Information Security Engineer

We are a global, high-tech consulting firm serving Fortune 500 enterprises. We are seeking a mid-level Information Security Engineer to coordinate and execute our organization’s data security efforts.

In this individual contributor role, you will act as the primary subject matter expert for our internal security operations and external compliance requirements. The role requires a balanced 50/50 split between maintaining our Microsoft-based technical security environment and managing governance, risk, and compliance (GRC) tasks. You will not manage a team, but you will function as the lead for security protocols, serving as a key point of contact for client security teams and auditors.

Core Responsibilities

1. Governance, Risk, & Compliance (GRC) – approx. 50%

• Client & Vendor Assurance: Manage the incoming queue of security questionnaires and vendor assessments. You will provide accurate, professional responses to client inquiries regarding our security posture.
  

• Regulatory Adherence: Assist in maintaining compliance with global frameworks and regulations, specifically GDPR (EU) and CCPA (US), ensuring our data handling practices meet regional standards.
  

• Audit Coordination: Serve as the primary coordinator for our annual SOC2 audit. You will organize evidence collection, track deliverables, and interface with external auditors to ensure smooth execution.
  

• Policy Maintenance: Review and update internal security policies and procedures to ensure they remain current with changing threats and business requirements.
  
  

2. Security Operations (SecOps) – approx. 50%

• Microsoft Environment Management: Configure and maintain the Microsoft Defender suite (Defender for Endpoint, Identity, Cloud Apps, and Office 365) to ensure consistent protection across the organization.
  

• Cloud Security Administration: Monitor our Azure environment, managing Conditional Access policies and reviewing recommendations to maintain a strong security score.
  

• Incident Response: Act as the first line of defense for security alerts via Microsoft Sentinel. You will analyze logs, investigate potential incidents, and document findings and remediation steps.
  

• Vulnerability Remediation: Identify specific vulnerabilities in our infrastructure and work with IT/Engineering teams to ensure timely patching and resolution.
  

Key Professional Attributes

• Autonomy: You are comfortable prioritizing your own work and defining the daily security agenda without needing micromanagement.
  

• Communication: You can translate complex "security speak" into plain English for sales teams, executives, and customers.
  

• Pragmatism: You understand that security must enable the business, not stop it. You look for "yes, but secure" solutions rather than just saying "no."
  
  
  
  

Experience and Technical Skills:

• Bachelor’s Degree in related field, 3–5 years of experience in information security, IT system administration, or a related field.
  

• Working knowledge of the Microsoft Security stack (Defender, Azure AD/Entra ID, Intune).
  

• Experience working with compliance frameworks (SOC2, ISO 27001) or data privacy regulations (GDPR, CCPA).
  
  
• Experience in a professional services or corporate environment, with the ability to handle sensitive data with discretion.
  
  
  
  

• Benefits: Health, dental, and vision insurance, 401(k) matching, paid time off, and professional development opportunities.
  
• Flexible Work Environment: Opportunities for remote work and flexible hours.