Cerity PartnersRemote
Cybersecurity Engineer
United States of America
Full Time
3 weeks ago
$115,000 - $130,000 USD
No H1B
Key skills
PythonPowerShellAzureAzure ADEntra IDSSOSplunkRisk ManagementCommunication
About this role
Cerity Partners is a financial services firm seeking a Cybersecurity Engineer to join their growing cybersecurity team. This role involves engineering, administration, and optimization of security tools and infrastructure, with a focus on protecting their Microsoft Azure / M365 cloud environment and ensuring compliance with security frameworks.
Responsibilities:
- Deploy, configure, tune, and maintain enterprise security tools including EDR, SIEM, email security, DNS filtering, and endpoint management platforms
- Monitor security alerts and events across the environment, performing triage, investigation, and escalation of potential incidents
- Manage and optimize detection rules, alerting thresholds, and automated response workflows within SIEM and EDR platforms
- Support the administration and enforcement of Conditional Access Policies, application control policies (AppLocker), and identity and access management configurations within Microsoft Entra ID (Azure AD)
- Assist with the deployment and management of mobile device management (MDM/MAM) policies through Microsoft Intune
- Conduct vulnerability assessments and coordinate remediation efforts with IT infrastructure and application teams
- Develop and maintain PowerShell or Python scripts to automate routine security tasks, reporting, and data collection
- Manage the end-to-end vulnerability management lifecycle - scanning, prioritization, remediation tracking, and validation across servers, endpoints, and cloud resources
- Coordinate and execute OS and third-party application patching across the environment, ensuring timely remediation of critical and high-severity vulnerabilities in alignment with established SLAs and maintenance windows
- Triage vulnerability scan results and prioritize remediation based on exploitability, asset criticality, and environmental context - not just raw CVSS scores - while developing compensating controls and risk acceptance documentation for vulnerabilities that cannot be immediately patched
- Monitor threat intelligence feeds and vendor advisories (Microsoft Patch Tuesday, CISA KEV catalog, vendor-specific bulletins) and track patching compliance metrics to support both proactive risk reduction and SOC 2 audit evidence requirements
- Participate in incident detection, investigation, containment, and remediation activities
- Perform log analysis and forensic investigation across endpoint, network, identity, and cloud environments
- Document incidents thoroughly, including root cause analysis, timeline reconstruction, and lessons learned
- Coordinate with the managed SOC provider on alert escalation, tuning requests, and incident handoff procedures
- Contribute to the development and testing of incident response playbooks and procedures
- Support the ongoing maintenance of SOC 2 Type 2 compliance, including evidence collection, control testing, and audit coordination through our compliance automation platform (Drata)
- Assist with the development, review, and enforcement of cybersecurity policies, standards, and procedures
- Contribute to vendor security assessments and due diligence reviews as part of our vendor risk management program
- Support Business Continuity Plan (BCP) documentation, tabletop exercises, and testing activities
- Help prepare materials and reporting for the Cyber Risk Steering Committee (CRSC) and other governance bodies
- Support the development and delivery of security awareness training and phishing simulation campaigns
- Serve as a knowledgeable security resource for IT colleagues and the broader organization, translating technical concepts into clear, actionable guidance
- Collaborate with cross-functional teams including IT infrastructure, compliance, and risk management to integrate security into business processes
Requirements:
- 5 - 7 years of hands-on experience in cybersecurity engineering, security operations, or a closely related technical security role
- Strong working knowledge of Microsoft Azure and M365 security capabilities, including Entra ID (Azure AD), Conditional Access, Defender suite, and Purview
- Experience deploying, managing, and tuning EDR platforms (e.g., SentinelOne, CrowdStrike, Microsoft Defender for Endpoint)
- Experience with SIEM platforms - log ingestion, correlation rule development, alert tuning, and dashboard creation (e.g., FortiSIEM, Sentinel, Splunk, or comparable)
- Demonstrated experience managing enterprise patching programs across Windows endpoints and servers, with familiarity in patch management tooling (e.g., WSUS, Intune, SCCM/MECM, or third-party solutions)
- Hands-on experience with vulnerability scanning platforms (e.g., Tenable, Qualys, Rapid7) including scan configuration, result analysis, and remediation workflow management
- Ability to assess and prioritize vulnerabilities using contextual risk factors beyond raw CVSS scores, including asset exposure, exploit availability, and business impact
- Solid understanding of identity and access management concepts including MFA, SSO, RBAC, and privileged access management
- Familiarity with endpoint management tools such as Microsoft Intune and application control technologies like AppLocker
- Experience with vulnerability management tools and processes (e.g., Tenable, Qualys, Rapid7)
- Working knowledge of common security frameworks and standards (NIST CSF, CIS Controls, MITRE ATT&CK)
- Competency in scripting for automation and reporting (PowerShell preferred; Python a plus)
- Strong analytical and problem-solving skills with the ability to investigate complex security events across multiple data sources
- Excellent written and verbal communication skills - able to clearly explain technical security topics to both technical and non-technical audiences
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field - or equivalent practical experience
- Experience working in financial services, wealth management, or another regulated industry
- Hands-on experience supporting SOC 2 audits, including evidence collection and control validation
- Experience with compliance automation platforms (e.g., Drata, Vanta)
- Familiarity with vendor risk management processes and third-party security assessments
- Experience coordinating with managed security service providers (MSSPs) or managed SOC teams
- Exposure to DNS filtering solutions (e.g., DNSFilter, Cisco Umbrella)
- Familiarity with business continuity and disaster recovery planning
- Understanding of SEC, FINRA, or other financial services regulatory requirements as they relate to cybersecurity