SecOps Engineer

About The Position

Requirements

• A working understanding of firewalls, IDS/IPS, endpoint protection, and other core security technologies.
• The ability to look at security events and incidents and connect the dots by identifying threats, patterns, and vulnerabilities.
• Security work lives and dies in the details. Incidents need to be thoroughly investigated and properly resolved.
• You uphold our operational and security standards and have a sharp eye for where they're not being met.
• This field moves fast. You need to genuinely enjoy keeping up with new technologies, trends, and best practices.
• The ability to prioritize effectively, especially when multiple incidents or projects compete for your attention.
• Maintaining standards, managing change, and building repeatable processes are foundational to how we operate.
• Understanding of AD architecture (users, groups, computer objects) with a security focus. Experience with Group Policy design and management. Familiarity with hybrid identity environments and synchronization between on-prem AD and Azure/Entra ID. Ability to spot and fix common identity and access risks.
• Solid grasp of core networking (DHCP, DNS, routing, switching) and how it all ties into security. Familiarity with remote access technologies (SSL VPN, IPSec VPN). Understanding of segmentation, least privilege, and traffic flow analysis. Ability to troubleshoot network related security issues across layered environments.
• Strong understanding of M365 and Intune security capabilities such as device management, policy enforcement, Conditional Access, authentication methods, identity protection. Familiarity with email security, mail flow, and integration with security platforms. Ability to assess and improve security posture across Microsoft cloud environments.
• Hands-on experience with SIEM, EDR, IDS/IPS, firewalls, and vulnerability management tools. Ability to analyze alerts, investigate incidents, and track threats across platforms. Understanding of alert tuning, noise reduction, and detection and response fundamentals. Familiarity with vulnerability assessments and risk analysis. Basic understanding of cryptographic concepts and their practical applications.
• Experience with IR processes: triage, containment, investigation, and recovery. Ability to analyze complex incidents, determine root cause, and drive remediation. Understanding of the IR lifecycle and how to reduce impact while improving future response.
• We require at least 3 years of cybersecurity experience, preferably with an MSP or past MSP experience outside of cybersecurity. Life in an MSP demands deep, wide technical knowledge, and it can be overwhelming without the right foundation. We want this to be the right fit for you, not a sink-or-swim situation.

Nice To Haves

• Familiarity with platforms like Hyper-V or VMware. Understanding of how virtualized environments affect security isolation, snapshotting, and investigation workflows. Comfortable using virtualization tools for testing and validating security configurations.
• Understanding of firewall technologies, rule creation, and policy management. Ability to implement rules aligned with best practices and troubleshoot traffic to catch misconfigurations or threats.
• Understanding of public vs. private DNS architecture. Knowledge of common record types (A, CNAME, MX, SPF, DKIM, TXT) and their role in email security. Comfortable troubleshooting DNS issues using command-line and diagnostic tools.
• Working knowledge of NIST, CIS, and ISO frameworks. Familiarity with compliance driven environments and how technical controls map to regulatory requirements. Ability to support implementation and validation of controls for CMMC, HIPAA, or CJIS.
• Certifications aren't required, but they're strongly encouraged and show commitment to growth. Relevant certifications include Security+, Microsoft Security (SC-series), or similar foundational cybersecurity and cloud certifications. More advanced certs like CISSP or CCSP are a plus for experienced candidates.

Responsibilities

• Act as the escalation point for complex security incidents and investigations
• Design, implement, and optimize security tools and platforms (SIEM, EDR, vulnerability management, etc.)
• Lead advanced incident response investigation, containment, remediation
• Develop automation and improve processes to reduce manual effort and increase efficiency
• Research and evaluate new security tools and technologies
• Tune alerts, cut false positives, and sharpen detection capabilities
• Support compliance initiatives through technical control implementation and validation
• Collaborate with internal teams to ensure security solutions are properly deployed and maintained
• Create and maintain documentation, standards, and repeatable processes
• Contribute to the ongoing maturity of the Security Operations program

Benefits

• Health, dental, and vision coverage with generous employer contributions
• Company-sponsored Life, STD/LTD Disability, and Workers’ Compensation
• 401(k) with 4% match starting day one
• Generous PTO (starting at 16 days, plus paid holidays. 20 days on your 1 year anniversary)
• Fully paid parental leave
• Smartphone stipend for on-call rotation
• Weekly company lunches, coffee, snacks, and a pet-friendly office