Cybersecurity Engineer

About The Position

Requirements

• 5 - 7 years of hands-on experience in cybersecurity engineering, security operations, or a closely related technical security role.
• Strong working knowledge of Microsoft Azure and M365 security capabilities, including Entra ID (Azure AD), Conditional Access, Defender suite, and Purview.
• Experience deploying, managing, and tuning EDR platforms (e.g., SentinelOne, CrowdStrike, Microsoft Defender for Endpoint).
• Experience with SIEM platforms - log ingestion, correlation rule development, alert tuning, and dashboard creation (e.g., FortiSIEM, Sentinel, Splunk, or comparable).
• Demonstrated experience managing enterprise patching programs across Windows endpoints and servers, with familiarity in patch management tooling (e.g., WSUS, Intune, SCCM/MECM, or third-party solutions).
• Hands-on experience with vulnerability scanning platforms (e.g., Tenable, Qualys, Rapid7) including scan configuration, result analysis, and remediation workflow management.
• Ability to assess and prioritize vulnerabilities using contextual risk factors beyond raw CVSS scores, including asset exposure, exploit availability, and business impact.
• Solid understanding of identity and access management concepts including MFA, SSO, RBAC, and privileged access management.
• Familiarity with endpoint management tools such as Microsoft Intune and application control technologies like AppLocker.
• Experience with vulnerability management tools and processes (e.g., Tenable, Qualys, Rapid7).
• Working knowledge of common security frameworks and standards (NIST CSF, CIS Controls, MITRE ATT&CK).
• Competency in scripting for automation and reporting (PowerShell preferred; Python a plus).
• Strong analytical and problem-solving skills with the ability to investigate complex security events across multiple data sources.
• Excellent written and verbal communication skills - able to clearly explain technical security topics to both technical and non-technical audiences.
• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field - or equivalent practical experience.

Nice To Haves

• Experience working in financial services, wealth management, or another regulated industry.
• Hands-on experience supporting SOC 2 audits, including evidence collection and control validation.
• Experience with compliance automation platforms (e.g., Drata, Vanta).
• Familiarity with vendor risk management processes and third-party security assessments.
• Experience coordinating with managed security service providers (MSSPs) or managed SOC teams.
• Exposure to DNS filtering solutions (e.g., DNSFilter, Cisco Umbrella).
• Familiarity with business continuity and disaster recovery planning.
• Understanding of SEC, FINRA, or other financial services regulatory requirements as they relate to cybersecurity.
• One or more industry certifications such as: CompTIA Security+, CySA+, or CASP+ Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900) or Security Operations Analyst (SC-200) Microsoft Certified: Azure Security Engineer Associate (AZ-500) Microsoft Certified: Information Protection and Compliance Administrator Associate (SC-400) Microsoft Certified: Identity and Access Administrator Associate (SC-300) GIAC certifications (GSEC, GCIH, GCIA) Certified Information Systems Security Professional (CISSP) - Associate level acceptable Certified in Risk and Information Systems Control (CRISC)

Responsibilities

• Deploy, configure, tune, and maintain enterprise security tools including EDR, SIEM, email security, DNS filtering, and endpoint management platforms.
• Monitor security alerts and events across the environment, performing triage, investigation, and escalation of potential incidents.
• Manage and optimize detection rules, alerting thresholds, and automated response workflows within SIEM and EDR platforms.
• Support the administration and enforcement of Conditional Access Policies, application control policies (AppLocker), and identity and access management configurations within Microsoft Entra ID (Azure AD).
• Assist with the deployment and management of mobile device management (MDM/MAM) policies through Microsoft Intune.
• Conduct vulnerability assessments and coordinate remediation efforts with IT infrastructure and application teams.
• Develop and maintain PowerShell or Python scripts to automate routine security tasks, reporting, and data collection.
• Manage the end-to-end vulnerability management lifecycle - scanning, prioritization, remediation tracking, and validation across servers, endpoints, and cloud resources.
• Coordinate and execute OS and third-party application patching across the environment, ensuring timely remediation of critical and high-severity vulnerabilities in alignment with established SLAs and maintenance windows.
• Triage vulnerability scan results and prioritize remediation based on exploitability, asset criticality, and environmental context - not just raw CVSS scores - while developing compensating controls and risk acceptance documentation for vulnerabilities that cannot be immediately patched.
• Monitor threat intelligence feeds and vendor advisories (Microsoft Patch Tuesday, CISA KEV catalog, vendor-specific bulletins) and track patching compliance metrics to support both proactive risk reduction and SOC 2 audit evidence requirements.
• Participate in incident detection, investigation, containment, and remediation activities.
• Perform log analysis and forensic investigation across endpoint, network, identity, and cloud environments.
• Document incidents thoroughly, including root cause analysis, timeline reconstruction, and lessons learned.
• Coordinate with the managed SOC provider on alert escalation, tuning requests, and incident handoff procedures.
• Contribute to the development and testing of incident response playbooks and procedures.
• Support the ongoing maintenance of SOC 2 Type 2 compliance, including evidence collection, control testing, and audit coordination through our compliance automation platform (Drata)
• Assist with the development, review, and enforcement of cybersecurity policies, standards, and procedures.
• Contribute to vendor security assessments and due diligence reviews as part of our vendor risk management program.
• Support Business Continuity Plan (BCP) documentation, tabletop exercises, and testing activities.
• Help prepare materials and reporting for the Cyber Risk Steering Committee (CRSC) and other governance bodies.
• Support the development and delivery of security awareness training and phishing simulation campaigns.
• Serve as a knowledgeable security resource for IT colleagues and the broader organization, translating technical concepts into clear, actionable guidance
• Collaborate with cross-functional teams including IT infrastructure, compliance, and risk management to integrate security into business processes.

Benefits

• Health, dental, and vision insurance – day 1!
• 401(k) savings and investment plan options with 4% match
• Flexible PTO policy
• Parental Leave
• Financial assistance for advanced education and professional designations
• Opportunity to give back time to local communities
• Commuter benefits