Security Operations Engineer
Posted
Job Title: Security Operations (SecOps) Engineer
Duration: 12+ Months (Possible extension)
Location: New York, NY 10286
Onsite Role (4 days a week)
Responsibilities:
Network and Perimeter Security
Duration: 12+ Months (Possible extension)
Location: New York, NY 10286
Onsite Role (4 days a week)
Responsibilities:
- Seeking a hands-on Security Operations (SecOps) Engineer to build, operate, and continuously improve the security posture of a FedRAMP-compliant Azure environment, using native Microsoft tooling end-to-end.
- Will design detections, triage and respond to incidents, maintain secure configurations and baselines, support Continuous Monitoring reporting, and ensure audit-ready evidence across NIST SP 800-53 control families.
- This role partners closely with cloud engineering, platform teams, risk/compliance, and 3PAOs to sustain authorization and operational excellence for government-aligned workloads.
- Design, implement, and tune detections in Microsoft Sentinel; create analytic rules, workbooks, watchlists, and automation (Logic Apps/Playbooks).
- Build incident response runbooks and orchestration using Sentinel automation for triage, enrichment, and response.
- Maintain log onboarding pipelines, data connectors, and normalization in Log Analytics; ensure coverage for in-scope resources per FedRAMP controls.
- Operate daily SecOps functions: alert triage, investigation, threat hunting, containment, and post-incident reviews.
- Leverage native tooling (Defender for Cloud, Defender for Cloud Apps, Entra ID Protection, Microsoft Defender XDR signals) to correlate and respond.
- Document evidence and maintain audit-ready case records; contribute to POA&M entries and corrective actions.
- Use Microsoft Defender for Cloud recommendations, Secure Score, and Azure Policy to manage misconfigurations and control enforcement.
- Partner with platform engineering to remediate vulnerabilities and drift; track closures against FedRAMP timelines by severity.
- Maintain baseline guardrails via Azure Policy/Blueprints; monitor compliance and exceptions with reporting aligned to Continuous Monitoring.
- Implement and support least-privilege patterns with Entra ID (Azure AD), PIM, Conditional Access, RBAC, and managed identities.
- Coordinate FIPS 140-2 validated crypto usage (e.g., Key Vault); ensure encryption at rest/in transit standards are met and evidenced.
Network and Perimeter Security
- Operate native controls: Azure Firewall, NSGs, Private Link, DDoS Protection, and secure connectivity patterns; monitor and remediate anomalies.
- Ensure logging/telemetry for network controls is complete, retained, and queryable within Sentinel.
- Produce monthly/quarterly ConMon artifacts (scan results, configuration compliance, incident metrics) and maintain supporting evidence.
- 5+ years in security operations engineering or incident response, with 2+ years operating native Microsoft security tooling in Azure.
- Hands-on experience building and tuning detections in Microsoft Sentinel and automating response with Logic Apps/Playbooks.
- Practical knowledge of FedRAMP baselines (Moderate/High) and NIST SP 800-53 control families relevant to operations (AC, AU, CM, IR, RA, SC, SI).
- Proficiency with Azure security services: Defender for Cloud, Azure Policy, Entra ID (PIM/Conditional Access), Key Vault, Azure Monitor/Log Analytics.
- Strong incident response skills: triage, investigation, containment, and post-incident documentation with audit-quality evidence.
- Experience operating vulnerability/misconfiguration management workflows and meeting remediation SLAs aligned to FedRAMP timelines.
- Scripting/automation familiarity (KQL for Sentinel, PowerShell, ARM/Bicep/Terraform basics) to support detection, onboarding, and evidence generation.
- Excellent documentation and communication skills for playbooks, evidence packages, and stakeholder updates.
- Experience with Azure Government or GCC High environments and their control/telemetry nuances.
- Prior contributions to FedRAMP Continuous Monitoring reporting and POA&M lifecycle management.
- Experience integrating native controls with payment or mission-critical workloads and aligning detections to transactional risk profiles.
- Familiarity with Microsoft Purview, Defender for Cloud Apps, Entra ID Protection, and Private Link patterns for sensitive services.
- Certifications: AZ-500 (Azure Security Engineer Associate), SC-200 (Microsoft Security Operations Analyst), CISSP, CCSP, or equivalent.
