MSP Engineer - Microsoft focused CyberSecurity (CMMC Level 2)

You’ll operate customer environments to CMMC Level 2 expectations, automate repetitive tasks, and continuously improve security and compliance outcomes. You’re hands‑on with Microsoft Defender, Sentinel, Entra ID, Intune, and Purview, and you love turning tickets into automations (Azure Logic Apps, RMM policies/scripts, or n8n workflows). You’ll maintain SLAs/OLAs, reduce MTTR, and capture evidence for audits—without creating toil.

Responsibilities

Operate & secure Microsoft estates

• Monitor, triage, and resolve incidents across Defender (Endpoint/Identity/Office/Cloud) and Microsoft Sentinel; tune analytics rules, KQL queries, and playbooks.

• Manage Entra ID (PIM, Conditional Access, MFA), Intune (compliance, baselines, hardening), and Purview (labels/DLP/insider risk).

• Maintain secure configurations for Azure (policy, RBAC, Key Vault, logging, networking) and common on‑premises integrations (AD, file services, VPN, firewalls).

CMMC L2 & compliance operations

• Map operational work to NIST 800‑171 practices; capture evidence automatically where possible (logs, reports, tickets).

• Contribute to control runbooks, SOPs, and customer artifacts (e.g., SSP/POA&M inputs in partnership with GRC resources).

• Support GCC High tenants and Azure Government as needed (we’ll train where you need to ramp).

Automation & reliability engineering

• Build Azure Logic Apps/Power Automate playbooks, RMM scripts/policies, and n8n flows to eliminate manual steps (onboarding, patching, alert enrichment, evidence collection, remediation).

• Use PowerShell (and, when appropriate, Graph API, KQL, Bicep/Terraform) to codify repeatable operations.

• Measure results (time saved, error reduction, SLA impact) and iterate.

Customer experience & service management

• Work tickets to SLA; document root cause and preventive actions.

• Participate in on‑call rotation for priority incidents (reasonable frequency).

• Contribute to QBRs with concise ops/health summaries and recommendations.

Required qualifications

• 4+ years in an MSP or enterprise operations role supporting Microsoft 365/Azure security.

• Hands‑on with Defender, Sentinel, Entra ID, Intune, and Purview (configure, monitor, remediate, and document).

• Automation experience in at least one of: Azure Logic Apps / Power Automate, RMM (policies, packaging, scripting), or n8n (or similar API integrators).

• PowerShell proficiency; able to read/write scripts for ops at scale.

• Solid ticket hygiene and service‑management discipline (incident/problem/change).

• Strong written documentation (runbooks/SOPs) and clear customer communication.

• Education: College degree preferred, not required.

Nice to have

• Practical understanding of CMMC Level 2 (or NIST 800‑171) and how to operate controls day‑to‑day (not just policy).

• Experience with Azure Government and Microsoft GCC High operations.

• KQL detection engineering; Sentinel content management at scale.

• IaC/automation (Bicep/Terraform), Graph API automation, or Git‑based runbook versioning.

• Familiarity with PSA/RMM platforms and license operations (e.g., Microsoft NCE) for clean handoffs.

• Certifications: any of SC‑200/300/400, AZ‑500, AZ‑104, MS‑102; CMMC‑aligned training (e.g., CCP) or security certs (Security+, CISSP).

Compensation & benefits

• Competitive executive compensation (base + performance bonus + stock options after first year).

• Comprehensive benefits (medical, retirement, PTO, professional development).

• Mission‑driven work that directly strengthens the national security supply chain.