Tier 3 MSP Engineer

About The Position

Requirements

• 5+ years of progressive IT experience, with at least 2 years focused on security operations (SOC analyst, security engineer, or senior engineer at a security-focused MSP).
• Strong Microsoft 365 security stack experience: Defender for Office 365, Defender for Endpoint, Defender for Identity, Entra ID Protection, Conditional Access at scale.
• Solid Azure fundamentals — Entra ID, AVD, networking (VNets, NSGs, Private Endpoints), RBAC, and at least familiarity with IaC (Bicep or Terraform).
• Incident response experience — you've worked a real BEC, a real ransomware incident, or a real account takeover end-to-end and can talk through the timeline, the decisions, and what you'd do differently.
• PowerShell at a functional scripting level — able to automate administrative tasks, work with Microsoft 365/Azure modules, and troubleshoot or modify existing scripts.
• Excellent written communication — incident reports, RCA documents, client-facing summaries that don't make a non-technical CFO panic.

Nice To Haves

• Certifications: SC-200, SC-300, AZ-500 (mapped directly to our Microsoft Sentinel / Entra ID / Azure security work)
• Operational experience with Blackpoint Cyber MDR — incident handoff, isolation decisions, post-incident workflow with their SOC.
• Hands-on with our full operational stack: HaloPSA (PSA/ticketing) NinjaOne / NinjaRMM (RMM) CIPP (M365 multi-tenant admin) Hudu (documentation)
• Barracuda Email Protection policy management and incident response (BEC, mass-quarantine events).
• Experience designing CIS or NIST CSF-aligned baselines for SMB clients running Microsoft 365 and Azure.

Responsibilities

• Investigate phishing attacks, suspicious login activity, and account compromise incidents
• Perform threat hunting, log analysis, containment, and remediation
• Lead response efforts for Microsoft 365 and Azure-related security events
• Collaborate with security partners and vendors during active incidents
• Conduct post-incident reviews and improve prevention strategies
• Design and improve Conditional Access policies and identity security controls
• Manage and optimize Microsoft Defender and Entra ID security features
• Implement security baselines and hardening standards across client environments
• Improve MFA, privileged access, and identity governance workflows
• Support and troubleshoot Azure infrastructure and Azure Virtual Desktop environments
• Handle complex escalations involving networking, virtualization, storage, and authentication
• Lead migrations involving Microsoft 365, Azure, servers, and cloud infrastructure
• Assist with automation and infrastructure-as-code initiatives
• Serve as the Tier 3 escalation point for advanced technical issues
• Mentor junior engineers and contribute to technical standards
• Create documentation, operational runbooks, and repeatable processes
• Identify recurring problems and build long-term solutions

Benefits

• Annual performance bonus tied to security KPIs (mean time to detect, mean time to contain, recurring-incident reduction)
• Health insurance
• 401K with 3% match
• 12 days PTO to start (accrual increases with tenure) + 8 paid holidays
• Home office stipend