Senior Security Engineer
Rochester, NH - USA
Job Summary
Job Summary:
The Senior Security Engineer is responsible for owning and advancing the organizations overall security posture across infrastructure cloud platforms endpoints applications and data. This role combines strategic leadership operational ownership and hands-on technical expertise. This position will interface with our SOC vendor to ensure security tooling monitoring and findings translate into effective risk reduction and continuous improvement.
You will work closely with cross-functional teams including IT Network Engineering Legal HR Compliance and external parters to design implement document and evolve security controls policies and procedures that support the business today and scale with future growth in a rapidly evolving environment.
Essential Functions:
Security Strategy & Governance
- Own and evolve the companys security strategy roadmap and maturity over time aligning security investments with business risk and priorities.
- Establish maintain enforce and improve security policies standards procedures and documentation in coordination with Legal HR Compliance Privacy and IT leadership.
- Define and oversee security architecture principles across on-prem cloud endpoint and SaaS environments.
- Act as a trusted advisor to leadership on security risk tradeoffs and priorities.
SOC & Vendor Coordination
- Serve as the primary point of contact and escalation for the managed SOC provider.
- Review and validate alerts investigations vulnerability findings and recommendations from the SOC.
- Ensure SIEM XDR EDR vulnerability management and related tools are tuned effective and delivering measurable value.
- Translate SOC outputs into prioritized remediation plans and coordinate execution with internal teams.
Operational & Hands-On Security
- Lead threat modeling security risk assessments and architecture reviews for new and existing systems.
- Oversee vulnerability management activities including scanning prioritization remediation and verification.
- Independently remediate security issues where appropriate and partner with system owners developers and infrastructure teams where shared responsibility exists.
- Support incident response activities including coordination with the SOC root cause analysis containment remediation and post-incident improvement.
- Contribute hands-on expertise across environments including:
- Microsoft 365 and identity platforms
- Endpoints (PCs laptops EDR)
- Network and perimeter security including firewalls and VPN
- Virtualized and Linux-based servers (RHEL primarily)
- AWS and cloud-native services
- Coordinate and participate in regular security audits vulnerability scan remediations and penetration testing.
Business Continuity Risk & Compliance
- Contribute to business continuity and disaster recovery planning testing and improvement.
- Partner with compliance and privacy stakeholders to ensure security controls align with regulatory and contractual obligations.
- Support privacy and data protection initiatives including PIAs security reviews of data-processing systems and technical input for data subject requests.
Mergers Acquisitions & Third-Party Security
- Assess and integrate security controls for acquired or merged companies.
Participate in due diligence activities related to mergers and acquisitions. - Evaluate vendor security posture regarding security practices risks and business continuity.
- Evaluate and monitor third-party applications and systems for adherence to sufficient security standards.
Security Culture & Enablement
- Promote a culture of security awareness and shared responsibility across the organization.
- Provide guidance and practical support to teams in designing building and operating systems securely.
Data and Data Privacy
- Partner with the Data Privacy Officer to ensure security controls align with privacy obligations.
- Define and enforce data classification retention and secure disposal standards.
- Support data subject rights requests (access deletion portability) from a technical/security perspective.
- Conduct privacy impact assessments (PIAs) and security reviews for systems that process personal data.
Knowledge Skills and Abilities Required:
- Network Security principles (firewalls VPNs routing VLANS)
- Security Protocols
- Cloud Security
- Network monitoring solutions
- Incident response and digital forensics.
- Understanding network architecture is a strong plus.
- Critical thinking skills and ability to solve complex problems.
- Knowledge of Database security and a variety of operating systems.
- Proven experience developing operating and maintaining security systems.
- Familiarity with data protection regulations (GDPR CCPA) and privacy-by-design principles.
Other Requirements:
- Bachelors degree in Computer Science Cybersecurity or a related field or equivalent practical experience.
- 6 years of experience in cybersecurity or security engineering roles with demonstrated ownership of security initiatives.
- Experience operating at a senior or lead level influencing across teams without direct authority.
- Relevant certifications such as CISSP CISM CCSP or similar are a plus but practical experience is valued equally.
Compensation:
Our job titles may span more than one career level. The salary for this position is between $126000.00 - $150000.00. The actual salary offered may be influenced by a variety of factors such as: training transferable skills work experience education business needs market demands and work location. The base pay range is subject to change and may be modified in the future. More information on offered benefits which include health welfare and retirement are available at Experience:
Senior IC
About Company
Deliver an exceptional experience. Make a real impact. Grow with us. At Greenlight Networks, we're not just building a network-we're building stronger, more connected communities. Founded in 2011, Greenlight Networks designs, builds, and operates a high-speed fiber-optic network deliv ... View more