Information Security Senior Engineer

Job Summary

The Senior Information Security Engineer is a vital contributor on our growing security team. In this role, the Senior Engineer won’t just be responding to alerts—they will help design, build, and refine the tools, controls, and processes that protect our company. This is a senior-level engineering role focused on making a direct impact on our enterprise security posture, working across network, cloud, endpoint, and application layers. This role will be part of a collaborative environment where you’ll lead complex initiatives, contribute to our security strategy, and help level up the team.

The Senior Information Security Engineer will work in a hybrid IT environment (on-prem and cloud), with an emphasis on security automation, network and endpoint protection, and other security platforms/tooling. This is an opportunity to be part of a mature yet evolving security organization where technical input matters.

Job Responsibilities

• Lead the design and deployment of security tooling, including firewalls, intrusion prevention systems, EDR, DLP, and cloud-native controls
• Build and maintain security automation around threat detection, response, and compliance reporting
• Partner with infrastructure, app dev, and cloud teams to embed security into projects and platforms
• Evaluate, test, and implement new tools and capabilities based on threat landscape and internal needs
• Collaborate with the Security Architecture team by providing technical input and context during architecture reviews, threat modeling, and risk assessments to ensure practical, implementable security controls
• Drive continuous improvement of existing security controls—identifying gaps, tuning configurations, and retiring legacy solutions
• Support the SOC during incident response by providing infrastructure and tooling expertise, assisting with containment efforts, and implementing post-incident improvements
• Mentor junior staff and contribute to team development through documentation, process design, and knowledge sharing

Technology Used

• NGFWs, IDS/IPS, WAFs, proxies, micro segmentation, and VPNs (e.g., Palo Alto, F5, VMware NSX)
• Endpoint protection and management tools (e.g., CrowdStrike)
• Cloud platforms (AWS and Azure) with a focus on secure configurations and native security services
• Email security tools (e.g., Abnormal, Proofpoint, Microsoft 365)
• Microsoft Sentinel (SIEM) and Tines (SOAR); contribute to detections and automation in collaboration with the SOC
• Scripting and automation using Python, PowerShell, or Bash
• DevSecOps practices and tools (e.g., Azure DevOps) for automation, CI/CD, and infrastructure-as-code workflows

Job Qualifications

• 5+ years of experience in Information Security or a related field.
• Bachelor's degree in Computer Science, Information Technology or a related field and/or commensurate experience.
• Deep knowledge of enterprise security tools and frameworks (e.g., NIST CSF, CIS Controls)
• Experience integrating security controls into hybrid IT environments (on-prem + cloud)
• Ability to communicate effectively with technical and non-technical teams
• Proven experience working across IT disciplines (network, endpoint, cloud, app dev)
• Ability to think strategically, execute tactically, and stay hands-on with tools
• CISSP, CCSP, Security+ or AWS/Azure security certifications preferred
• Experience building security automation or integrations between tools using APIs or scripting preferred
• Background in network engineering or systems administration preferred
• Experience influencing and implementing endpoint security, including EDR tuning, hardening standards, and collaboration on Group Policy or device management tooling (e.g., Intune, SCCM) preferred

Location

• Hybrid defined as three or more days per week in the office

Behavioral Competencies

• Collaborates
• Customer focus
• Communicates effectively
• Decision quality
• Nimble learning

Technical Skills

• Threat Intelligence
• Vulnerability Management
• Security Engineering
• Network Security
• Firewalls
• Encryption Techniques
• Security Assessments
• Information Security
• Incident Response
• Security Monitoring
• Identity Management

This job description describes the general nature and level of work performed in this role. It is not intended to be an exhaustive list of all duties, skills, responsibilities, knowledge, etc. These may be subject to change and additional functions may be assigned as needed by management.