Senior Security Engineer

Security Engineer

Company Overview

Provisions Group is a dynamic IT consulting and staffing firm headquartered in Franklin, Tennessee, with over 200 team members nationwide.

Founded in 2003, the company is known for its people-first culture and award-winning workplace, including recognition as a Nashville Business Journal Best Places to Work.

Provisions Group offers a wide range of services—from cloud, cybersecurity, and data analytics to CRM, application development, and healthcare IT—serving clients across industries with a strong focus on strategic advisory and scalable talent solutions.

As a Microsoft Gold, AWS, and Salesforce Partner, and with recent acquisitions expanding its AI and cloud capabilities, Provisions Group continues to grow as a trusted technology partner and a top employer in the region.

Position Purpose

This role is crucial in maintaining the cybersecurity and risk management standards across our firm. Responsible for identifying and assessing both internal and external threats, monitoring network activities for any malicious actions, and investigating intrusions and other security events.

This employee will become and remain the authority on current state security architecture. They will architect the future state of our security, and document it using a 12 month roadmap.

Reports to

Director of IT

Must Haves

• Communication skills, especially explaining system intent and mechanics.
• Able and willing to write documentation
• Desire and ability to be hands-on, including direct, day-to-day work with the Microsoft Defender Suite.
• Multi-position thinker. Has to be able to consider all perspectives. Has to be able to think broadly about strategy.

Core Responsibilities

· Threat Identification and Risk Management: Identify and evaluate internal and external threats to the firm, ensuring proactive measures are in place, and assist in the development and implementation of strategies to manage and mitigate security risks.

· Network Monitoring and Incident Investigation: Continuously monitor the network for signs of malicious activity and potential breaches, and investigate security incidents, intrusions, and other events to determine the root cause and extent of the damage.

· Policy Development and Collaboration: Contribute to the creation and maintenance of security policies, procedures, and protocols. Work closely with other departments to ensure comprehensive security measures are in place and to promote security awareness across the firm.

· Documentation and Reporting: Maintain detailed records of security incidents and measures taken to resolve them, providing regular reports and updates to senior management.

· Collaboratively troubleshoot, implement, and refine security controls around:

o Conditional Access

o Single Sign On

o E-mail and collaboration

o Defender Suite

o Endpoints

o Azure Cloud Architecture

· Manage the partnership with Red Canary who provides our SIEM

· Manage threat simulations and employee feedback

· Experience with Purview, Data Classification, and Data Loss Prevention preferred

· Log Management, Alerting, and Notification

· Exposure to Data Platforms, Containers, Cloud Native Applications preferred

Essential Skills and Experience

· Education: Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

· Experience: Proven experience in a security engineering role, preferably within a similar industry.

· Technical Skills: Proficiency in network security, incident response, and threat analysis. Familiarity with security tools and technologies involved in M365, Azure, Red Canary, FortiGate, and Endpoints (Windows and mac)..

· Certifications: Relevant certifications such as CISSP, CEH, CISM
,
or other related Microsoft certifications are preferred.

· Problem-Solving: Strong analytical and problem-solving skills, with the ability to think critically and act decisively under pressure.

· Communication: Excellent verbal and written communication skills, with the ability to explain complex security issues to non-technical stakeholders. Able to train other staff on emerging system mechanics and processes.

· Documentation: Creates visual and written documentation in a way that successfully communicates the essence of a technical issue and the mechanics involved.

· Automation: maintains and creates scripted automations for use in various systems