Senior Cybersecurity Operations Engineer - Onsite in Washington, DC (20024)

We are seeking a Senior Cybersecurity Operations Engineer to support a federal client in maintaining and strengthening enterprise cybersecurity operations across a hybrid on-premises and cloud environment. This role is responsible for security engineering, continuous monitoring, threat detection, incident response, and the ongoing enhancement of cybersecurity operations within a highly regulated federal environment.

The ideal candidate will have strong experience supporting Microsoft-based infrastructure, cloud security, network security, and enterprise security operations tools. This position requires the ability to operate independently with minimal supervision while collaborating closely with cybersecurity leadership and cross-functional IT teams.

Key Responsibilities

• Perform ongoing security assessments of systems, networks, and cloud environments in alignment with NIST, FISMA, CISA, and other federal cybersecurity standards and directives
• Identify security risks and recommend corrective actions to improve overall security posture and compliance
• Perform systems engineering, maintenance, and security hardening activities following established operational standards
• Implement, support, and troubleshoot security solutions across LAN, wireless, firewall, and Microsoft Azure environments
• Administer and optimize cybersecurity tools including SIEM, Syslog, EDR, NDR, firewalls, Microsoft 365 security, Defender for Cloud, and Continuous Diagnostics and Mitigation (CDM) platforms
• Monitor security events, system alerts, vulnerabilities, and suspicious activity through log analysis and proactive threat hunting
• Support the development and enhancement of Security Orchestration, Automation, and Response (SOAR) capabilities
• Execute incident response activities including investigation, containment, remediation support, documentation, and reporting in accordance with established response plans
• Develop and maintain incident handling procedures, standard operating procedures, and security operations documentation
• Ensure logging, monitoring, and data retention practices support effective investigations and operational visibility
• Generate security posture reports, operational metrics, and threat reporting to support leadership decision-making and risk management
• Collaborate with cybersecurity leadership, including CISO and Privacy Officer, to strengthen cybersecurity and privacy controls
• Partner with infrastructure and application teams to ensure security requirements are integrated into enterprise systems and services

Required Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field preferred; equivalent experience accepted
• 5+ years of experience in cybersecurity operations, security engineering, SOC operations, or incident response
• Government experience required
• Strong knowledge of NIST, FISMA, CISA directives, and federal cybersecurity standards
• Hands-on experience with:
  • Microsoft Azure, Entra ID, and Microsoft 365 security environments
  • Cisco networking and firewall technologies
  • SIEM, Syslog, EDR, NDR, and security monitoring platforms
  • Microsoft Defender for Cloud and CDM tools
  • PowerShell scripting and automation
  • Linux operating system administration
• Strong experience with incident response, threat detection, threat hunting, and security investigations
• Experience supporting continuous monitoring and security operations reporting
• Experience developing SOPs, incident handling procedures, and security documentation
• Strong analytical, troubleshooting, and technical documentation skills
• Ability to work independently in a structured federal environment

Desired Qualifications

• Experience supporting SOAR platforms and security automation initiatives
• Experience with cloud security architecture in hybrid environments
• Familiarity with disaster recovery and business continuity planning
• Experience supporting executive-level security reporting and metrics
• Familiarity with advanced identity management and MFA governance models
• Relevant cybersecurity certifications (Security+, CISSP, Azure Security, or equivalent)