Role Description We seek a highly skilled and experienced Senior Security Engineer to join our dynamic team at Echelon Risk + Cyber, a leading cybersecurity consulting firm. This team member will be ready to roll up their sleeves and identify opportunities for our clients and for Echelon internally with unquestioned integrity. They will be passionate about cybersecurity and ready to use their knowledge to be an Entrepreneurial Problem Solver and work alongside their Echelon team members to build creative solutions. At Echelon, we believe learning never stops. You will have the opportunity to engage with systems that are at the cutting edge of technology and team members that will challenge you with meaningful work. We allow our team members to build from the ground up and make an impact across the organization. What You Will Do: - Implement and enforce security policies and procedures based on industry standards - Conduct regular security assessments, audits, and ensure compliance with security standards - Design and implement secure cloud solutions (Azure and AWS) - Utilize Cloud Security Posture Management (CSPM) technologies - Ensure the security of SaaS platforms, including email, file sharing, and 3rd party applications - Configure and manage security controls for servers and endpoints, including deploying and managing endpoint protection solutions - Implement security policies for Mobile Device Management (MDM) - Conduct regular vulnerability scans and automated penetration tests utilizing in-house tools and develop remediation plans for identified vulnerabilities - Implement and manage IAM solutions, including single sign-on (SSO) and privileged access management (PAM) - Ensure proper user provisioning and access controls - Lead technical implementations of data protection services, including Data Loss Prevention (DLP) solutions - Participate in the development and maintenance of disaster recovery plans and procedures - Review and ensure backups, redundancy, and replication solutions meet availability and recovery best practices, including performing regular recovery tests - Conduct security reviews, assessments, and hardening activities across key systems from endpoints, servers, network infrastructure, and Cloud services - Apply and enforce security configuration benchmarks (e.g., CIS, NIST) - Ensure compliance with regulatory requirements and industry standards - Implement and manage security information and event management (SIEM) systems - Deploy and maintain managed detection and response (MDR), intrusion detection systems (IDS), and intrusion prevention systems (IPS) - Configure and manage network security policies across perimeter and internal network equipment, including firewalls and wireless access points - Participate in incident response planning and tabletop exercises, and develop incident response plans and playbooks - Assist with the implementation and configuration of security awareness training programs and solutions - Work closely with clients to understand their security needs and provide tailored solutions - Collaborate with cross-functional teams to ensure security is integrated into all aspects of IT infrastructure, and develop technical security standards and operational procedures Qualifications - Bachelor's degree in Computer Science, Information Security, or related field - Relevant certifications: CCSP, CISSP, CEH, CISM, etc. - Experience working in managed IT or Security services (MSP or MSSP), handling numerous clients and environments simultaneously - Strong understanding of security technologies and frameworks - Excellent problem-solving and analytical skills - Strong communication and interpersonal skills - Applicants must have authorization to work in the United States without current or future visa sponsorship. Preferred Qualifications - Familiarity with regulatory requirements such as FFIEC, SOC 2, ISO 27001, GDPR, CMMC, HIPAA, PCI-DSS, etc. - Familiarity with popular security frameworks such as CIS, NIST, ISO, SOC2 - Experience with enterprise security technologies (firewalls such as Palo Alto and FortiGate, endpoint security tools such as CrowdStrike, SentinelOne, and FortiEDR) - Experience working in or with a Security Operations Center (SOC) - Experience participating in Security Assessments and Audit efforts - Familiarity with DevSecOps practices and tools - Ability to be agile and juggle multiple clients, initiatives, and priorities effectively - Skilled in gathering, assessing, and presenting technical security metrics and trends Benefits - Access to medical, dental, and vision insurance through Cigna, with the majority of the employee cost covered by the employer - Employer funding to HSA accounts and FSA access - Access to a 401(k) through Vanguard with a guaranteed employer contribution - Flexible vacation policy that allows you to manage your schedule and rest and recharge when you need to - 11 holidays with flexibility based on what is important for you and those you love - Family-friendly benefits, including weeks off for Maternity leave, weeks off for non-birthing parent leave, employer-paid short-term and long-term disability, employer-paid life insurance, and access to additional life insurance, hospital coverage, accidental coverage, discounted mental health support, and more - Support for individual development through certifications, continued learning, conferences, and more Company Description We value a diverse workforce and a culture of inclusivity and belonging. All employment decisions shall be made without regard to age, race, creed, color, religion, gender, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status, or any other basis as protected by federal, state, or local law. Echelon Risk + Cyber is an Equal Opportunity Employer.