Sr. IT Security Engineer

About the Company

A professional services organization with a strong focus on data privacy, security, and regulatory compliance is seeking a Senior IT Security Engineer to own and mature its enterprise security program. This is a hands‑on, high‑impact role for someone who thrives in a lean environment, communicates well across technical and non‑technical teams, and wants end‑to‑end ownership of security strategy and execution. You will be responsible for securing all day‑to‑day systems across the organization, partnering closely with IT leadership, executive stakeholders, and external vendors. The environment supports ~130 end users and operates primarily in a modern cloud‑first ecosystem.

About the Role

The Senior IT Security Engineer will be responsible for securing all day‑to‑day systems across the organization, partnering closely with IT leadership, executive stakeholders, and external vendors.

Responsibilities

• Own the organization’s entire security lifecycle, from strategy and policy through execution and continuous improvement
• Lead penetration testing, vulnerability scanning, and risk assessments, recommending and implementing remediation plans
• Serve as the primary owner of incident response planning, testing, and execution
• Develop, maintain, and enforce security policies, standards, and compliance procedures
• Ensure compliance with GDPR and HIPAA, with future expansion into ISO certification
• Act as the primary point of contact for third‑party audits, security questionnaires, and vendor security reviews
• Manage relationships with external security partners (SOC, EDR, and other vendors)
• Administer and maintain endpoint and identity security controls across the organization
• Deliver security awareness training and guidance to internal users
• Provide security leadership and input into new technology and platform decisions
• Monitor systems, review alerts, and present security posture reporting to leadership
• Collaborate cross‑functionally with IT, leadership, and external partners to embed security into all initiatives

Qualifications

• 5+ years of experience in a Security Engineering or Security Operations role
• Proven experience owning security programs in a small‑to‑mid sized organization
• Strong understanding of vulnerability management, incident response, and compliance
• Hands‑on experience with security tooling such as SIEM, EDR, IDS/IPS, firewalls, VPNs, and endpoint security
• Working knowledge of GDPR, HIPAA, and general security frameworks (ISO, SOC, etc.)
• Experience with Azure identity and security components, including MFA and enterprise applications
• Ability to communicate clearly with technical teams, leadership, and non‑technical users
• Comfortable operating autonomously with accountability and visibility

Required Skills

• Industry certifications such as CISSP, CISM, or similar
• Experience in regulated industries (professional services, legal, financial, healthcare)

Preferred Skills

• Industry certifications such as CISSP, CISM, or similar
• Experience in regulated industries (professional services, legal, financial, healthcare)