SecOps Engineer

SECOPS ENGINEERLocation: Burlington, VTWho We AreOpen Approach is a values-driven, client-focused IT services company based in Burlington, Vermont. We deliver exceptional managed technology and phenomenal client support to organizations across New England and beyond. Our focus is on long-term partnerships built on trust, transparency, and shared success, not sales quotas.We earn our client's business every month by staying relentlessly focused on their success. From the very first interaction to ongoing evolution, we aim to provide seamless experiences grounded in understanding, integrity, and practical solutions. We believe in making thoughtful, informed decisions and creating a lasting impact instead of quick fixes. This translates into long-term relationships with our clients that are rewarding on many levels.At our core, we value equity, humility, excellence, accountability, innovation, and openness. These guide everything we do, from how we collaborate internally to how we support clients through complex technical challenges.We are continually refining our team, enhancing our capabilities, and investing in talent to drive forward meaningful change. We embrace candid feedback, own our outcomes, and strive to improve every day. If that sounds like the kind of company you want to grow with, we would love to hear from you.THE ROLEThis isn't a traditional SOC role where you sit and watch dashboards all day. Yes, you'll be involved in incident response, but your real focus is on building, improving, and evolving the security systems and processes behind everything we do at Open Approach and for our clients.You'll serve as the primary escalation point for our Security Operations Analyst. When things get complex, they will come to you. You will own the deeper investigations, lead advanced response efforts, and ensure we deliver consistent, high-quality outcomes every time. Outside of incidents, you'll spend your time designing, implementing, and optimizing our security stack: SIEM, EDR, vulnerability management, and the rest. You'll tune out the noise, sharpen detection, and make our tools work the way they should.A big part of this role is research and automation. We want someone who looks at a manual process and immediately thinks, "How do I make this faster, better, or unnecessary?" You'll identify gaps, evaluate new tools, and build the automation that makes the whole Security Operations team more effective.You'll also support compliance work, including the technical implementation and validation of controls across frameworks such as CMMC, HIPAA, and CJIS. Not the paperwork side. The hands-on, make-it-actually-work side.You should be someone who enjoys building better systems, not just reacting to alerts. Specifically:Highly technical and genuinely passionate about cybersecurityCurious, always poking at systems and looking for ways to improve themComfortable digging into complex problems and owning them from start to finishA strong collaborator who works well alongside othersMotivated to automate and optimize, not just maintainAble to communicate clearly with both technical and non-technical audiencesA note on experience: We need someone with a solid technical foundation, but if you're the right person and you're missing a few of the skills listed below, that's okay. We're happy to train, guide, and invest in you. What we can't teach is the mindset.THE SPECIFICS OF THE JOBResponsibilitiesAct as the escalation point for complex security incidents and investigationsDesign, implement, and optimize security tools and platforms (SIEM, EDR, vulnerability management, etc.)Lead advanced incident response investigation, containment, remediationDevelop automation and improve processes to reduce manual effort and increase efficiencyResearch and evaluate new security tools and technologiesTune alerts, cut false positives, and sharpen detection capabilitiesSupport compliance initiatives through technical control implementation and validationCollaborate with internal teams to ensure security solutions are properly deployed and maintainedCreate and maintain documentation, standards, and repeatable processesContribute to the ongoing maturity of the Security Operations programJob RequirementsA working understanding of firewalls, IDS/IPS, endpoint protection, and other core security technologies.The ability to look at security events and incidents and connect the dots by identifying threats, patterns, and vulnerabilities.Security work lives and dies in the details. Incidents need to be thoroughly investigated and properly resolved.You uphold our operational and security standards and have a sharp eye for where they're not being met.This field moves fast. You need to genuinely enjoy keeping up with new technologies, trends, and best practices.The ability to prioritize effectively, especially when multiple incidents or projects compete for your attention.Maintaining standards, managing change, and building repeatable processes are foundational to how we operate.Understanding of AD architecture (users, groups, computer objects) with a security focus. Experience with Group Policy design and management. Familiarity with hybrid identity environments and synchronization between on-prem AD and Azure/Entra ID. Ability to spot and fix common identity and access risks.Solid grasp of core networking (DHCP, DNS, routing, switching) and how it all ties into security. Familiarity with remote access technologies (SSL VPN, IPSec VPN). Understanding of segmentation, least privilege, and traffic flow analysis. Ability to troubleshoot network related security issues across layered environments.Strong understanding of M365 and Intune security capabilities such as device management, policy enforcement, Conditional Access, authentication methods, identity protection. Familiarity with email security, mail flow, and integration with security platforms. Ability to assess and improve security posture across Microsoft cloud environments.Hands-on experience with SIEM, EDR, IDS/IPS, firewalls, and vulnerability management tools. Ability to analyze alerts, investigate incidents, and track threats across platforms. Understanding of alert tuning, noise reduction, and detection and response fundamentals. Familiarity with vulnerability assessments and risk analysis. Basic understanding of cryptographic concepts and their practical applications.Experience with IR processes: triage, containment, investigation, and recovery. Ability to analyze complex incidents, determine root cause, and drive remediation. Understanding of the IR lifecycle and how to reduce impact while improving future response.Additional Experience And SkillsFamiliarity with platforms like Hyper-V or VMware. Understanding of how virtualized environments affect security isolation, snapshotting, and investigation workflows. Comfortable using virtualization tools for testing and validating security configurations.Understanding of firewall technologies, rule creation, and policy management. Ability to implement rules aligned with best practices and troubleshoot traffic to catch misconfigurations or threats.Understanding of public vs. private DNS architecture. Knowledge of common record types (A, CNAME, MX, SPF, DKIM, TXT) and their role in email security. Comfortable troubleshooting DNS issues using command-line and diagnostic tools.Working knowledge of NIST, CIS, and ISO frameworks. Familiarity with compliance driven environments and how technical controls map to regulatory requirements. Ability to support implementation and validation of controls for CMMC, HIPAA, or CJIS.Experience & CertificationsWe require at least 3 years of cybersecurity experience, preferably with an MSP or past MSP experience outside of cybersecurity. Life in an MSP demands deep, wide technical knowledge, and it can be overwhelming without the right foundation. We want this to be the right fit for you, not a sink-or-swim situation.Certifications aren't required, but they're strongly encouraged and show commitment to growth. Relevant certifications include Security+, Microsoft Security (SC-series), or similar foundational cybersecurity and cloud certifications. More advanced certs like CISSP or CCSP are a plus for experienced candidates.BenefitsHealth, dental, and vision coverage with generous employer contributionsCompany-sponsored Life, STD/LTD Disability, and Workers’ Compensation401(k) with 4% match starting day oneGenerous PTO (starting at 16 days, plus paid holidays. 20 days on your 1 year anniversary)Fully paid parental leaveSmartphone stipend for on-call rotationWeekly company lunches, coffee, snacks, and a pet-friendly officeHow Not To ApplyForget to write a good cover letter, so that we have no way of knowing how articulate you really areInclude a lot of grammatical and structural errors in your letter and resumeHide your personality so we can’t tell a thing about you, other than that you are highly efficient in Microsoft WordThank you for your interest, and best of luck in your search for work.Learn more about us at www.openapproach.com