NeoSystems LLCRemote
Security Operations Engineer
United States
Full-time
11 hours ago
$63 - $46 USD
H1B Sponsor
Key skills
GoAnalyticsAzureLogic AppsCommunicationCollaboration
About this role
NeoSystems LLC is a company that provides managed services and security solutions primarily for clients in the defense industrial base. The Security Operations Engineer will support day-to-day security operations, focusing on threat detection, response, vulnerability management, and security engineering to ensure compliance with industry standards such as CMMC 2.0.
Responsibilities:
- Specify, deploy, and maintain security baselines and configurations across Microsoft 365 Defender products:
- Defender for Endpoint
- Defender for Office 365
- Defender for Cloud Apps (MCAS)
- Defender for Identity (formerly ATA)
- Microsoft Defender XDR
- Make recommendations for the adoption of Microsoft Secure Futures Initiative (SFI) six pillars:
- Identity and access
- Network and perimeter
- Data protection
- Device security
- Infrastructure security
- Threat protection
- Monitor and fine-tune data connectors, analytics rules, hunting queries, and playbooks for operations
- Design, recommend, and enforce security and compliance configurations supporting CMMC 2.0 (Levels 1–3), NIST 800-171, and DFARS requirements through collaboration with Product Development and Security Program Management groups
- Collaborate with Security Program Management and Product Development to validate technical controls and audit readiness
- Perform triage, escalation, and resolution lifecycle for security incidents
- Develop, maintain, and execute Incident Response playbooks for phishing, endpoint compromise, insider threats, cloud account takeovers, etc
- Perform root cause analysis (RCA) and support post-incident reviews (PIR)
- Coordinate onboarding/offboarding and integration of new customer tenants with external SOC providers and MSSP tooling (e.g., MDR, log analysis platforms)
- Support operational alignment between internal systems and third-party security tools
- Support operating system and third-party software patching cycles for customer environments
- Prioritize and remediate vulnerabilities in coordination with infrastructure teams and customer needs
- Leverage Microsoft Defender Vulnerability Management (MDVM) and MDE APIs for continuous hygiene improvement
- Build and maintain detection, response, and reporting workflows using Power Automate, Sentinel Logic Apps, or custom scripting
- Maintain and document secure configuration baselines for Microsoft 365 services, Azure, and Windows endpoints
- Monitor threat feeds and indicators relevant to the DIB sector
- Collaborate with detection engineers to refine behavioral analytics and eliminate noise in alerts
- Coordinate with internal and external threat intelligence analysts
- Participate in monthly and quarterly security review meetings with clients as needed
- Prepare actionable security reports, incident summaries, and recommendations
- Provide expert guidance on emerging threats, tool capabilities, and E5 feature usage
Requirements:
- 5+ years in a Security Operations, Incident Response, or Cyber Defense role
- Hands-on experience with Microsoft 365 E5 security stack and Microsoft Sentinel
- Hands-on experience with NinjaONE
- Strong working knowledge of CMMC 2.0, NIST 800-171, and other compliance frameworks
- Familiarity with MITRE ATT&CK, Kill Chain models, and threat intelligence frameworks
- Demonstrated experience working across multiple customer tenants in a fast-paced, high-trust environment
- Excellent communication skills, with the ability to engage effectively with stakeholders at all levels within and external to the organization, and to articulate complex technical concepts in a clear and concise manner
- Demonstrated ability to go above and beyond to understand and serve customers' needs and in effectively managing several customers simultaneously
- Highly collaborative–with 'team' mindset, sharing ideas and supporting cross-functional colleagues; handling interactions with professionalism and integrity
- Demonstrates a results‑driven approach to IT operations, recognizing that technology support and system reliability extend beyond traditional 9‑to‑5 hours. High accountability for delivering results, owning mistakes and doing the right thing – always
- Industry certifications preferred: GIAC, GCIH, CISSP, AZ-500, SC-200, or Microsoft Cybersecurity Architect Expert