Mechanicus LLC is a managed service provider with a security-forward practice — Microsoft Sentinel, Blackpoint MDR, and a real SOC workflow rather than a "we forward alerts to a third party" arrangement. Roughly a quarter of our monthly ticket volume is security work: targeted phishing investigations, malicious login attempts, SIEM triage, and MDR collaboration. We need a senior engineer who can own that work end-to-end.
We’re looking for a Tier 3 Security & Infrastructure Engineer who will serve as the senior technical escalation point for complex infrastructure, cloud, and security issues across client environments.
You'll be the person Tier 2 calls when the impossible-travel alert turns out to be real, when the AVD environment needs re-architecting, when a client's M365 tenant has been compromised at 2am. You'll also drive the proactive work — hardening, detection engineering, post-incident reviews — that keeps the volume from getting worse.
We don't expect you to be in the office. We do expect you to be reachable during a P1.
What You’ll Be Doing
Security Operations & Incident Response
Investigate phishing attacks, suspicious login activity, and account compromise incidents
Perform threat hunting, log analysis, containment, and remediation
Lead response efforts for Microsoft 365 and Azure-related security events
Collaborate with security partners and vendors during active incidents
Conduct post-incident reviews and improve prevention strategies
Microsoft 365 & Identity Security
Design and improve Conditional Access policies and identity security controls
Manage and optimize Microsoft Defender and Entra ID security features
Implement security baselines and hardening standards across client environments
Improve MFA, privileged access, and identity governance workflows
Cloud & Infrastructure Engineering
Support and troubleshoot Azure infrastructure and Azure Virtual Desktop environments
Handle complex escalations involving networking, virtualization, storage, and authentication
Lead migrations involving Microsoft 365, Azure, servers, and cloud infrastructure
Assist with automation and infrastructure-as-code initiatives
Technical Leadership
Serve as the Tier 3 escalation point for advanced technical issues
Mentor junior engineers and contribute to technical standards
Create documentation, operational runbooks, and repeatable processes
Identify recurring problems and build long-term solutions
What We’re Looking For
5+ years of progressive IT experience, with at least 2 years focused on security operations (SOC analyst, security engineer, or senior engineer at a security-focused MSP).
Strong Microsoft 365 security stack experience: Defender for Office 365, Defender for Endpoint, Defender for Identity, Entra ID Protection, Conditional Access at scale.
Solid Azure fundamentals — Entra ID, AVD, networking (VNets, NSGs, Private Endpoints), RBAC, and at least familiarity with IaC (Bicep or Terraform).
Incident response experience — you've worked a real BEC, a real ransomware incident, or a real account takeover end-to-end and can talk through the timeline, the decisions, and what you'd do differently.
PowerShell at a functional scripting level — able to automate administrative tasks, work with Microsoft 365/Azure modules, and troubleshoot or modify existing scripts.
Excellent written communication — incident reports, RCA documents, client-facing summaries that don't make a non-technical CFO panic.
Nice To Have
HR Information:
Powered by JazzHR