Principal Security Engineer

About The Position

Requirements

• 7+ years across IT and cybersecurity, including a hands-on technical foundation and 3+ years driving a security program as a senior individual contributor
• Proven ability to both implement technical controls and author the policies and governance behind them
• Experience securing a public and/or regulated, multi-site environment (e.g., SOX, FINRA, FAA), including audit and control ownership
• Command of NIST CSF, ISO 27001, CIS, and SOX/ITGC, with experience owning control evidence through external audits
• Strong cloud (Azure and/or AWS) and enterprise network security—firewalls, VPNs, segmentation, and IDS/IPS
• Hands-on with SIEM (e.g., Microsoft Sentinel) and endpoint protection (e.g., SentinelOne), plus scripting (PowerShell and/or Python) and identity hardening (AD/Entra ID)

Responsibilities

• Drive the technical cybersecurity strategy and roadmap; report security posture and material risk to senior leadership
• Design, configure, and maintain hands-on controls across network, endpoint, identity, and cloud (firewall rules, segmentation, VPNs, IDS/IPS, EDR, MFA)
• Develop and maintain security policies aligned to NIST CSF, ISO 27001, and CIS and to regulatory requirements, ensuring controls actually enforce them
• Manage and tune the security stack (SIEM, EDR, email security); build detection rules, alerts, and dashboards
• Lead incident response end to end and drive risk-based vulnerability and patch management to closure across infrastructure, endpoints, and cloud
• Own the controls framework and third-party/vendor risk program, coordinating with internal audit/GRC and the legal team
• Collaborate with MSP and vCISO (managing scope, SLAs, escalation) while keeping core decisions in-house
• Harden identity infrastructure (AD/Entra ID) and run the security awareness program across sites