Manager, Cyber Security Operations

About The Position

Requirements

• 5+ years in a Security Operations, Incident Response, or Cyber Defense role.
• 2+ years managing security operations in an MSP or MSSP environment.
• Hands-on experience with Microsoft 365 E5 security stack and Microsoft Sentinel.
• Hands-on experience with ninjaOne
• Strong working knowledge of CMMC 2.0, NIST 800-171, and other compliance frameworks.
• Familiarity with MITRE ATT&CK, Kill Chain models, and threat intelligence frameworks.
• Strong leadership and vendor management skills.

Nice To Haves

• Industry certifications preferred: GIAC, GCIH, CISSP, AZ-500, SC-200, or Microsoft Cybersecurity Architect Expert.
• Strong communicator who can translate technical concepts for executive and non-technical audiences.
• Operationally minded, but capable of big-picture strategy.
• Calm under pressure, especially during high-stakes incident response scenarios.
• Comfortable working across multiple customer tenants in a fast-paced, high-trust environment.

Responsibilities

• Specify, deploy, and manage security baselines and configurations across Microsoft 365 Defender products
• Make recommendations for the adoption of Microsoft Secure Futures Initiative (SFI) six pillars
• Monitor and fine-tune data connectors, analytics rules, hunting queries, and playbooks for operations.
• Design, recommend, and enforce security and compliance configurations supporting CMMC 2.0 (Levels 1–3), NIST 800-171, and DFARS requirements through collaboration with Product Development and Security Program Management groups.
• Collaborate with Security Program Management and Product Development to validate technical controls and audit readiness.
• Own the triage, escalation, and resolution lifecycle for security incidents.
• Develop, maintain, and execute Incident Response playbooks for phishing, endpoint compromise, insider threats, cloud account takeovers, etc.
• Lead root cause analysis (RCA) and post-incident reviews (PIR).
• Manage relationships and service delivery from external SOC providers and MSSP tools (e.g., MDR, log analysis platforms).
• Coordinate onboarding/offboarding and integration of new customer tenants with SOC partners.
• Oversee operating system and third-party software patching cycles for customer environments.
• Prioritize and manage vulnerability remediation in coordination with infrastructure teams and customer needs.
• Leverage Microsoft Defender Vulnerability Management (MDVM) and MDE APIs for continuous hygiene improvement.
• Lead efforts to automate detection, response, and reporting workflows using Power Automate, Sentinel Logic Apps, or custom scripting.
• Maintain and document secure configuration baselines for Microsoft 365 services, Azure, and Windows endpoints.
• Monitor threat feeds and indicators relevant to the DIB sector.
• Collaborate with detection engineers to refine behavioral analytics and eliminate noise in alerts.
• Coordinate with internal and external threat intelligence analysts.
• Participate in monthly and quarterly security review meetings with clients (or as necessary to support Security Program Management).
• Prepare actionable security reports, incident summaries, and recommendations.
• Provide expert guidance on emerging threats, tool capabilities, and E5 feature usage.