IT Security Engineer

IT Security Engineer

We are seeking a highly skilled and proactive IT Security Engineer to take ownership of the organization’s end-to-end security program. This individual will be responsible for protecting systems, data, and infrastructure while partnering cross-functionally to ensure security is embedded across all technology and business operations. This role reports directly to the IT Director.

Key Responsibilities

• Own and manage the full lifecycle of the organization’s cybersecurity program
• Conduct penetration testing, vulnerability scanning, and ongoing risk assessments to identify and mitigate threats
• Develop, implement, and maintain security policies, procedures, and compliance documentation
• Ensure adherence to regulatory frameworks including GDPR and HIPAA, with future exposure to ISO standards
• Lead incident response efforts, including investigation, containment, and remediation of security events
• Collaborate with internal teams to integrate security into daily operations and new technology initiatives
• Provide strategic input on the development and evolution of the organization’s technology stack
• Manage vendor relationships, including evaluating third-party security practices and overseeing audits
• Oversee endpoint and system security, including patching, monitoring, and access controls
• Partner with external security vendors (e.g., SOC, EDR) to monitor systems and respond to threats
• Deliver security awareness training and guidance to end users to reduce risk and improve best practices
• Support audits, security questionnaires, and compliance-related requests

Technical Environment

• Microsoft Azure Active Directory supporting approximately 130 end users
• Experience with cloud security, identity and access management, MFA, and endpoint protection tools

Qualifications

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience)
• 5+ years of experience in cybersecurity or security engineering roles
• Strong expertise in security technologies including firewalls, VPNs, SIEMs, IDS/IPS, and endpoint security
• Experience with penetration testing, vulnerability management, and incident response
• Familiarity with compliance frameworks such as GDPR, HIPAA, and general knowledge of ISO standards
• Industry certifications such as CISSP, CISM, or similar are preferred

Skills & Competencies

• Strong analytical and problem-solving abilities with a proactive approach to risk mitigation
• Excellent written and verbal communication skills, with the ability to translate technical concepts to non-technical stakeholders
• High attention to detail and ability to manage multiple priorities in a fast-paced environment
• Strong cross-functional collaboration and stakeholder management skills

Additional Information

• Role requires local candidates with a hybrid schedule of three days onsite (Monday required)
• Involves regular interaction with leadership and cross-functional teams across the organization
• Interview process consists of three stages: initial virtual interview followed by two onsite meetings with technical leadership and executive team

Pay: $130,000.00 - $170,000.00 per year

Work Location: Hybrid remote in Washington, DC 20036