What is the role of a Sr. IT Security Manager at AGS LLC?

The Sr. IT Security Manager position at AGS LLC is a Full-time or part-time position opportunity in the Computer Software field.

Where is this Sr. IT Security Manager job located?

Atlanta, Georgia, 30303, United States

What type of employment is offered for this Sr. IT Security Manager role?

Full-time or part-time position

What is the expected salary for this Sr. IT Security Manager job?

Compensation will be discussed during the hiring process.

How can I apply for the Sr. IT Security Manager position at AGS LLC?

You can apply directly through the application link provided.

Sr. IT Security Manager at AGS LLC

Position Title: Sr. IT Security Manager

Description

Job Overview

The Sr. IT Security Manager owns the day-to-day and strategic leadership of AGSs identity, endpoint, and access security programs with a primary focus on Identity & Access Management (IAM), Endpoint Protection (EDR/XDR), Zero Trust Network Access (ZTNA), and Microsoft 365 security. The role combines hands-on technical depth with team leadership, driving automation, orchestration, and AI-assisted workflows to improve coverage, reduce risk, and accelerate response. This leader partners closely with Infrastructure, Network, Enterprise Apps, Compliance, HR, and Business Units to embed security by design and enable the business.

Responsibilities

Define and execute a 1224 month security roadmap across IAM, Endpoint, ZTNA, and M365 security, aligned to AGS risk appetite and business priorities.
Lead and mentor a high-performing team of security engineers/analysts; set goals, coach, and develop career paths.
Establish and report KPIs/KRIs (e.g., MFA coverage, privileged access reduction, endpoint EDR coverage, MTTD/MTTR, automation rate, false-positive reduction).
Own Microsoft Entra ID (Azure AD) governance: lifecycle (joiner/mover/leaver), Conditional Access, MFA, SSPR, PIM for just-in-time admin access, app registrations, and service principals.
Standardize role-based access (RBAC/ABAC) and least privilege across cloud/SaaS; integrate key apps via SSO.
Drive periodic access reviews and attestations; remediate toxic combinations and dormant access.
Lead Defender for Endpoint deployment, tuning, and health; enforce baseline hardening with Intune and device compliance policies.
Coordinate vulnerability remediation with IT operations; track SLA performance and risk reduction.
Operationalize device control, application control, and disk encryption policies.
Implement and evolve ZTNA to minimize lateral movement and replace legacy VPN patterns where feasible.
Partner with Networking to segment sensitive environments; continuously validate device/user posture before granting access.
Monitor access patterns and automate revocation/escalation on risk signals.
Administer Microsoft Defender suite (Email/Identity/Cloud Apps) and Purview (DLP, Insider Risk, Information Protection) with risk-based policies.
Tune detections, policies, and playbooks to reduce noise while improving catch-rate; manage quarantine and advanced hunting.
Operate Microsoft Sentinel (or equivalent SIEM): content management, KQL analytics, workbooks, and playbook (Logic Apps) automation.
Build and maintain automated triage and response for recurrent alerts (enrichment, containment, ticketing, comms).
Run incident response lifecycle (prepare, detect, contain, eradicate, recover, post-incident review) and tabletop exercises.
Use PowerShell, KQL, Graph API, Logic Apps/Power Automate, and CI/CD (e.g., GitHub/Azure DevOps) to codify controls and eliminate manual work.
Leverage Copilot for Security and AI capabilities within Microsoft Defender/Sentinel for faster investigation, guided response, and knowledge capture.
Align programs to frameworks (e.g., NIST CSF, CIS Controls, ISO 27001) and applicable regulations; maintain auditable evidence.
Own security policies/standards for IAM, endpoint, email, and access; run exception and risk acceptance processes.
Evaluate and manage security vendors and services (including MSSP where applicable); drive ROI and consolidation, prioritizing Microsoft security where fit-for-purpose.
Act as a security advocate with IT and business stakeholders; translate risk into business terms and clear narratives.
Provide regular briefings and metrics to leadership; create playbooks, runbooks, and user-facing guidance.
Integrate and manage Secure Service Edge (SSE) tools such as Zscaler, Global Protect, and similar solutions to enforce secure access.
Balance security requirements with user experience needs to ensure productivity while maintaining strong security posture.
Design and implement security controls for hybrid environments combining on-premises infrastructure and cloud-based systems.
Occasional travel throughout the United States

Qualifications

Microsoft Entra ID (Azure AD): Conditional Access, MFA, PIM, SSO/App integration, access reviews.
Microsoft 365 security: Defender for Endpoint/Identity/Email/Cloud Apps; Purview DLP & labeling.
Endpoint management: Intune MDM/MAM, compliance policies, security baselines.
ZTNA patterns and products (e.g., Microsoft Entra Private/Internet Access or equivalent), network segmentation concepts.
SIEM/SOAR operations (preferably Microsoft Sentinel), KQL, playbooks, and automation.
Scripting & automation (PowerShell, KQL, Graph API); infra-as-code or pipeline automation preferred.
Incident response fundamentals, digital forensics basics, and threat hunting.
Experience with SASE tools such as Zscaler, Global Protect, and similar platforms.
Proven ability to balance security and user experience needs in enterprise environments.
Experience working in hybrid environments with a mix of on-premises and cloud-based systems.

Skills/Requirements

Bachelors Degree in Computer Science, Information Security, Information Technology, or equivalent work experience.
At least 7 years of progressive experience implementing, designing, configuring, and maintaining enterprise security solutions across hybrid (on-premises and cloud) environments.
Hands-on expertise with Identity & Access Management (IAM), Endpoint Detection & Response (EDR/XDR), and Zero Trust Network Access (ZTNA) technologies.
Experience deploying and managing Secure Service Edge (SSE) platforms such as Zscaler, Palo Alto Global Protect, or similar.
Strong working knowledge of Microsoft 365 security features, including Defender for Endpoint, Defender for Identity, and Purview.
Proficiency with automation and orchestration tools (e.g., PowerShell, KQL, Logic Apps, SOAR platforms) to streamline security operations.
Demonstrated ability to balance robust security controls with positive user experience and business enablement.
Experience designing and enforcing security policies, procedures, and technical standards in accordance with industry frameworks (NIST, CIS, ISO 27001).
Familiarity with incident response, digital forensics, and vulnerability management processes.
Relevant certifications required or strongly preferred: Microsoft SC-100, SC-200, SC-300, SC-400, AZ-500; CISSP, CISM, GIAC, Security+, CySA+.

Preferred Certification:

Professional certifications such as CISSP, CISM, GIAC (GCIA/GCED/GSEC), Microsoft SC-100/SC-200/SC-300/SC-400/AZ-500, or equivalent.

Note: All offers are contingent upon successful completion of a background check.

Posted positions are not open to third party recruiters and unsolicited resume submissions will be considered free referrals.

AGS is an equal opportunity employer.

Equal Opportunity Employer, including disability/protected veterans

Sr. IT Security Manager at AGS LLC – Atlanta, Georgia

Explore Related Opportunities

About This Position

Scan to Apply

Job Location

Frequently asked questions about this position

Similar Jobs In Atlanta, Georgia

Apartment Maintenance Supervisor - Link Apartments® Canvas

Commercial HVAC Service Technician

Contracts Manager

Mobile Building Engineer

Maintenance/Service Manager- Atlanta Region, GA