Systems Engineer

This Systems Engineer role is responsible for the design, implementation, management, and continuous improvement of cloud and security solutions across the neteffect client portfolio. Primary focus areas include Microsoft Entra ID, Azure, Microsoft 365, cloud app security (CASB/MDCA), and emerging governance challenges around AI and Shadow IT.

You'll serve as a technical resource for escalations, handle complex project work, conduct security reviews, and help define standards and best practices for the broader engineering team., Cloud Architecture & Administration

• Design, implement, and manage Microsoft Azure environments including compute (VMs, scale sets), storage, networking (VNets, NSGs, DNS), and supporting infrastructure
• Deploy and manage Entra-joined devices using Kerberos Cloud Trust for seamless SSO to on-premises resources without requiring legacy domain join
• Administer Microsoft 365 tenants across the client portfolio - Exchange Online, SharePoint, Teams, and OneDrive
• Manage Entra ID including Conditional Access policies, Entra join, SSPR, and authentication methods
• Implement and maintain Windows Hello for Business and Entra-native MFA/phishing-resistant authentication
• Deploy and manage Intune/Autopilot for endpoint lifecycle management across Windows and macOS

Security & Compliance

• Architect and enforce Conditional Access policies with Authentication Strength, compliant device requirements, and named location controls
• Deploy and tune Microsoft Defender for Cloud Apps (MDCA) for Shadow IT discovery, OAuth app governance, and session/access policy enforcement
• Investigate and respond to identity-based threats - AiTM attacks, BEC incidents, token replay, and suspicious sign-in activity - using UAL, Entra sign-in logs, and available XDR/SIEM tooling
• Lead AI Governance efforts for client environments: govern Microsoft 365 Copilot deployment, assess shadow AI risk, classify sensitive data exposed to AI workloads, and implement Purview-based controls
• Support compliance frameworks including PCI DSS, HIPAA, and NIST CSF as applicable
• Coordinate with third-party security vendors (Arctic Wolf, SentinelOne, ThreatLocker, Check Point Harmony/Avanan) on alert triage, investigation, and response

Identity & Access Management

• Own the identity stack: Entra ID, Entra Connect (where legacy on-prem sync exists), ADCS, and PKI
• Conduct periodic access reviews, privileged identity audits, and MFA posture assessments across the client base
• Drive adoption of zero-trust principles through policy, tooling, and client education
• Support RBAC design in Azure and M365 for least-privilege access models

Shadow IT & Cloud App Governance

• Discover and inventory unsanctioned cloud application usage using MDCA and network log integration
• Classify and assess risk of shadow applications; build remediation and sanctioning workflows with client stakeholders
• Define and enforce cloud app policies, block high-risk apps, and configure real-time session controls
• Build reporting dashboards and executive summaries on cloud app risk for client leadership

Engineering Standards & Escalation

• Serve as an escalation point for the engineering team on complex cloud, identity, and security issues
• Develop and maintain runbooks, configuration standards, and decision frameworks for cloud and security domains
• Conduct post-incident reviews and produce RCAs for significant security events or outages
• Deliver internal training on evolving Microsoft technologies and best practices

Client Engagement & Strategy

• Engage directly with client IT leadership and executive stakeholders on security posture, roadmap planning, and risk
• Produce and present clear, actionable reports on security findings, cloud spend efficiency, and governance gaps
• Participate in QBRs and strategic planning meetings as a technical advisor, * Arctic Wolf - managed detection and response (MDR) with SOC-as-a-service; you'll work directly with their team on alert triage and investigations
• ThreatLocker - application allowlisting, storage control, and ringfencing; you'll manage policies and handle blocked application escalations
• Check Point Harmony (Avanan) - cloud email security for Microsoft 365 and Google Workspace; phishing, BEC, and malware detection
• Breach Secure Now - security awareness training and dark web monitoring for end-user education across clients

Backup & Disaster Recovery

• Veeam Backup & Replication - primary backup platform for on-premises and cloud workloads; experience with repository management, job design, and restore testing is valuable

Network Monitoring & Documentation

• Auvik - network monitoring, topology mapping, and configuration backup; used for visibility across client network infrastructure
• IT Glue - documentation platform for network diagrams, credentials, SOPs, and asset records; keeping documentation accurate is a shared responsibility on the team

Do you have experience in macOS?, Do you have a Bachelor's degree?, * 4-7 years of IT experience with at least 3 years focused on Microsoft cloud technologies

• MSP experience required - you understand multi-tenant management, client accountability, and the discipline of working across varied environments simultaneously
• Demonstrated hands-on experience with Entra ID, Azure, and Microsoft 365 administration at an engineering level
• Experience investigating security incidents involving identity compromise, BEC, or cloud-based threats

Technical Skills - Required:

• Microsoft Entra ID: Conditional Access, cloud-native identity (Entra join), authentication methods, PIM, app registrations
• Microsoft 365: Exchange Online, SharePoint, Teams, Intune, Autopilot
• Azure: compute, storage, networking, Azure Files, Entra Kerberos (Cloud Trust), core infrastructure fundamentals
• Microsoft Defender for Cloud Apps: app discovery, OAuth governance, session policies, CASB functionality
• Endpoint management: Intune/Autopilot, Windows Hello for Business, compliance policies
• Security operations: UAL/audit log analysis, Entra sign-in log triage, identity threat investigation
• Networking: TCP/IP, DNS, DHCP, VLANs, firewall concepts

Technical Skills - Preferred:

• Microsoft Purview: sensitivity labels, DLP, communication compliance, AI hub governance
• Entra ID Governance / Identity Governance and Administration (IGA)
• Microsoft Sentinel or other SIEM/SOAR platforms
• PowerShell scripting for automation, reporting, and bulk management tasks
• Azure cost management, resource optimization, and right-sizing

Preferred Tool Experience

Familiarity with any of the following is a strong plus. You won't be expected to know all of them on day one, but comfort learning new platforms quickly is essential:

PSA, RMM & Remote Access

• ConnectWise Manage - ticketing, time entry, billing, and project management
• ConnectWise RMM (Asio) - cloud-native RMM for endpoint monitoring, patching, and scripted automation
• ConnectWise ScreenConnect - remote access and support sessions, * Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900)
• Microsoft Certified: Identity and Access Administrator Associate (SC-300)
• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• Microsoft Certified: Azure Administrator Associate (AZ-104)

Soft Skills - Critical for Success

• Ability to communicate complex security and cloud concepts clearly to non-technical stakeholders
• Strong documentation discipline - you write things down so others can follow
• Self-directed and capable of managing multiple concurrent workstreams without close supervision
• Root cause mindset - you want to know why something happened, not just fix it and move on
• Professional presence and ability to represent neteffect technologies at the client executive level, * Bachelor's degree in IT, Computer Science, or related field - OR equivalent professional experience
• Valid driver's license with clean driving record and appropriate insurance coverage
• Ability to lift up to 50 pounds occasionally
• Ability to pass background check and drug screening upon offer

Why Join neteffect technologies?

If you've been doing deep Microsoft cloud and security work - managing Entra ID at scale, chasing down AiTM attacks, leading Shadow IT discovery efforts - and you're ready to bring that expertise to a role where it directly shapes client outcomes and company strategy, we'd like to talk.

Pulled from the full job description

• 401(k)
• Health insurance
• 401(k) matching
• Paid time off
• Dental insurance, * Competitive salary commensurate with experience
• Comprehensive health and dental insurance
• 401(k) with company matching
• Paid time off
• Performance-based bonus opportunities

Professional Development

• Certification support and exam reimbursement
• Access to Microsoft partner resources, labs, and early-access programs
• Mentorship and collaboration with experienced MSP engineers and leadership
• Meaningful work that directly shapes client security posture and cloud maturity

Work Environment

• Small-company culture that values technical depth, accountability, and autonomy
• No excessive bureaucracy - you'll have room to make decisions and move fast
• Hybrid work model: time split between the neteffect technologies office in Charlotte and client site visits
• Monday-Friday, day shift, with occasional after-hours or on-call support as needed, * 401(k)
• Dental insurance
• Health insurance
• Paid time off

We're looking for a Systems Engineer with deep expertise in Microsoft cloud technologies to join our engineering team. This is a technical position for someone who lives in the Microsoft stack and wants to push the boundaries of what modern cloud security and management look like for a growing portfolio of business clients. At neteffect technologies, you'll work across a diverse client base, architecting and managing solutions in Azure, Microsoft 365, Entra ID, and cloud security tooling. You'll be the subject matter expert our team and clients turn to when cloud governance, identity security, or AI risk questions arise., Founded in 1991 and based in Charlotte, NC, neteffect technologies is an established Managed Service Provider delivering managed IT, cloud, security, virtualization, and telecom solutions to businesses across the region. We operate as a true technology partner - taking ownership of our clients' IT environments so they can focus on running their business. Our engineering team supports a diverse portfolio of clients, backed by strong leadership and a culture of accountability and continuous improvement. What Makes This Role Different * Own the Microsoft cloud stack - you'll be a cloud and security SME the team escalates to * Real influence on security posture - from CA policy design to Shadow IT discovery to AI governance framework rollout * Work across a varied client base - no two environments are the same; you'll see it all * Collaborate with leadership on strategy - not just execution, but helping shape how we approach cloud and security as an MSP * Access to a fully resourced toolset across PSA, RMM, security, backup, and documentation platforms.