Job Overview:
Cortavo is hiring a senior, hands-on Security Engineer to design, implement, and scale security across internal platforms and customer environments. This role secures on-premises, data center, and cloud workloads with primary focus on networking, identity, Microsoft 365, endpoint security, and infrastructure hardening. You will own security architecture, preventative controls, detection engineering, and automation, translating frameworks such as SOC 2, CMMC, NIST, and PCI into practical, auditable technical controls.
This role serves as the dedicated security escalation point for our Service Delivery team and customer-facing technical expert for assessments, audits, and risk discussions. You will partner closely with Engineering, Service Delivery, Product, and Solutions teams to embed security by design into Cortavo’s services while providing hands-on incident response and security operations support.
This role reports to the Engineering Manager.
Responsibilities:
Security Operations & Incident Response
Serve as primary escalation point for all security-related tickets from Service Delivery, including compromised accounts (email, credential issues), suspicious activity, security alerts, and MFA/Conditional Access bypass requests
Own critical compromising or breached incidents end-to-end, including investigation, remediation, mitigation application, and post-incident security hardening
Conduct comprehensive After Action Reviews (AARs) and Root Cause Analyses (RCAs) for all security-related incidents in collaboration with Service Delivery leadership
Perform security and risk assessments for customer-facing networks, infrastructures, and services
Manage security tool ecosystem including Inky email protection tuning, BullPhish campaign management, and evaluation of new security technologies
Serve as the subject-matter-expert for all things security and compliance for both Cortavo and our customer base
Proactive Security & Client Engagement
Conduct proactive client security reviews, analyzing Azure/Intune compliance reports and Microsoft Security Scores
Lead Security Gap Assessments for customers (offered as add-ons to Operational Maturity Assessments, provided to VIP clients, or sold/upsold to new and existing customers)
Review Security Scores in Microsoft 365 and actively apply recommendations and remediations to improve customer security posture
Lead client security meetings, particularly with high-touch or frustrated customers, to address security concerns and build confidence
Drive security hardening initiatives including Conditional Access refinements, Intune policy rollouts, MFA enforcement, and endpoint security via Datto and Crowdstrike EDR
Prepare security reporting for Executive Business Reviews (EBRs) and Quarterly Business Reviews (QBRs) demonstrating how we’ve improved customer environments
Application and Infrastructure Security Management
Collaborate with Engineering Manager on Cortavo’s core internal infrastructure (network, servers, and data) ensuring optimal performance, reliability, and security
Evaluate and optimize technology stack to ensure efficient security, meeting business objectives and compliance assurance
Work with Product Engineer and leadership to evaluate security tech stack, offer improvements, recommend tools, and help implement security technologies
Identify security gaps in tooling and processes, and translate them into roadmap items, architectural improvements, or productized capabilities
Drive platform security and compliance initiatives, ensuring infrastructure meets or exceeds SOC 2 and CMMC requirements by design
Collaborate with engineers on secure implementation practices across all technical projects
Build and refine security processes and operational frameworks to support scalable security operations
Develop tech solutions and products ready to roll out for new Cortavo services, ensuring offerings have optimal security solutions
Strong understanding of application security standards and practices, such as the OWASP Top 10
If/when security vulnerability scanning tools are implemented, serve as the Accountable party in the RACI model to oversee, own, and create tickets for remediation items
Compliance and Risk Assessment Ownership
Perform assessments using various frameworks (NIST, SOC2, CMMC, FFIEC, PCI, etc.) to identify gaps and remediate deficiencies
Ensure systems and applications are implemented with compensating controls to meet regulatory requirements (e.g. SOC2, HIPAA, FFIEC, PCI)
Lead Cyber Insurance Resilience efforts for both internal Cortavo operations and external client environments
Collaborate with Project Management and IT Operations on Privileged Identity Management (PIM) and least privileged access initiatives
Training, Documentation & Team Support
Develop and deliver security training programs for internal teams including Service Delivery, Engineering, Product, Solutions, and Project Management on security red flags, escalation criteria, threat recognition, and secure development practices
Provide security awareness training and education to customer organizations, including phishing campaign debriefs, compliance training, and executive security briefings
Create and maintain knowledge base articles for common security scenarios to enable first-line triage and reduce escalations across all technical teams
Define clear escalation criteria and paths so all teams know exactly when and how to engage security resources
Maintain accurate, current, and accessible technical documentation, conduct internal and external product demos, and ensure transparency, auditability, and compliance with internal and external standards
Report to leadership on security projects, initiatives, and proactive work being performed
Drive team roadmaps by staying up to date with the latest threats and independently identify areas of security risk
Think beyond reactive security measures, take a proactive approach to identifying potential vulnerabilities and threats. Use advanced tools, AI, machine learning, or custom-built scripts to anticipate future risks and mitigate them before they affect the infrastructure
Required Skills & Qualifications:
Minimum 5-7 years of IT systems engineering experience in an MSP or multi-tenant environment
Minimum 4 years of IT Security engineering, Cyber Security Architecture, or compliance infrastructure roles
Proven experience handling security incidents and compromises in production environments
Technical credibility in a security engineering role with demonstrated impact within multiple domains: Zero Trust/Conditional Access approaches, Endpoint Security, Data Protection, Mobile, Cloud Security
Strong organizational, research, analytical and problem-solving skills to evaluate situations, make recommendations, and take effective action
Ability to articulate complex technical concepts or scenarios to both technical and non-technical audiences, including frustrated customers
Able to define, communicate, and present executive-level proposals of the risk-based business impact approach to cybersecurity
Expert knowledge of security principles, solutions, tools, methodologies, and techniques
Strong ability to partner with operations stakeholders (Service Delivery, Engineering, Product) to define platform needs and drive adoption
Experience establishing platform governance, compliance standards, and security controls
Expert knowledge of Networking and Firewalls, particularly with Cisco Meraki
Expert knowledge in Microsoft 365, Azure AD, Exchange Online, Teams, and Microsoft Endpoint Manager (Intune)
Strong experience with MFA implementation and Conditional Access policies
Experience with security tools including email protection (e.g., Inky), EDR solutions (e.g., Crowdstrike), and RMM platforms (e.g., Datto)
Proficiency with observability tools (Prometheus, Grafana, OpenTelemetry, Datadog)
Knowledge in Infrastructure as Code (IaC) tools, such as Terraform, Puppet, Ansible
Proficiency in Microsoft Server environments
Proven experience in secure software development principles in various languages (Java, Go, JavaScript, Python, etc.)
Experience conducting After Action Reviews (AARs) and Root Cause Analyses (RCAs)
Customer-facing experience with ability to lead security assessments and discussions with executive stakeholders
Preferred Qualifications:
Bachelor’s degree in computer science, Information Security, or related field
Security certifications such as CISSP, CISM, CEH, Security+, or GIAC certifications
Microsoft Security certifications, particularly:
SC-200: Microsoft Security Operations Analyst
SC-300: Microsoft Identity and Access Administrator
SC-400: Microsoft Information Protection Administrator
MS-500: Microsoft 365 Security Administration
Cloud security certifications (Azure Security Engineer Associate, AWS Security Specialty)
Compliance certifications (ISO 27001 Lead Auditor, CMMC-RP, or similar)
Experience with ticketing and PSA systems (Autotask, ConnectWise, Jira)
Experience working in an MSP or MSSP environment
Familiarity with SIEM platforms (Sentinel, Splunk, etc.)
Experience with security frameworks (NIST CSF, CIS Controls, MITRE ATT&CK)
Previous experience conducting security assessments or penetration testing
Estimated Usage of Time
40% Security Operations & Incident Response
30% Infrastructure Security
20% Compliance
10% Training
Work Environment
Competitive salary, as well as employer, contributed health benefits
Hybrid work schedule
Access to a Company cell phone plan
A seat on an energetic team that collaborates and pushes each other to be better
A fast-paced but cooperative environment with endless potential for growth
Celebration events for team and Company successes throughout the year
Flexible work from home options available.