Security Engineer III / Lead

We are seeking a highly skilled Security Engineer III / Lead to elevate our enterprise security capabilities across endpoints, cloud infrastructure, and critical business systems. This senior-level role will lead the deployment, configuration, and tuning of security technologies (EDR, DLP, Rapid7, SIEM, AWS-native security tools), drive threat detection and response, and embed security best practices across IT, cloud, and engineering teams.

This position is ideal for a seasoned security engineer who can move seamlessly between hands-on technical execution and strategic leadership.

Key Responsibilities:

• Lead administration and optimization of EDR across all endpoints and server ensuring proper deployment, configuration, and continuous monitoring.
• Manage and maintain DLP platforms, including policy tuning, coverage validation, incident review, and integration with SOC workflows.
• Oversee vulnerability scanning and risk reporting using Rapid7 InsightVM/InsightIDR, ensuring scan coverage, remediation tracking, and automation where possible.
• Implement and maintain hardened security baselines across all operating systems using Intune, Group Policy, CIS Benchmarks, and EDR configuration controls.
• Maintain complete visibility of endpoint and cloud security tool deployment (EDR, DLP, vulnerability scanning, logging agents), ensuring consistent coverage and compliance.
• Serve as a lead investigator for alerts from EDR, SIEM, Rapid7, DLP, WAF, and cloud-native security platforms.
• Conduct threat hunting, deep-dive log analysis, malware investigation, and IOC analysis across endpoints and AWS environments.
• Work closely with NOC, infrastructure, cloud engineering, and endpoint teams to drive rapid and effective response to incidents.
• Support secure deployment and configuration of AWS services, ensuring alignment with best practices, identity controls, encryption standards, and logging/monitoring (CloudTrail, CloudWatch, GuardDuty, IAM, VPC, KMS).
• Partner with cloud and DevOps teams to embed security into CI/CD pipelines, IaC templates, and cloud architecture decisions.
• Assess cloud workloads for misconfigurations, excessive permissions, and exposure using Rapid7, AWS Config, and native cloud posture tools.
• Own lifecycle management of security tools, including patching, upgrades, feature enablement, and decommissioning.
• Monitor new vulnerabilities affecting security systems (EDR, DLP, SIEM, agents, cloud services) and coordinate remediation.
• Participate in tool evaluations, POCs, vendor assessments, and ongoing modernization efforts.
• Maintain operational security documentation: SOPs, configuration standards, runbooks, and exception logs.
• Participate in on-call rotation and provide occasional after-hours support during incidents or maintenance windows.

Qualifications

Required

• Bachelor’s degree in Computer Science, Information Security, or equivalent hands-on experience.
• 5+ years of experience in security engineering, endpoint/cloud security, or detection engineering roles.
• Hands-on experience with EDR platforms, including configuration, policy tuning, deployment, and investigation.
• Strong experience with DLP technologies, including endpoint DLP, data classification, and incident tuning.
• Experience with Rapid7 (InsightVM, InsightIDR) including vulnerability scanning, dashboarding, and remediation workflows.
• SIEM experience (Splunk preferred)—from log onboarding to rule tuning and event analysis.
• AWS security experience, including IAM, VPC controls, CloudTrail, GuardDuty, CloudWatch, KMS, and S3 security.
• Strong knowledge of network/web protocols: TCP/IP, HTTP/S, DNS, SSH, IPSec, routing.
• Advanced experience with malware detection, endpoint forensics, and threat investigation.
• Proficiency analyzing packet captures and logs using tools such as Wireshark, tcpdump, Nmap, ZAP/Burp, Kali, Metasploit, Kismet, and other security toolkits.
• Deep understanding of attacker TTPs, detection engineering, and defensive countermeasures.

Preferred

• Cloud certifications (AWS Security Specialty, Solutions Architect, etc.) or security certifications (GIAC, CISSP, CCNA/CCNP Security, RHCSA/RHCE).
• Experience with advanced malware technologies or reverse engineering is a plus.

Compensation and Benefits:

• Base salary: $140,000
• Comprehensive health and dental benefits
• Paid Time Off (PTO) Holidays
• 401K with up to 4% employer match
• Performance-based bonuses and incentives