Senior Cybersecurity Engineer

What You'll Do:

• You will own the operational health of one or two engineering domains, lead cross-team initiatives that touch multiple control areas, and design the patterns the rest of the team executes against.
• You’re the engineer who can take a tool from “purchased” to “deployed, tuned, and instrumented,” the partner Cloud Ops and Identity call when they need a security pattern that actually works, and the senior who makes the Mid and Associate engineers better through pairing, code review, and clear standards.
• You’ll also be a senior voice in architecture and decision conversations alongside the Principal Engineer and the Manager.

Key Responsibilities:

• Domain ownership: Own the operational health of one or two engineering domains (identity, network/segmentation, cloud security baselines, monitoring/logging, encryption/key management, endpoint, vulnerability management, configuration management). Keep them measurably healthy and improving.
• Cross-team initiatives: Lead initiatives that span Security, IT, Identity, Cloud Operations, and delivery teams — controlled rollouts, control set hardening, tool migrations. Land them without breaking production.
• Architecture and standards: Design new control patterns and reference architectures. Write the decision records, runbooks, and standards the team executes against and the auditors review.
• Controlled rollouts: Lead the end-to-end deployment of new control sets (e.g., bringing a new EDR online, hardening a new cloud account, standing up new logging pipelines) — pilot, measure, expand, document.
• Mentorship: Pair with Mid and Associate engineers, run design reviews, give substantive code/config review, and grow the next tier. Quality of output from less senior engineers is part of your scope.
• Operational partnership: Be the senior partner Cloud Ops, Identity, IT Service Management, GRC, and the SOC call when they need security engineering input. Solve problems with them, not at them.
• Detection/response engineering support: Partner with Detection Engineering and the SOC on logging coverage, telemetry quality, and the engineering pieces of response (privileged access tooling, isolation capabilities, evidence capture).
• Evidence and audit readiness: Produce control evidence and architecture documentation that holds up under audit and peer review. Keep your domains’ evidence map current.
• Automation: Push toward repeatable, codified controls (IaC, policy-as-code, automated evidence collection) instead of one-off manual work.

What Success Looks Like:

First 30–60 days: You can operate your priority domains safely on Aprio’s tooling, you’ve assessed current control posture, and you’ve published a prioritized remediation backlog for at least one domain.

By 90 days: You’re leading at least one cross-team initiative, you’ve published or substantially revised at least one architecture pattern or decision record, and you’re an active mentor to the Mid and Associate engineers.

By 6–12 months: Your domains have measurably improved control health (less drift, cleaner evidence, faster remediation, fewer escalations). At least one controlled rollout has landed cleanly. Less senior engineers on the team are visibly better because of how you work with them.

Required Qualifications:

• 5+ years in security engineering, with hands-on responsibility for implementing controls across identity, network, cloud, endpoint, and/or monitoring.
• Strong fundamentals in IAM, network segmentation, encryption / key management, and centralized logging / monitoring.
• Experience with at least one major cloud platform (Azure, AWS, GCP) in a security-engineering capacity.
• Ability to produce clear architecture documentation, runbooks, and decision records that hold up under audit and peer review.
• Excellent written and verbal communication; able to explain tradeoffs across Security, IT, and delivery audiences in plain language.
• Comfortable mentoring less senior engineers and owning quality-of-output for one or more domains.

Preferred Qualifications

• Regulated-environment experience (CMMC, NIST 800-171, NIST 800-53, FedRAMP-aligned, SOC 2, ISO 27001, HIPAA, PCI).
• Infrastructure-as-code experience (Terraform, Bicep, Pulumi) and policy-as-code (Sentinel, OPA).
• Security tooling integration experience (SIEM, EDR, vulnerability scanning, IAM, secrets management).
• Industry certifications (one or more): CISSP, CCSP, GIAC (e.g., GCED, GPEN, GCWN), AZ-500, AWS Security Specialty.
• Experience supporting a SOC’s detection/response engineering needs.
• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, or related field — or equivalent applicable years of experience