Sequel Med Tech, headquartered in Manchester, New Hampshire, is focused on developing transformative drug-delivery advancements for diabetes management. The Senior IT Security Engineer will lead security operations, manage vulnerabilities, and enhance security capabilities to protect the organization’s systems and data.
Responsibilities:
- Execute and support ongoing security operations aligned with Sequel’s security priorities and roadmap
- Translate security findings, alerts, and audit requirements into actionable remediation plans
- Proactively monitor the evolving threat landscape and regulatory environment; assess their impact on Sequel's security posture and bring forward-looking recommendations before they become reactive obligations
- Contribute to investment and business-case discussions by articulating risk-reduction value, projected outcomes, and cost framing in terms leadership can act on
- Partner with IT and Security & Compliance to implement security initiatives and enhancements
- Manage the vulnerability lifecycle, including scanning, triage, prioritization, and remediation tracking
- Drive recurring patch cycles in coordination with IT operations; champion timely remediation of high-severity findings and validate that fixes close the underlying vulnerability, not just the ticket
- Track and report on vulnerability metrics, trends, and SLA adherence
- Support improvements to tooling, processes, and reporting over time
- Monitor, triage, and investigate alerts across SIEM and Microsoft Defender tools (Defender for Endpoint, Defender for Cloud Apps, Defender for Identity)
- Lead end-to-end incident response, including containment, investigation, root cause analysis. Communicate status and findings to security leadership
- Own SIEM platform maturity: build and tune detection rules, develop response automation and playbooks, expand log and data-source coverage, and continuously reduce alert noise and analyst fatigue
- Define, track, and present response metrics — MTTD, MTTR, alert volume, false-positive rates — and use trend data to prioritize tuning and platform investment decisions
- Identify, investigate and remediate risky users and devices across Microsoft Entra and Defender tools
- Support Conditional Access and device compliance policies
- Partner with IT to address identity risks and improve overall security posture
- Administer Microsoft 365 security and data protection solutions, including Purview DLP, sensitivity labeling, retention policies, data lifecycle management, and defensible deletion
- Maintain and update security configurations and documentation in response to evolving business and compliance feedback
- Assess current data-protection coverage and recommend policy enhancements aligned to the compliance roadmap
- Support the execution of the security awareness program, including phishing simulations and training campaigns (KnowBe4)
- Analyze simulation results, assess the threat landscape, and provide recommendations on training content and simulation difficulty to keep improve training program outcomes
- Support audit readiness activities, including evidence collection and control execution (e.g., SOC 2, HITRUST) in the GRC platform (Vanta)
- Maintain documentation and drive remediation of audit findings; partner with the Senior Manager, Security & Compliance to ensure audit readiness is maintained
- Partner with Security & Compliance to ensure controls are operating effectively
- Maintain runbooks, standard operating procedures, and security workflow documentation sufficient for audit evidence and operational continuity
- Track and report security and compliance metrics and related platforms; deliver leadership-ready reporting on a regular cadence
- Contribute to board- and executive-level security reporting by providing clear, data-backed summaries of program status, risk posture, and progress against roadmap milestones
- Partner with IT, Legal, and People & Culture to align security practices with business and regulatory needs
- Provide security guidance on IT projects, configurations, and change requests
Requirements:
- 7+ years in security engineering, security operations, or a closely related discipline, with at least 4 years of hands-on ownership of security operations or incident response programs
- Demonstrated experience contributing to or owning a security roadmap or program maturity initiative — helping define what the program should accomplish next and building the case for it
- Hands-on experience with vulnerability management and incident response
- Experience with SIEM tools and Microsoft security ecosystem (Defender, Entra, Purview)
- Exposure to security and compliance frameworks (SOC 2, HITRUST, or similar)
- Experience supporting audits, including evidence collection and remediation
- Ability to work independently and manage multiple priorities
- Strong communication skills with both technical and non-technical stakeholders
- Candidate must reside in the contiguous United States and work East Coast hours