Platzhalter Bild

Senior Security Engineer bei Legato Security

Legato Security · Salt Lake City, Vereinigte Staaten Von Amerika · Onsite

Jetzt bewerben

Senior Security Engineer 

 

Who We Are 

Legato Security is an information security firm founded upon the belief that every organization has the right to keep its data private and secure. Our mission is to build close partnerships with our clients, serving them not as just a vendor, but as trusted advisors helping to build effective, proactive plans. Our focus is always on both the technical and human elements within an organization. We believe in comprehensive strategies designed to harden networks, deflect attackers, and rapidly recover from any accidents. As technology progresses, so do our tactics, ensuring our experts are always prepared to serve forward-looking leaders eager to stay ahead of emerging threats. 

 

Position Overview 

Legato Security is seeking a Security Engineer to join our MSSP engineering team with a primary focus on Microsoft 365 security engineering. You will lead and support security configuration and management across Entra ID (Azure AD), Intune, Conditional Access, and the Microsoft Defender suite, while also operating and optimizing SIEM, EDR, and Email Security platforms for our customers. You will mentor junior team members, collaborate directly with clients, and drive continuous improvement in reliability, visibility, and detection outcomes.

 

Specific Job Responsibilities 

  • Design, implement, and maintain secure configurations across Entra ID (Identity Protection, MFA, Conditional Access, PIM), Intune (device compliance, configuration profiles, app protection, endpoint security baselines), and Microsoft 365 Defender (Defender for Endpoint/Identity/Office 365; DLP) to reduce risk and improve posture.
  • Perform tenant health reviews, roadmap recommendations, and architecture guidance aligned to best practices.
  • Independently resolve complex platform issues; escalate critical problems with comprehensive analysis.
  • Develop and refine queries, dashboards, and reports across various SIEM and EDR solutions to improve visibility and meet customer requests.
  • Manage log source onboarding and tuning, parser normalization, licensing and ingestion health to maintain accuracy and performance.
  • Administer updates, patches, and configurations on managed security systems.
  • Manage and optimize RBAC with least privilege and auditing; maintain separation of duties.
  • Perform monthly health checks to validate uptime, data quality, and control effectiveness; proactively remediate issues.
  • Provide actionable recommendations on security configurations; act as a trusted advisor to clients.
  • Work client requests end-to-end in the ticketing system, populating required fields, documenting findings, linking related tickets, and closing issues promptly.
  • Ensure all activities comply with organizational policies and regulatory requirements (e.g., CMMC, GDPR, HIPAA, PCI-DSS).
  • Contribute to cross-functional projects; stay current with emerging threats, technologies, and compliance standards; implement security best practices.
  • Insert responsibilities 

 Qualifications 

Required Qualifications: 

  • Bachelor’s degree (or equivalent experience) in cybersecurity, information technology, computer science, or a related field.
  • Hands-on administration of Microsoft 365 security: Entra ID (Azure AD), Intune, Conditional Access, and Microsoft Defender products (Endpoint, Identity, Office 365).
  • Proven experience administering SIEM, EDR, and email security solutions in an MSSP or enterprise environment.
  • Ability to create complex queries, detections, dashboards, and reports in SIEM/EDR solutions.
  • Strong troubleshooting skills for agent issues and policy configurations at both global and local levels.
  • Proficiency across Windows, Unix/Linux, and macOS operating environments.
  • Scripting familiarity with PowerShell, Python or Bash.
  • Strong knowledge of firewalls/UTMs, IDS/IPS, VPNs; excellent log analysis capabilities.

Preferred Qualifications: 

  • Microsoft security certifications (e.g., SC-300, SC-200, AZ-500, MD-102) or equivalent.
  • Experience administering Splunk Enterprise and Splunk Cloud (content management, data onboarding, search head/indexer administration, basic performance tuning).
  • Experience with Cribl (e.g., Cribl Stream) or similar observability pipelines.
  • Vendor-specific certifications such as Sumo Logic Cloud SIEM Administrator, CrowdStrike CCFA/CCFR/CCFH, Google Associate Cloud Engineer, Microsoft Azure Security Engineer Associate, AWS Cloud Practitioner.
  • Strong written and verbal communication skills with direct client-facing experience.

Perks 

·       Start-up company in a growth phase with opportunity for advancement based on performance 

·       Start-up culture with an office in downtown Salt Lake City, UT 

·       Competitive medical and dental benefits for employee and family members 

·       Other company-provided benefits such as short-term disability, basic life insurance, children’s orthodontia, with additional voluntary benefits available, and 401K match 

·       Flexible Paid Time Off policy 

·       Professional Development opportunities specific to role 

 

 

Jetzt bewerben

Weitere Jobs