Senior Security Engineer

Greenlight Networks•Rochester, NY

About The Position

The Senior Security Engineer is responsible for owning and advancing the organization’s overall security posture across infrastructure, cloud platforms, endpoints, applications, and data. This role combines strategic leadership, operational ownership, and hands-on technical expertise. This position will interface with our SOC vendor to ensure security tooling, monitoring, and findings translate into effective risk reduction and continuous improvement. You will work closely with cross-functional teams including IT, Network Engineering, Legal, HR, Compliance, and external partners to design, implement, document, and evolve security controls, policies, and procedures that support the business today and scale with future growth in a rapidly evolving environment.

Requirements

Network Security principles (firewalls, VPNs, routing, VLANS)
Security Protocols
Cloud Security
Network monitoring solutions
Incident response and digital forensics.
Understanding network architecture is a strong plus.
Critical thinking skills and ability to solve complex problems.
Knowledge of Database security and a variety of operating systems.
Proven experience developing, operating and maintaining security systems.
Familiarity with data protection regulations (GDPR, CCPA) and privacy-by-design principles.
Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
6+ years of experience in cybersecurity or security engineering roles, with demonstrated ownership of security initiatives.
Experience operating at a senior or lead level, influencing across teams without direct authority.

Nice To Haves

Relevant certifications such as CISSP, CISM, CCSP, or similar are a plus, but practical experience is valued equally.

Responsibilities

Own and evolve the company’s security strategy, roadmap, and maturity over time, aligning security investments with business risk and priorities.
Establish, maintain, enforce, and improve security policies, standards, procedures, and documentation in coordination with Legal, HR, Compliance, Privacy, and IT leadership.
Define and oversee security architecture principles across on-prem, cloud, endpoint, and SaaS environments.
Act as a trusted advisor to leadership on security risk, tradeoffs, and priorities.
Serve as the primary point of contact and escalation for the managed SOC provider.
Review and validate alerts, investigations, vulnerability findings, and recommendations from the SOC.
Ensure SIEM, XDR, EDR, vulnerability management, and related tools are tuned, effective, and delivering measurable value.
Translate SOC outputs into prioritized remediation plans and coordinate execution with internal teams.
Lead threat modeling, security risk assessments, and architecture reviews for new and existing systems.
Oversee vulnerability management activities, including scanning, prioritization, remediation, and verification.
Independently remediate security issues where appropriate, and partner with system owners, developers, and infrastructure teams where shared responsibility exists.
Support incident response activities, including coordination with the SOC, root cause analysis, containment, remediation, and post-incident improvement.
Contribute hands-on expertise across environments including: Microsoft 365 and identity platforms, Endpoints (PCs, laptops, EDR), Network and perimeter security including firewalls and VPN, Virtualized and Linux-based servers (RHEL primarily), AWS and cloud-native services.
Coordinate and participate in regular security audits, vulnerability scan remediations, and penetration testing.
Contribute to business continuity and disaster recovery planning, testing, and improvement.
Partner with compliance and privacy stakeholders to ensure security controls align with regulatory and contractual obligations.
Support privacy and data protection initiatives, including PIAs, security reviews of data-processing systems, and technical input for data subject requests.
Assess and integrate security controls for acquired or merged companies.
Participate in due diligence activities related to mergers and acquisitions.
Evaluate vendor security posture regarding security practices, risks, and business continuity.
Evaluate and monitor third-party applications and systems for adherence to sufficient security standards.
Promote a culture of security awareness and shared responsibility across the organization.
Provide guidance and practical support to teams in designing, building, and operating systems securely.
Partner with the Data Privacy Officer to ensure security controls align with privacy obligations.
Define and enforce data classification, retention, and secure disposal standards.
Support data subject rights requests (access, deletion, portability) from a technical/security perspective.
Conduct privacy impact assessments (PIA’s) and security reviews for systems that process personal data.