Senior Security Engineer (MSP or MSSP) - Remote (USA)

Echelon Risk + Cyber is a leading cybersecurity consulting firm dedicated to defending security and privacy rights. They are seeking a highly skilled Senior Security Engineer to implement security policies, conduct assessments, and develop tailored security solutions for clients.

Responsibilities:

• Implement and enforce security policies and procedures based on industry standards
• Conduct regular security assessments, audits, and ensure compliance with security standards
• Design and implement secure cloud solutions (Azure and AWS)
• Utilize Cloud Security Posture Management (CSPM) technologies
• Ensure the security of SaaS platforms, including email, file sharing, and 3rd party applications
• Configure and manage security controls for servers and endpoints, including deploying and managing endpoint protection solutions
• Implement security policies for Mobile Device Management (MDM)
• Conduct regular vulnerability scans and automated penetration tests utilizing in-house tools and develop remediation plans for identified vulnerabilities
• Implement and manage IAM solutions, including single sign-on (SSO) and privileged access management (PAM)
• Ensure proper user provisioning and access controls
• Lead technical implementations of data protection services, including Data Loss Prevention (DLP) solutions
• Participate in the development and maintenance of disaster recovery plans and procedures
• Review and ensure backups, redundancy, and replication solutions meet availability and recovery best practices, including performing regular recovery tests
• Conduct security reviews, assessments, and hardening activities across key systems from endpoints, servers, network infrastructure, and Cloud services
• Apply and enforce security configuration benchmarks (e.g., CIS, NIST)
• Ensure compliance with regulatory requirements and industry standards
• Implement and manage security information and event management (SIEM) systems
• Deploy and maintain managed detection and response (MDR), intrusion detection systems (IDS), and intrusion prevention systems (IPS)
• Configure and manage network security policies across perimeter and internal network equipment, including firewalls and wireless access points
• Participate in incident response planning and tabletop exercises, and develop incident response plans and playbooks
• Assist with the implementation and configuration of security awareness training programs and solutions
• Work closely with clients to understand their security needs and provide tailored solutions
• Collaborate with cross-functional teams to ensure security is integrated into all aspects of IT infrastructure, and develop technical security standards and operational procedures

Requirements:

• Bachelor's degree in Computer Science, Information Security, or related field
• Relevant certifications: CCSP, CISSP, CEH, CISM, etc
• Experience working in managed IT or Security services (MSP or MSSP), handling numerous clients and environments simultaneously
• Strong understanding of security technologies and frameworks
• Excellent problem-solving and analytical skills
• Strong communication and interpersonal skills
• Applicants must have authorization to work in the United States without current or future visa sponsorship
• Familiarity with regulatory requirements such as FFIEC, SOC 2, ISO 27001, GDPR, CMMC, HIPAA, PCI-DSS, etc
• Familiarity with popular security frameworks such as CIS, NIST, ISO, SOC2
• Experience with enterprise security technologies (firewalls such as Palo Alto and FortiGate, endpoint security tools such as CrowdStrike, SentinelOne, and FortiEDR)
• Experience working in or with a Security Operations Center (SOC)
• Experience participating in Security Assessments and Audit efforts
• Familiarity with DevSecOps practices and tools
• Ability to be agile and juggle multiple clients, initiatives, and priorities effectively
• Skilled in gathering, assessing, and presenting technical security metrics and trends