Sr. IT Security Engineer

About the CompanyA professional services organization with a strong focus on data privacy, security, and regulatory compliance is seeking a Senior IT Security Engineer to own and mature its enterprise security program. This is a hands-on, high-impact role for someone who thrives in a lean environment, communicates well across technical and non-technical teams, and wants end-to-end ownership of security strategy and execution. You will be responsible for securing all day-to-day systems across the organization, partnering closely with IT leadership, executive stakeholders, and external vendors. The environment supports ~130 end users and operates primarily in a modern cloud-first ecosystem.About the RoleThe Senior IT Security Engineer will be responsible for securing all day-to-day systems across the organization, partnering closely with IT leadership, executive stakeholders, and external vendors.ResponsibilitiesOwn the organization's entire security lifecycle, from strategy and policy through execution and continuous improvementLead penetration testing, vulnerability scanning, and risk assessments, recommending and implementing remediation plansServe as the primary owner of incident response planning, testing, and executionDevelop, maintain, and enforce security policies, standards, and compliance proceduresEnsure compliance with GDPR and HIPAA, with future expansion into ISO certificationAct as the primary point of contact for third-party audits, security questionnaires, and vendor security reviewsManage relationships with external security partners (SOC, EDR, and other vendors)Administer and maintain endpoint and identity security controls across the organizationDeliver security awareness training and guidance to internal usersProvide security leadership and input into new technology and platform decisionsMonitor systems, review alerts, and present security posture reporting to leadershipCollaborate cross-functionally with IT, leadership, and external partners to embed security into all initiativesQualifications5+ years of experience in a Security Engineering or Security Operations roleProven experience owning security programs in a small-to-mid sized organizationStrong understanding of vulnerability management, incident response, and complianceHands-on experience with security tooling such as SIEM, EDR, IDS/IPS, firewalls, VPNs, and endpoint securityWorking knowledge of GDPR, HIPAA, and general security frameworks (ISO, SOC, etc.)Experience with Azure identity and security components, including MFA and enterprise applicationsAbility to communicate clearly with technical teams, leadership, and non-technical usersComfortable operating autonomously with accountability and visibilityRequired SkillsIndustry certifications such as CISSP, CISM, or similarExperience in regulated industries (professional services, legal, financial, healthcare)Preferred SkillsIndustry certifications such as CISSP, CISM, or similarExperience in regulated industries (professional services, legal, financial, healthcare)