MSP Engineer

Agile IT is a Microsoft‑focused consulting and managed services provider. We help customers modernize and secure Microsoft 365, Azure, Azure Government, and Microsoft GCC High, with a mission to make CMMC Level 2 practical and sustainable through repeatable architectures, evidence automation, and managed operations.

What you'll work across (our services)

• Professional Services – Enablement (fixed‑price projects)

• Managed Services – Security & CMMC Compliance for Microsoft cloud and on‑premises systems

• Microsoft GCC High Licensing (secure onboarding & lifecycle operations)

• Complementary Partner Services (co‑delivered with strategic partners)

Join the front lines of cloud defense with Agile IT as an MSP Security Engineer. In this role, you'll be the guardian of our clients' Microsoft Cloud environments, ensuring they stay secure, compliant, and resilient against cyber threats. This position is at the heart of our managed security services (AgileDefend), working with cutting-edge Microsoft security tools in Azure and Microsoft 365 to meet CMMC Level 2 and other regulatory requirements. You'll spend your days hunting for threats, fine-tuning defenses, and automating away inefficiencies – one moment diving into log analytics, the next scripting a fix to a recurring issue. If you love the idea of combining blue-team vigilance with clever automation (and earning high-fives for every thwarted incident), you'll thrive in our fast-paced, collaborative environment that values both security excellence and continuous learning.

Key Responsibilities

• Security Administration: Administer and maintain a suite of Microsoft security and compliance solutions for multiple clients. This includes managing Azure AD/Entra ID configurations, Microsoft Defender for Endpoint/Office 365/Cloud Apps, Microsoft Sentinel SIEM, Intune endpoint management, and Purview compliance features. Ensure that security baselines and configurations across these tools are consistently enforced and aligned with each client's policies and CMMC requirements.

• Threat Monitoring & Incident Response: Monitor security alerts and events across client environments using our SOC tools (XDR and SIEM). Investigate incidents (phishing attempts, malware detections, suspicious logins, etc.) by analyzing logs and telemetry. Execute incident response playbooks to contain and remediate threats in a timely manner. You will be on the front line to triage issues, perform root cause analysis, and recommend improvements to prevent future incidents.

• Alert Tuning & Noise Reduction: Continuously tune detection rules and thresholds to improve signal-to-noise ratio. Leverage Kusto Query Language (KQL) and advanced hunting queries in Microsoft Sentinel/Defender to create custom detections that catch real threats while minimizing false positives. Adjust alerting based on emerging threat patterns and the unique needs of each client's environment, all with the goal of reducing alert fatigue and focusing on what matters most.

• Automation & Scripting: Develop automation scripts and workflows to streamline security operations tasks and ensure compliance evidence is captured. Use tools like PowerShell, Azure Logic Apps, or API integrations to automate repetitive tasks (for example, user onboarding/offboarding in Azure AD, or bulk policy changes) and to integrate security data between systems. Implement RMM (Remote Monitoring and Management) scripts to deploy patches or configuration changes at scale, thereby saving time and reducing human error.

• Documentation & Compliance Evidence: Maintain comprehensive documentation for all security operations activities. This includes updating network diagrams, runbooks, incident logs, and knowledge base articles. Ensure that for every change or incident, appropriate evidence is collected and stored to support CMMC Level 2 compliance and client audit needs. You'll contribute to quarterly reports and executive briefings by providing the technical details and metrics that demonstrate security posture improvements.  Use AI to assist in automating production and validation of documentation. 

• Client Education & Collaboration: Work closely with the Customer Success Manager and compliance consultants to educate clients on security best practices and emerging threats. Participate in Quarterly Business Reviews (QBRs) with clients to present security updates, discuss findings from incidents or assessments, and outline planned improvements. By translating technical jargon into clear, relatable insights, you help clients understand the value of our services and how we're keeping them safe.

• Continuous Improvement: Stay current on the latest cybersecurity threats, Microsoft cloud security updates, and industry trends. Proactively recommend and implement enhancements to our managed security service – whether it's adopting a new Microsoft security feature, improving an internal process, or contributing to team training sessions. In our culture, every engineer has a voice in how we get better.

• Experience: 3+ years of experience in IT security or systems administration, preferably in a Managed Services (MSP/MSSP) or enterprise environment. Hands-on experience with Microsoft security technologies and responding to security incidents is required. Experience monitoring and protecting cloud environments (Azure, O365) is highly desired.

• Technical Skills: Proficiency with Microsoft 365 Security & Compliance ecosystem: you should have working knowledge of Azure Active Directory (Entra ID) administration, Microsoft Defender suite (for Endpoint, Office 365, etc.), Microsoft Sentinel (or another SIEM), and Intune/Endpoint Manager. Strong PowerShell scripting skills and familiarity with automation tools are important for this role. Any experience with infrastructure-as-code (ARM/Bicep, Terraform) or other automation in cloud environments is a plus.

• Security Knowledge: Solid grasp of fundamental cybersecurity principles (least privilege, zero trust, defense-in-depth) and threat analysis techniques. Experience following or implementing frameworks like CIS benchmarks, NIST /CMMC, or even participating in vulnerability management and incident response processes. Security certifications such as Microsoft Certified: Security Operations Analyst (SC-200), Azure Security Engineer (AZ-500), CompTIA CySA+, or similar are advantageous.

• Analytical Mindset: Ability to analyze large volumes of logs and data to identify anomalies or indicators of compromise. Experience creating custom queries or reports to visualize security data is a plus. You enjoy sleuthing through data to connect the dots in an investigation.

• Soft Skills: Excellent communication and teamwork abilities. You can clearly document your work and also explain technical issues to non-technical folks when needed. You are customer-focused – recognizing that behind every alert or ticket is a real organization depending on us to keep them safe. You manage your time well, prioritize effectively under pressure, and know when to escalate issues to senior engineers or management.

• Education: Bachelor's degree in Computer Science, Information Security, or a related field is preferred, not required. What's most important is your demonstrated expertise and passion for cybersecurity. Continuous training and certifications are highly encouraged in our team – we want you to grow your skills with us.

Compensation & benefits

• Competitive executive compensation (base + performance bonus + stock options after first year).

• Comprehensive benefits (medical, retirement, PTO, professional development).

• Mission‑driven work that directly strengthens the national security supply chain.