Senior IT Security Engineer

Security Strategy, Roadmap & Program Leadership 

• Execute and support ongoing security operations aligned with Sequel’s security priorities and roadmap 

• Translate security findings, alerts, and audit requirements into actionable remediation plans 

• Proactively monitor the evolving threat landscape and regulatory environment; assess their impact on Sequel's security posture and bring forward-looking recommendations before they become reactive obligations. 

• Contribute to investment and business-case discussions by articulating risk-reduction value, projected outcomes, and cost framing in terms leadership can act on. 

• Partner with IT and Security & Compliance to implement security initiatives and enhancements 

Vulnerability & Patch Management 

• Manage the vulnerability lifecycle, including scanning, triage, prioritization, and remediation tracking 

• Drive recurring patch cycles in coordination with IT operations; champion timely remediation of high-severity findings and validate that fixes close the underlying vulnerability, not just the ticket. 

• Track and report on vulnerability metrics, trends, and SLA adherence 

• Support improvements to tooling, processes, and reporting over time 

SIEM Operations, Incident Response & Platform Maturity 

• Monitor, triage, and investigate alerts across SIEM and Microsoft Defender tools (Defender for Endpoint, Defender for Cloud Apps, Defender for Identity). 

• Lead end-to-end incident response, including containment, investigation, root cause analysis. Communicate status and findings to security leadership. 

• Own SIEM platform maturity: build and tune detection rules, develop response automation and playbooks, expand log and data-source coverage, and continuously reduce alert noise and analyst fatigue. 

• Define, track, and present response metrics — MTTD, MTTR, alert volume, false-positive rates — and use trend data to prioritize tuning and platform investment decisions. 

Risky User & Risky Device Remediation 

• Identify, investigate and remediate risky users and devices across Microsoft Entra and Defender tools. 

• Support Conditional Access and device compliance policies 

• Partner with IT to address identity risks and improve overall security posture 

Security Policy & Data Protection Administration (Microsoft Purview & DLP) 

• Administer Microsoft 365 security and data protection solutions, including Purview DLP, sensitivity labeling, retention policies, data lifecycle management, and defensible deletion. 

• Maintain and update security configurations and documentation in response to evolving business and compliance feedback. 

• Assess current data-protection coverage and recommend policy enhancements aligned to the compliance roadmap. 

Security Awareness & Training Program 

• Support the execution of the security awareness program, including phishing simulations and training campaigns (KnowBe4). 

• Analyze simulation results, assess the threat landscape, and provide recommendations on training content and simulation difficulty to keep improve training program outcomes. 

Audit & Compliance Execution 

• Support audit readiness activities, including evidence collection and control execution (e.g., SOC 2, HITRUST) in the GRC platform (Vanta). 

• Maintain documentation and drive remediation of audit findings; partner with the Senior Manager, Security & Compliance to ensure audit readiness is maintained. 

• Partner with Security & Compliance to ensure controls are operating effectively 

Documentation, Metrics & Reporting 

• Maintain runbooks, standard operating procedures, and security workflow documentation sufficient for audit evidence and operational continuity. 

• Track and report security and compliance metrics and related platforms; deliver leadership-ready reporting on a regular cadence. 

• Contribute to board- and executive-level security reporting by providing clear, data-backed summaries of program status, risk posture, and progress against roadmap milestones. 

Cross-Functional Collaboration 

• Partner with IT, Legal, and People & Culture to align security practices with business and regulatory needs 

• Provide security guidance on IT projects, configurations, and change requests 

• Demonstrated experience contributing to or owning a security roadmap or program maturity initiative — helping define what the program should accomplish next and building the case for it. 

• Hands-on experience with vulnerability management and incident response  

• Experience with SIEM tools and Microsoft security ecosystem (Defender, Entra, Purview) 

• Exposure to security and compliance frameworks (SOC 2, HITRUST, or similar)  

• Experience supporting audits, including evidence collection and remediation  

• Ability to work independently and manage multiple priorities  

• Strong communication skills with both technical and non-technical stakeholders  

• Candidate must reside in the contiguous United States and work East Coast hours