Security Operations Engineer

Security Operations Engineer

The Security Operations Engineer (SecOps Engineer) supports day-to-day security operations for our managed services and security customers, supporting customers primarily in the defense industrial base (DIB). The ideal candidate has hands-on experience managing Microsoft 365 E5 security solutions and a deep understanding of the compliance and threat landscape in regulated industries, particularly CMMC 2.0. This role directly impacts the resilience of our customers' environments—most of which require strict compliance and a zero-tolerance approach to risk—by supporting threat detection, response, vulnerability management, and security engineering efforts.

Role & Responsibilities

Microsoft365 & Cloud Security Operations

• Specify, deploy, and maintain security baselines and configurations across Microsoft 365 Defender products:
• Defender for Endpoint
• Defender for Office 365
• Defender for Cloud Apps (MCAS)
• Defender for Identity (formerly ATA)
• Microsoft Defender XDR
• Make recommendations for the adoption of Microsoft Secure Futures Initiative (SFI) six pillars:
• Identity and access
• Network and perimeter
• Data protection
• Device security
• Infrastructure security
• Threat protection
• Monitor and fine-tune data connectors, analytics rules, hunting queries, and playbooks for operations.

Compliance and Regulatory Readiness

• Design, recommend, and enforce security and compliance configurations supporting CMMC 2.0 (Levels 1–3), NIST 800-171, and DFARS requirements through collaboration with Product Development and Security Program Management groups.
• Collaborate with Security Program Management and Product Development to validate technical controls and audit readiness.

Security Incident Response

• Perform triage, escalation, and resolution lifecycle for security incidents.
• Develop, maintain, and execute Incident Response playbooks for phishing, endpoint compromise, insider threats, cloud account takeovers, etc.
• Perform root cause analysis (RCA) and support post-incident reviews (PIR).

3rd-Party SOC and Tooling Oversight

• Coordinate onboarding/offboarding and integration of new customer tenants with external SOC providers and MSSP tooling (e.g., MDR, log analysis platforms).
• Support operational alignment between internal systems and third-party security tools.

Vulnerability and Patch Management

• Support operating system and third-party software patching cycles for customer environments.
• Prioritize and remediate vulnerabilities in coordination with infrastructure teams and customer needs.
• Leverage Microsoft Defender Vulnerability Management (MDVM) and MDE APIs for continuous hygiene improvement.

Security Engineering & Automation

• Build and maintain detection, response, and reporting workflows using Power Automate, Sentinel Logic Apps, or custom scripting.
• Maintain and document secure configuration baselines for Microsoft 365 services, Azure, and Windows endpoints.

Threat Intelligence & Detection Engineering

• Monitor threat feeds and indicators relevant to the DIB sector.
• Collaborate with detection engineers to refine behavioral analytics and eliminate noise in alerts.
• Coordinate with internal and external threat intelligence analysts.

Customer Engagement & Reporting

• Participate in monthly and quarterly security review meetings with clients as needed.
• Prepare actionable security reports, incident summaries, and recommendations.
• Provide expert guidance on emerging threats, tool capabilities, and E5 feature usage.

Competencies / Skills:

• 5+ years in a Security Operations, Incident Response, or Cyber Defense role.
• Hands-on experience with Microsoft 365 E5 security stack and Microsoft Sentinel.
• Hands-on experience with NinjaONE
• Strong working knowledge of CMMC 2.0, NIST 800-171, and other compliance frameworks.
• Familiarity with MITRE ATT&CK, Kill Chain models, and threat intelligence frameworks.
• Demonstrated experience working across multiple customer tenants in a fast-paced, high-trust environment.
• Excellent communication skills, with the ability to engage effectively with stakeholders at all levels within and external to the organization, and to articulate complex technical concepts in a clear and concise manner.
• Demonstrated ability to go above and beyond to understand and serve customers' needs and in effectively managing several customers simultaneously.
• Highly collaborative–with "team" mindset, sharing ideas and supporting cross-functional colleagues; handling interactions with professionalism and integrity.
• Demonstrates a results-driven approach to IT operations, recognizing that technology support and system reliability extend beyond traditional 9-to-5 hours. High accountability for delivering results, owning mistakes and doing the right thing – always.

Preferred:

• Industry certifications preferred: GIAC, GCIH, CISSP, AZ-500, SC-200, or Microsoft Cybersecurity Architect Expert.

Where required by law, this posting includes a good-faith pay range for candidates who will perform the role in specific jurisdictions. For other locations, the actual compensation may differ. Final compensation will be determined based on qualifications, experience, skills, work location, internal equity, and current market data. This job posting is not a contract or promise of employment or any particular compensation, and any employment offer will be set out in a written offer letter.

EOE M/F/D/V

Equal Opportunity Employer This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.