Security Operations Engineer

Job Details

The Security Operations Engineer (Sec Ops Engineer) supports day-to-day security operations for our managed services and security customers, primarily in the defense industrial base (DIB). The ideal candidate has hands‑on experience managing Microsoft 365 E5 security solutions and a deep understanding of the compliance and threat landscape in regulated industries, particularly CMMC 2.0. This role directly impacts the resilience of our customers’ environments—most of which require strict compliance and a zero-tolerance approach to risk—by supporting threat detection, response, vulnerability management, and security engineering efforts.

• Specify, deploy, and maintain security baselines and configurations across Microsoft 365 Defender products:
• Defender for Endpoint
• Defender for Office 365
• Defender for Cloud Apps (MCAS)
• Defender for Identity (formerly ATA)
• Microsoft Defender XDR
• Make recommendations for the adoption of Microsoft Secure Futures Initiative (SFI) six pillars:
• Identity and access
• Network and perimeter
• Data protection
• Device security
• Infrastructure security
• Threat protection
• Monitor and fine‑tune data connectors, analytics rules, hunting queries, and playbooks for operations.

• Design, recommend, and enforce security and compliance configurations supporting CMMC 2.0 (Levels 1–3), NIST 800‑171, and DFARS requirements through collaboration with Product Development and Security Program Management groups.
• Collaborate with Security Program Management and Product Development to validate technical controls and audit readiness.

• Perform triage, escalation, and resolution lifecycle for security incidents.
• Develop, maintain, and execute Incident Response playbooks for phishing, endpoint compromise, insider threats, cloud account takeovers, etc.
• Perform root cause analysis (RCA) and support post‑incident reviews (PIR).

• Coordinate onboarding/offboarding and integration of new customer tenants with external SOC providers and MSSP tooling (e.g., MDR, log analysis platforms).
• Support operational alignment between internal systems and third‑party security tools.

• Support operating system and third‑party software patching cycles for customer environments.
• Prioritize and remediate vulnerabilities in coordination with infrastructure teams and customer needs.
• Leverage Microsoft Defender Vulnerability Management (MDVM) and MDE APIs for continuous hygiene improvement.

• Build and maintain detection, response, and reporting workflows using Power Automate, Sentinel Logic Apps, or custom scripting.
• Maintain and document secure configuration baselines for Microsoft 365 services, Azure, and Windows endpoints.

• Monitor threat feeds and indicators relevant to the DIB sector.
• Collaborate with detection engineers to refine behavioral analytics and eliminate noise in alerts.
• Coordinate with internal and external threat intelligence analysts.

• Participate in monthly and quarterly security review meetings with clients as needed.
• Prepare actionable security reports, incident summaries, and recommendations.
• Provide expert guidance on emerging threats, tool capabilities, and E5 feature usage.

• 5+ years in a Security Operations, Incident Response, or Cyber Defense role.
• Hands‑on experience with Microsoft 365 E5 security stack and Microsoft Sentinel.
• Hands‑on experience with Ninja
  
  ONE.
• Strong working knowledge of CMMC 2.0, NIST 800‑171, and other compliance frameworks.
• Familiarity with MITRE ATT&CK, Kill Chain models, and threat intelligence frameworks.
• Demonstrated experience working across multiple customer tenants in a fast‑paced, high‑trust environment.
• Excellent communication skills, with the ability to engage effectively with stakeholders at all levels within and external to the organization, and to articulate complex technical concepts in a clear and concise manner.
• Demonstrated ability to go above and beyond to understand and serve…