score optimisation, regulatory compliance, and workload protection. ◦ Azure Policy for governance, compliance enforcement, and security posture management.
- Security Operations, SIEM & XDR
◦ Microsoft Sentinel (SIEM/SOAR) including data connectors, analytics rules, KQL hunting, workbooks, automation, and Logic Apps playbooks. ◦ Microsoft Defender XDR spanning Endpoint, Identity, Office 365, and Cloud Apps. ◦ Incident investigation, response, and security operations within hybrid and cloud environments.
- Identity & Access Management
◦ Hybrid identity security across Active Directory and Microsoft Entra ID. ◦ Microsoft Entra ID Governance, including JoinerMoverLeaver processes, access packages, entitlement management, and access reviews. ◦ Microsoft Entra External ID (B2B, B2C, and cross-tenant access). ◦ Workload and service identities, including managed identities, service principals, and least privilege access models.
- Authentication & Zero Trust
◦ Passwordless and strong authentication implementations including FIDO2 security keys, Windows Hello for Business, and phishing resistant MFA. ◦ Application of Zero Trust principles across identity, device, application, and data layers.
- Data Protection & Compliance
◦ Microsoft Purview for Data Loss Prevention (DLP). ◦ Microsoft Purview for Information Protection. ◦ Data discovery and classification. ◦ Sensitivity labelling design and enforcement. ◦ Policy based data protection and compliance controls.
- Endpoint & Application Security
◦ Endpoint protection using Microsoft Defender technologies. ◦ Endpoint hardening aligned to Microsoft security baselines. ◦ Windows Defender Application Control (WDAC) policy design. ◦ Application allowlisting and execution control.
- DevSecOps, Automation & Delivery
◦ Security integration into Infrastructure as Code (IaC). ◦ Security controls embedded into CI/CD pipelines. ◦ Security automation across cloud and identity platforms. ◦ Security orchestration using native Microsoft tooling. ◦ Delivery within Agile environments (Azure DevOps, Jira). ◦ Strong technical documentation and operational runbooks.
What's in it for you?
- Become part of Australasia's largest Azure engineering practice where you can sharpen your expertise and contribute to the latest innovations in tech and services. #thinkahead
- Be part of a company that is leading the way in specialised areas and partners on high profile client projects - we are popping new logos every day! #winwithus
- Work with a 13-time Gold, 6-time Microsoft Advanced Specialisation & 5 time Microsoft Solutions Partner (including Modern Work). You only get to this level with the industry's leading tech professionals - we are proud to have some of the best. #teamup
- Thrive in a team that is always learning, always innovating and making waves on a global scale. #standout
- Be part of a supportive working environment that values inclusion, flexibility, diversity and differences. #betrue
- Work flexibly – we recognise the importance of your overall wellbeing! #Flexit!
- Ultimately, we will help you to fear less, achieve more in a fast paced, innovative and cool environment - are you ready to accept the challenge? #fearlessachievemore
