Senior Security & Systems Engineer

About The Position

Requirements

• Ability to travel up to 50% of the time.
• 5+ years of experience in information security with a strong focus on incident response and remediation.
• Demonstrated experience responding to real-world security incidents.
• Hands-on experience with EDR, security monitoring, and endpoint and identity remediation.
• Strong understanding of attacker techniques, lateral movement, and persistence mechanisms.
• Working knowledge of scripting and automation (PowerShell, Python).
• Strong communication skills with experience supporting client-facing response efforts.
• Bachelor’s degree in Computer Science, Information Security, or equivalent hands-on experience.

Nice To Haves

• Security certifications such as CISSP, CISM, CEH, or CompTIA Security+ preferred.
• Experience in MSSP, consulting, or multi-client environments preferred.

Responsibilities

• Respond to active security incidents including ransomware, account compromise, malware outbreaks, and lateral movement.
• Analyze endpoint, identity, network, and log telemetry to determine scope, root cause, and attacker behavior.
• Execute containment actions across endpoints, identity platforms, and network infrastructure.
• Support eradication and recovery efforts to ensure secure restoration of services.
• Provide clear technical direction during live incident response activities.
• Identify control failures, misconfigurations, and visibility gaps that enabled the incident.
• Design and implement remediation plans addressing both immediate threats and underlying weaknesses.
• Perform security hardening across endpoints, servers, identity systems, and networks.
• Remove persistence mechanisms and validate clean recovery.
• Rebuild security baselines to prevent repeat incidents.
• Deploy, configure, and maintain modern security platforms, including:
• Endpoint Detection & Response (EDR)
• Security telemetry and log analytics platforms (SIEM, XDR, log pipelines)
• ELK / Elastic stack
• Email Threat Protection
• Integrate security telemetry and data sources to improve detection accuracy and investigation speed.
• Improve logging, alerting, and response workflows in environments with limitedor fragmented visibility.
• Conduct post-incident assessments and gap analyses.
• Identify vulnerabilities, misconfigurations, and systemic security debt.
• Implement preventative controls to reduce attacker dwell time and blast radius.
• Support vulnerability management and long-term risk reduction initiatives.
• Secure identity platforms using Active Directory, LDAP, SAML, and OAuth.
• Respond to identity and cloud-centric incidents including SSO abuse, token theft, and SaaS compromise.
• Assess and harden network security controls including firewalls, IDS/IPS, VPNs, VLANs, and TLS.
• Apply cloud security best practices across AWS, Azure, and Google Cloud environments.
• Identify and mitigate common application security vulnerabilities such as SQL injection, XSS, and CSRF.
• Introduce scripting and automation (PowerShell, Python) to accelerate response and reduce manual effort.
• Document rebuilt architectures, security controls, and response procedures.
• Collaborate closely with the Cyber Security Incident Response Project Manager to align technical execution with timelines and deliverables.
• Provide technical guidance and mentorship during response and remediation efforts.
• Contribute to future-state security architecture and resilience planning.