Protection & Controls Engineer Jobs in Connecticut

Why AIS?

When you join AIS, you're joining a mission-driven team that's passionate about making a difference. You'll work on projects that matter, alongside industry-leading experts, in an environment that fosters innovation, driving client success, and empowering our team to make a lasting impact. As an employee-owned company, we value collaboration, inclusivity, continuous growth, and shared success.

• Employee Ownership: Your contributions directly impact the company's success, and you share in its achievements.

• Continuous Learning: Access to resources, training, and mentorship to support your professional growth.

• Inclusive Culture: A workplace where diversity is celebrated, and everyone's voice is valued.

• Mission-Driven Work: Engage in projects that make a meaningful difference for our clients and communities.

What are we looking for?

At AIS, we're looking for more than just skills - we're looking for driven individuals who are passionate about making a difference, eager to grow, and aligned with our core principles.

Working@AIS
At AIS, we are dedicated to providing our employees with diverse opportunities to grow their careers while supporting a variety of impactful projects. For this position, we are seeking a talented individual to join AIS as a Lead Infrastructure Engineer.

• Core Knowledge & Skills: Aligns infrastructure strategy to business goals, leads large projects, applies compliance frameworks, designs high availability/disaster recovery and performance optimization patterns, and shapes deployment pipeline design.

• Work & Complexity: Directs cross-team programs, performs advanced tuning, implements high availability/failover architectures, leads audits, plans growth, and manages budgets.

• Quality & Independence: Delivers high-quality outcomes, sets team standards, introduces innovative solutions, and makes high-impact decisions.

• Teamwork & Communication: Leads the engineering team, develops talent, resolves conflicts, and communicates effectively with senior leadership and stakeholders.

• Consulting & Engagement: Provides high-level consulting to leadership, builds roadmaps, negotiates vendor contracts, and sponsors innovation initiatives.

As your initial project assignment, you will support the unique needs of our client as a Senior Microsoft Cloud Engineer - Data Sharing & B2B. Project Summary

AIS is seeking a Senior Microsoft Cloud Engineer to lead the design, implementation, and ongoing optimization of secure external collaboration capabilities across the Microsoft cloud ecosystem. This role is responsible for configuring and maintaining Azure B2B / Microsoft Entra External ID connections, implementing identity and data protection controls in Microsoft Entra and Microsoft Purview, designing secure access patterns for SharePoint-based extranets, and defining enterprise security controls for encrypted email, Conditional Access, Power Platform solutions, and Power BI content.

Key Responsibilities

• Design, configure, andmaintainMicrosoft Entra B2B collaboration and cross-tenant access settings to support secure partner and guest access to enterprise applications, collaboration workloads, and external-facing business solutions.

• Engineer and administer external identity controls including invitation workflows, trust settings, guest lifecycle processes, access reviews support, and secure onboarding/offboarding patterns for third-party users.

• Design and implement security architecture for external access to SharePoint extranets, including authentication patterns, authorization boundaries,siteand content protection models, sharing restrictions, and monitoring requirements.

• Define and implement Microsoft Purview Information Protection controls including sensitivity labels, encryption, data handling rules, and integration points with DLP and collaboration workloads.

• Design and implement Microsoft Purview Message Encryption and related encrypted mail protections for secure communication with external recipients, including policy-based encryption use cases and operational support models.

• Design, test, and tune Conditional Access policies to govern external access based on user, device, application, session, location, risk, and authentication context, using phased rollout and validation practices.

• Build secure access patterns for Power Platform applications, flows, and connectors through environment strategy, role design, data policies, connector governance, and identity controls.

• Define and implement security controls for Power BI reports, dashboards, semantic models, workspaces, sharing models, and external consumption scenarios.

• Partner with security, compliance, messaging, collaboration, and application teams to translate policy and regulatory requirements into enforceable cloud controls.

• Produce architecture diagrams, standards, control narratives, engineering runbooks, and operational procedures for steady-state support.

Required For This Opportunity

• 8+ years of experience in Microsoft cloud engineering, with substantial hands-on responsibility for Microsoft 365, Azure, and enterprise security controls.

• 4+ years of direct experience designing and administering Microsoft Entra ID / Azure AD identity and access solutions.

• Deep experience with Microsoft Entra External ID / B2B collaboration, cross-tenant access, external collaboration settings, guest access governance, and secure partner access models.

• Strong experience implementing Microsoft Purview Information Protection capabilities, including sensitivity labels, encryption, and data protection policy integration.

• Strong experience designing Microsoft Purview Message Encryption / OME solutions for secure external email exchange.

• Proven experience designing and deploying Conditional Access policies in enterprise environments, including policy testing, exception handling, and access hardening.

• Experience securing SharePoint Online sites and extranets for external access, including site permissions, sharing models, and information protection considerations.

• Experience implementing governance and security controls for Power Platform, including environment strategy, roles, and data policies.

• Experience securing Power BI platforms, including workspace governance, dataset security, sharing controls, and report access design.

Nice to Have Skills

• Experience in highly regulated environments such as defense, government, healthcare, financial services, or other compliance-driven enterprises.

• Experience supporting security assessments, accreditation packages, or control inheritance models.

• Familiarity with Microsoft Defender, audit logging, insider risk considerations, andmonitoring ofcollaboration and sharing events.

• Experience with DevOps,infrastructure ascode, or scripted administration using PowerShell, Microsoft Graph, or automation tooling.

• Microsoft certifications in areas such as Microsoft Entra, Microsoft 365 Security, Azure Security, or Purview.

At AIS, we are committed to offering competitive and fair compensation that reflects the skills, experience, and contributions of each team member. The targeted base salary range for this role is $121,000-$182,000 per year. Please note that this range is provided as a guideline and the final offer will be based on several factors, including but not limited to, skillset and competencies, level of experience, education, certifications, and location. We value transparency in our hiring process and are happy to discuss how your unique qualifications align with our compensation structure during the interview process.

Applied Information Sciences does not discriminate on the basis of race, national origin, religion, color, gender, sexual orientation, age, disability, protected veteran status, or any other basis. Employment decisions are based solely on qualifications, merit, and business needs.