Lead Security Engineer

REPORTING RELATIONSHIP

POSITION REPORTS TO : ASSOCIATE DIRECTOR IT.

POSITION SUMMARY

The Lead Security Engineer is responsible for architecting, implementing, and governing Company’s enterprise security controls across hybrid environments. Reporting Associate Director IT and closing work with the Sr. Director, Infrastructure & Security, this role provides hands-on technical leadership while guiding a team of security engineers in the execution of security operations, architecture, monitoring, identity security, and compliance initiatives. This position will play a key role in advancing Company’s Zero Trust strategy, strengthening enterprise defenses, and ensuring alignment with regulatory and governance frameworks such as SOC 2, NIST, and ISO 27001.

JOB RESPONSIBILITIES

Security Architecture & Engineering

• Lead the design and implementation of enterprise security architecture across on-prem and cloud environments.

• Architect secure Azure/AWS configurations, including IAM, network controls, and cloud-native security tooling.

• Review and optimize Network Firewall/Switch deployments to establish least-privilege network access.

Threat Detection, Monitoring & Response

• Manage Microsoft NDR/XDR platforms, ensuring effective alerting, tuning, and mitigation workflows.

• Oversee SIEM operations (Sumo Logic), including correlation rules, dashboards, and incident triage.

• Serve as Level 3 escalation for complex security incidents.

Identity, Access & Zero Trust

• Design and implement secure identity strategies using Microsoft Entra ID.

• Govern MFA, SAML, OIDC, RBAC, and Zero Trust policies across the enterprise.

Email Security & User Protection

• Manage DMARC, SPF, DKIM enforcement and email threat protection programs.

• Lead phishing simulation and user awareness programs.

Governance, Compliance & Risk Management

• Maintain security policies, playbooks, and procedures aligned to SOC 2, NIST, ISO 27001.

• Lead SOC 2 audits, evidence collection, and remediation tasks.

• Conduct vulnerability assessments, risk reviews, and remediation oversight.

Leadership & Cross-Functional Collaboration

• Supervise, mentor, and guide a team of security engineers.

• Partner with Infrastructure, Cloud, DevOps, and AppDev teams to embed security into system design and processes.

• Present executive-level reporting on security posture and risk.

KNOWLEDGE, SKILLS, ABILITIES AND RESPONSIBILITIES

Education and Experience

• Bachelor’s degree in Computer Science, Information Security, Engineering, or a related field, or

equivalent hands‐on experience.

• 8–10 years of experience in cybersecurity engineering, including securing hybrid cloud and on‐premises environments.

• Minimum 2–3 years leading, supervising, or mentoring a technical security engineering team.

• Experience working with SOC 2, NIST, or ISO 27001 frameworks.

• Master’s degree or security leadership certifications are a plus.

Technical Skills

• Expert‐level knowledge of network security technologies, including firewalls, VPN solutions, intrusion detection/prevention systems, and secure network architecture principles.

• Strong hands‐on experience securing Azure and AWS cloud environments, including IAM, network controls, and cloud‐native security tools.

• Deep expertise with Microsoft Defender NDR/XDR technologies (Defender for Endpoint, Identity, Cloud).

• Operational experience with Sumo Logic or similar SIEM platforms, including log ingestion, correlation, and alert tuning.

• Strong understanding of identity security, MFA, SAML, OIDC, RBAC, and Zero Trust architectures.

• Practical experience implementing DMARC, SPF, DKIM, and email threat protection technologies.

• Thorough knowledge of NIST, ISO 27001, SOC 2 Trust Services Criteria, and security governance best practices.