Security Operations Engineer

About The Position

Requirements

• 5+ years in a Security Operations, Incident Response, or Cyber Defense role. 
• Hands-on experience with Microsoft 365 E5 security stack and Microsoft Sentinel. 
• Hands-on experience with NinjaONE
• Strong working knowledge of CMMC 2.0, NIST 800-171, and other compliance frameworks. 
• Familiarity with MITRE ATT&CK, Kill Chain models, and threat intelligence frameworks.
• Demonstrated experience working across multiple customer tenants in a fast-paced, high-trust environment. 
• Excellent communication skills, with the ability to engage effectively with stakeholders at all levels within and external to the organization, and to articulate complex technical concepts in a clear and concise manner.
• Demonstrated ability to go above and beyond to understand and serve customers’ needs and in effectively managing several customers simultaneously.
• Highly collaborative–with “team” mindset, sharing ideas and supporting cross-functional colleagues; handling interactions with professionalism and integrity.
• Demonstrates a results‑driven approach to IT operations, recognizing that technology support and system reliability extend beyond traditional 9‑to‑5 hours.
• High accountability for delivering results, owning mistakes and doing the right thing – always.

Nice To Haves

• Industry certifications preferred: GIAC, GCIH, CISSP, AZ-500, SC-200, or Microsoft Cybersecurity Architect Expert. 

Responsibilities

• Microsoft365 & Cloud Security Operations Specify, deploy, and maintain security baselines and configurations across Microsoft 365 Defender products:  Defender for Endpoint  Defender for Office 365  Defender for Cloud Apps (MCAS)  Defender for Identity (formerly ATA)  Microsoft Defender XDR  Make recommendations for the adoption of Microsoft Secure Futures Initiative (SFI) six pillars:  Identity and access  Network and perimeter  Data protection  Device security  Infrastructure security  Threat protection  Monitor and fine-tune data connectors, analytics rules, hunting queries, and playbooks for operations. 
• Compliance and Regulatory Readiness Design, recommend, and enforce security and compliance configurations supporting CMMC 2.0 (Levels 1–3), NIST 800-171, and DFARS requirements through collaboration with Product Development and Security Program Management groups.  Collaborate with Security Program Management and Product Development to validate technical controls and audit readiness. 
• Security Incident Response Perform triage, escalation, and resolution lifecycle for security incidents.  Develop, maintain, and execute Incident Response playbooks for phishing, endpoint compromise, insider threats, cloud account takeovers, etc.  Perform root cause analysis (RCA) and support post-incident reviews (PIR). 
• 3rd-Party SOC and Tooling Oversight Coordinate onboarding/offboarding and integration of new customer tenants with external SOC providers and MSSP tooling (e.g., MDR, log analysis platforms).  Support operational alignment between internal systems and third-party security tools.
• Vulnerability and Patch Management Support operating system and third-party software patching cycles for customer environments.  Prioritize and remediate vulnerabilities in coordination with infrastructure teams and customer needs.  Leverage Microsoft Defender Vulnerability Management (MDVM) and MDE APIs for continuous hygiene improvement. 
• Security Engineering & Automation Build and maintain detection, response, and reporting workflows using Power Automate, Sentinel Logic Apps, or custom scripting.  Maintain and document secure configuration baselines for Microsoft 365 services, Azure, and Windows endpoints. 
• Threat Intelligence & Detection Engineering Monitor threat feeds and indicators relevant to the DIB sector.  Collaborate with detection engineers to refine behavioral analytics and eliminate noise in alerts.  Coordinate with internal and external threat intelligence analysts. 
• Customer Engagement & Reporting Participate in monthly and quarterly security review meetings with clients as needed. Prepare actionable security reports, incident summaries, and recommendations.  Provide expert guidance on emerging threats, tool capabilities, and E5 feature usage.