Security Operations Engineer

TheâSecurity Operations Engineer (SecOps Engineer) supports day-to-day security operations for our managedâservices and securityâcustomers supporting customersâprimarilyâin the defense industrial base (DIB). The ideal candidate has hands-on experience managing Microsoft 365 E5 security solutions and a deep understanding of the compliance and threat landscape in regulated industries particularly CMMC 2.0.ââThisârole directlyâimpactsâthe resilience of our customersâenvironmentsmost of which require strict compliance and a zero-tolerance approach to riskby supporting threat detection response vulnerability management and security engineering efforts.

Role &Responsibilities:

Microsoft365 & Cloud Security Operations

• Specify deploy and maintain security baselines and configurations across Microsoft 365 Defender products:â

• Defender for Endpointâ
• Defender for Office 365â
• Defender for Cloud Apps (MCAS)â
• Defender for Identity (formerly ATA)â
• Microsoft Defender XDRâ

• Make recommendations for the adoption of Microsoft Secure Futures Initiative (SFI) six pillars:â

• Identity and accessâ
• Network and perimeterâ
• Data protectionâ
• Device securityâ
• Infrastructure securityâ
• Threat protectionâ

• Monitor and fine-tune data connectors analytics rules hunting queries and playbooksâfor operations.â

Compliance and Regulatory Readiness

• Design recommend and enforce security and compliance configurations supporting CMMC 2.0 (Levels 13) NIST 800-171 and DFARS requirementsâthrough collaboration with Product Development and Security Program Management groups.â

• Collaborate withâSecurity Program Management and Product Developmentâtoâvalidateâtechnical controls and audit readiness.â

Security Incident Response

• Performtriage escalation and resolution lifecycle for security incidents.â
• Developâmaintain and execute Incident Response playbooks for phishing endpoint compromise insider threats cloud account takeovers etc.â
• Perform root cause analysis (RCA) and support post-incident reviews (PIR).â

3rd-Party SOC and Tooling Oversight

• Coordinate onboarding/offboarding and integration of new customer tenants with external SOC providers and MSSP tooling (e.g. MDR log analysis platforms).â
• Support operational alignment between internal systems and third-party security tools.

Vulnerability and Patch Management

• Support operating system and third-party software patching cycles for customer environments.â
• Prioritize and remediate vulnerabilities in coordination with infrastructure teams and customerâneeds.â
• Leverage Microsoft Defender Vulnerability Management (MDVM) and MDE APIs for continuous hygiene improvement.â

Security Engineering & Automation

• Build and maintain detection response and reporting workflows using Power Automate Sentinel Logic Apps or custom scripting.â
• Maintain and document secure configuration baselines for Microsoft 365 services Azure and Windows endpoints.â

Threat Intelligence & Detection Engineering

• Monitor threat feeds and indicators relevant to the DIB sector.â
• Collaborate with detection engineers to refine behavioral analytics andâeliminateânoise in alerts.â
• Coordinate with internal and external threat intelligence analysts.â

Customer Engagement & Reporting

• Participate in monthly and quarterly security review meetings with clients as needed.
• Prepare actionable security reports incident summaries and recommendations.â
• Provideâexpert guidance on emerging threats tool capabilities and E5 feature usage.â

Competencies / Skills:

• 5 years in a Security Operations Incident Response or Cyber Defense role.â

• Hands-on experience with Microsoft 365 E5 security stack and Microsoft Sentinel.â

• Hands-on experience withNinjaONE

• Strong working knowledge of CMMC 2.0 NIST 800-171 and other compliance frameworks.â

• Familiarity with MITRE ATT&CK Kill Chain models and threat intelligence frameworks.
• Demonstrated experience working across multiple customer tenants in a fast-paced high-trust environment.â

• Excellent communication skills with the ability to engage effectively with stakeholders at all levels within and external to the organization and to articulate complex technical concepts in a clear and concise manner.
• Demonstrated ability to go above and beyond to understand and serve customers needs and in effectively managing several customers simultaneously.
• Highly collaborativewith team mindset sharing ideas and supporting cross-functional colleagues; handling interactions with professionalism and integrity.
• Demonstrates a resultsâdriven approach to IT operations recognizing that technology support and system reliability extend beyond traditional 9âtoâ5 hours. High accountability for delivering results owning mistakes and doing the right thing always.

Preferred:

• Industry certifications preferred:âGIAC GCIH CISSP AZ-500 SC-200 or Microsoft Cybersecurity Architect Expert.â

Where required by law this posting includes a goodâfaith pay range for candidates who will perform the role in specific jurisdictions. For other locations the actual compensation may differ. Final compensation will be determined based on qualifications experience skills work location internal equity and current market data. This job posting is not a contract or promise of employment or any particular compensation and any employment offer will be set out in a written offer letter.

EOE M/F/D/V

Required Experience:

IC