Seeking a dedicated and experienced Security Operations Specialist/Senior Systems Engineer to join our team. The Security/Senior Systems Engineer will fill a dual role of overseeing the daily operations of key security controls along with providing support of core Microsoft platforms such as M365 and Windows Server. This role will work closely with our IT team and various stakeholders to ensure that our systems are efficient, secure and aligned with business needs.

Need someone from a small company [ 200m is the current firm ]-small IT dept 6 people need a jack of all

KEY RESPONSIBILITIES

Security Operations

Act as the primary security specialist across the Company's global sites/divisions.

Oversee ongoing security operations, including patch management, asset management, and engagement with security partners, ensuring effective monitoring and response to security incidents.

Manage security tools and technologies such as firewalls, intrusion detection systems, and antivirus software.

Coordinate with IT and other departments to ensure security measures are integrated into all aspects of the organization's operations.

Manage the security awareness and training program to ensure all end users receive regular security training.

Manage deployment of security tool agents.

Conduct access control reviews and other recurring security control reviews.

Systems Administration and Engineering Activities

Perform system administration tasks including configuration, patch management, and troubleshooting of Microsoft M365 and Exchange systems.

Plan and execute migration projects to Microsoft M365 (email, Teams, SharePoint, OneDrive, etc.) from legacy systems or other platforms.

Work closely with cross-functional teams to understand their requirements and provide technical solutions that enhance productivity.

Develop and maintain comprehensive documentation for all system configurations, changes, and procedures.

Provide advanced support for Microsoft M365-related issues, including root cause analysis and problem resolution.

Mentor and provide guidance to junior engineers and IT staff in the use and management of Microsoft M365 and Exchange.

Security Strategy, Governance and Regulatory Compliance

Under the CIO's and the vCISO's direction, establish, track, and report on security KPIs.

Participate in ongoing security governance activities, including regular leadership updates.

Maintain documentation for security policies, procedures, and protocols.

Coordinate with technical resources across all Company locations to establish a consistent security landscape.

Incident Readiness, Response and Recovery

Manage and coordinate response efforts during security incidents, including containment, eradication, and recovery.

Conduct post-incident analysis to identify root causes and implement measures to prevent future occurrences.

Maintain an up-to-date incident response plan and ensure all team members are familiar with their roles and responsibilities.

Conduct risk assessments and vulnerability analyses to identify potential threats and mitigate risks.

Threat Intelligence and Analysis

Monitor threat intelligence feeds and stay informed about emerging cybersecurity threats and vulnerabilities.

Conduct threat analysis and provide actionable insights to improve the organization's security posture.

Collaborate with external partners, such as cybersecurity firms and government agencies, to share threat intelligence and best practices.

QUALIFICATIONS

Bachelor's degree in Information Security, Computer Science, or a related field.

5+ years of experience in system engineering and/or information security operations or related roles, with a focus on security operations, M365 and Windows servers

Experience with security technologies and tools (e.g., firewalls, intrusion detection/prevention systems, SIEM).

Strong analytical and problem-solving skills, with the ability to identify and mitigate security risks.

Relevant certifications in both security and M365 (e.g., CISSP, CISM, CEH, M365) are highly desirable.

Proven experience in developing and implementing cybersecurity operational controls and procedures.

In depth knowledge of M365 and Azure/Entra ID architecture, deployment and administration

Proficiency in PowerShell scripting for automation and management of Microsoft M365.

Experience in Active Directory, Azure AD (Entra ID), Intune, and hybrid environments.

Strong understanding of networking concepts including DNS, DHCP, and SSL/TLS.

Knowledge of security protocols and best practices, including data protection and GDPR compliance.

WORKING CONDITIONS

This is a hybrid position requiring some onsite work at our Athol, MA headquarters. As the program gets established and operational, the work environment will shift to a hybrid one where the Engineer can work remotely. The engineer typically works in an office environment with normal working hours of 8 am to 5 pm but may be required to respond to security incidents outside regular business hours. This role may also involve occasional travel to attend conferences and training sessions or to coordinate with external partners.