Security Engineer

Cortavo is hiring a senior, hands-on Security Engineer to design, implement, and scale security across internal platforms and customer environments. This role secures on-premises, data center, and cloud workloads with primary focus on networking, identity, Microsoft 365, endpoint security, and infrastructure hardening. You will own security architecture, preventative controls, detection engineering, and automation, translating frameworks such as SOC 2, CMMC, NIST, and PCI into practical, auditable technical controls.

This role serves as the dedicated security escalation point for our Service Delivery team and customer-facing technical expert for assessments, audits, and risk discussions. You will partner closely with Engineering, Service Delivery, Product, and Solutions teams to embed security by design into Cortavo’s services while providing hands-on incident response and security operations support.

This role reports to the Engineering Manager.

• Security Operations & Incident Response
• Serve as primary escalation point for all security-related tickets from Service Delivery, including compromised accounts (email, credential issues), suspicious activity, security alerts, and MFA/Conditional Access bypass requests
• Own critical compromising or breached incidents end-to-end, including investigation, remediation, mitigation application, and post-incident security hardening
• Conduct comprehensive After Action Reviews (AARs) and Root Cause Analyses (RCAs) for all security-related incidents in collaboration with Service Delivery leadership
• Perform security and risk assessments for customer-facing networks, infrastructures, and services
• Manage security tool ecosystem including Inky email protection tuning, Bull Phish campaign management, and evaluation of new security technologies
• Serve as the subject‑matter‑expert for all things security and compliance for both Cortavo and our customer base
• Proactive Security & Client Engagement
• Conduct proactive client security reviews, analyzing Azure/Intune compliance reports and Microsoft Security Scores
• Lead Security Gap Assessments for customers (offered as add‑ons to Operational Maturity Assessments, provided to VIP clients, or sold/upsold to new and existing customers)
• Review Security Scores in Microsoft 365 and actively apply recommendations and remediation's to improve customer security posture
• Lead client security meetings, particularly with high‑touch or frustrated customers, to address security concerns and build confidence
• Drive security hardening initiatives including Conditional Access refinements, Intune policy rollouts, MFA enforcement, and endpoint security via Datto and Crowdstrike EDR
• Prepare security reporting for Executive Business Reviews (EBRs) and Quarterly Business Reviews (QBRs) demonstrating how we’ve improved customer environments
• Application and Infrastructure Security Management
• Collaborate with Engineering Manager on Cortavo’s core internal infrastructure (network, servers, and data) ensuring optimal performance, reliability, and security
• Evaluate and optimize technology stack to ensure efficient security, meeting business objectives and compliance assurance
• Work with Product Engineer and leadership to evaluate security tech stack, offer improvements, recommend tools, and help implement security technologies
• Identify security gaps in tooling and processes, and translate them into roadmap items, architectural improvements, or productized capabilities
• Drive platform security and compliance initiatives, ensuring infrastructure meets or exceeds SOC 2 and CMMC requirements by design
• Collaborate with engineers on secure implementation practices across all technical projects
• Build and refine security processes and operational frameworks to support scalable security operations
• Develop tech solutions and products ready to roll out for new Cortavo services, ensuring offerings have optimal security solutions
• Strong understanding of application security standards and practices, such as the OWASP Top 10
• If/when security vulnerability scanning tools are implemented, serve as the Accountable party in the RACI model to oversee, own, and create tickets for…