What are the responsibilities and job description for the Senior IT Security Engineer position at Velocity Clinical Research, Inc.?
Velocity Clinical Research is an owned and integrated research site organization, providing excellence in patient care, high quality data and fully integrated research sites. At Velocity, we align our values and behaviors to give our employees the best chance of delivering on our brand promise: to bring innovative medical treatments to patients. We are committed to making clinical trials succeed by generating high quality data from as many patients as possible, as quickly as possible while providing exemplary patient care at every step.
As an employee of Velocity, you are the most integral part of our mission. For talented candidates who perform at a high level, Velocity will invest to support career advancement and reward performance. Whether you are new to clinical research or are an industry veteran, we invite you to apply to Velocity.
Benefits include medical, dental and vision insurance, paid time off and company holidays, 401(k) retirement plan with company-match, and an annual incentive program.
Job Summary
The Senior IT Security Engineer is responsible for the design, operation, and continuous improvement of Velocity’s information security program. This role provides hands-on leadership across security awareness training, endpoint protection, incident response, compliance, and risk management, while serving as a primary escalation point for IT security events and audits.
The position plays a critical role in protecting Velocity’s users, systems, and data by leveraging Microsoft and other security platforms, driving measurable risk reduction, and delivering clear, actionable reporting to IT and executive leadership.
Responsibilities
Security Operations and Incident Response
Required Qualifications
As an employee of Velocity, you are the most integral part of our mission. For talented candidates who perform at a high level, Velocity will invest to support career advancement and reward performance. Whether you are new to clinical research or are an industry veteran, we invite you to apply to Velocity.
Benefits include medical, dental and vision insurance, paid time off and company holidays, 401(k) retirement plan with company-match, and an annual incentive program.
Job Summary
The Senior IT Security Engineer is responsible for the design, operation, and continuous improvement of Velocity’s information security program. This role provides hands-on leadership across security awareness training, endpoint protection, incident response, compliance, and risk management, while serving as a primary escalation point for IT security events and audits.
The position plays a critical role in protecting Velocity’s users, systems, and data by leveraging Microsoft and other security platforms, driving measurable risk reduction, and delivering clear, actionable reporting to IT and executive leadership.
Responsibilities
Security Operations and Incident Response
- Monitor, investigate, triage, and respond to security alerts and incidents across Microsoft platforms
- Serve as the lead responder for endpoint, identity, email, cloud, and other IT security incidents
- Coordinate containment, remediation, and recovery activities with IT and business stakeholders
- Maintain and execute incident response procedures, including post-incident reviews and lessons learned
- Administer and optimize Microsoft Defender products, including Defender for Endpoint and Defender for Office 365 as well as Conditional Access
- Review security alerts, incidents, and trends to identify systemic risks
- Partner with IT teams to ensure secure endpoint configurations and policy enforcement
- Support security configuration improvements identified through audits and after-action reviews
- Own and manage the organization’s security awareness training program using KnowBe4
- Develop, deliver, and track phishing simulations and user training campaigns
- Analyze training metrics to reduce user risk and improve security maturity
- Provide regular reporting on training effectiveness, compliance and phishing trends
- Identify, assess, and track security risks and vulnerabilities across the organization
- Maintain a centralized risk register, including severity, remediation plans, and ownership
- Partner with IT, application owners, and vendors to drive remediation activities
- Provide recommendations to improve the organization’s overall security posture
- Build and improve a vulnerability identification and remediation program
- Develop and deliver regular security reports for IT leadership and executive stakeholders
- Track and report on security incidents, attack trends, vulnerabilities, and risk reduction progress
- Support audits, compliance reviews, and control validation activities
- Recommend strategic security improvements aligned with business and regulatory needs
Required Qualifications
- 7 years of experience in information security, cybersecurity, or security engineering roles
- Hands-on experience with Microsoft Defender and other Microsoft security platforms
- Proven experience leading security investigations and incident response
- Experience managing security awareness programs (e.g., KnowBe4)
- Experience working in regulated or audit-sensitive environments (GDPR, HIPAA, etc.)
- Familiarity with security risk management frameworks and vulnerability tracking
- Experience supporting global or multi-region organizations
- Relevant certifications (e.g., CISSP, CISM, GIAC, Microsoft Security certifications)
- Strong analytical and investigative skills
- Ability to translate technical risk into business-focused recommendations
- Clear and concise written and verbal communication skills
- Ability to operate independently and lead during security incidents and audits
- Strong documentation skills