Senior Security Engineer (Rochester, NY)

Job Summary:

The Senior Security Engineer is responsible for owning and advancing the organization's overall security posture across infrastructure, cloud platforms, endpoints, applications, and data. This role combines strategic leadership, operational ownership, and hands-on technical expertise. This position will interface with our SOC vendor to ensure security tooling, monitoring, and findings translate into effective risk reduction and continuous improvement.

You will work closely with cross-functional teams including IT, Network Engineering, Legal, HR, Compliance, and external parters to design, implement, document, and evolve security controls, policies, and procedures that support the business today and scale with future growth in a rapidly evolving environment.

Essential Functions:

Security Strategy & Governance

• Own and evolve the company's security strategy, roadmap, and maturity over time, aligning security investments with business risk and priorities.
• Establish, maintain, enforce, and improve security policies, standards, procedures, and documentation in coordination with Legal, HR, Compliance, Privacy, and IT leadership.
• Define and oversee security architecture principles across on-prem, cloud, endpoint, and SaaS environments.
• Act as a trusted advisor to leadership on security risk, tradeoffs, and priorities.

SOC & Vendor Coordination

• Serve as the primary point of contact and escalation for the managed SOC provider.
• Review and validate alerts, investigations, vulnerability findings, and recommendations from the SOC.
• Ensure SIEM, XDR, EDR, vulnerability management, and related tools are tuned, effective, and delivering measurable value.
• Translate SOC outputs into prioritized remediation plans and coordinate execution with internal teams.

Operational & Hands-On Security

• Lead threat modeling, security risk assessments, and architecture reviews for new and existing systems.
• Oversee vulnerability management activities, including scanning, prioritization, remediation, and verification.
• Independently remediate security issues where appropriate, and partner with system owners, developers, and infrastructure teams where shared responsibility exists.
• Support incident response activities, including coordination with the SOC, root cause analysis, containment, remediation, and post-incident improvement.
• Contribute hands-on expertise across environments including:
• Microsoft 365 and identity platforms
• Endpoints (PCs, laptops, EDR)
• Network and perimeter security including firewalls and VPN
• Virtualized and Linux-based servers (RHEL primarily)
• AWS and cloud-native services
• Coordinate and participate in regular security audits, vulnerability scan remediations, and penetration testing.

Business Continuity, Risk & Compliance

• Contribute to business continuity and disaster recovery planning, testing, and improvement.
• Partner with compliance and privacy stakeholders to ensure security controls align with regulatory and contractual obligations.
• Support privacy and data protection initiatives, including PIAs, security reviews of data-processing systems, and technical input for data subject requests.

Mergers, Acquisitions & Third-Party Security

• Assess and integrate security controls for acquired or merged companies.

Participate in due diligence activities related to mergers and acquisitions.

• Evaluate vendor security posture regarding security practices, risks, and business continuity.
• Evaluate and monitor third-party applications and systems for adherence to sufficient security standards.

Security Culture & Enablement

• Promote a culture of security awareness and shared responsibility across the organization.
• Provide guidance and practical support to teams in designing, building, and operating systems securely.

Data and Data Privacy

• Partner with the Data Privacy Officer to ensure security controls align with privacy obligations.
• Define and enforce data classification, retention, and secure disposal standards.
• Support data subject rights requests (access, deletion, portability) from a technical/security perspective.
• Conduct privacy impact assessments (PIA's) and security reviews for systems that process personal data.

Knowledge, Skills and Abilities Required:

• Network Security principles (firewalls, VPNs, routing, VLANS)
• Security Protocols
• Cloud Security
• Network monitoring solutions
• Incident response and digital forensics.
• Understanding network architecture is a strong plus.
• Critical thinking skills and ability to solve complex problems.
• Knowledge of Database security and a variety of operating systems.
• Proven experience developing, operating and maintaining security systems.
• Familiarity with data protection regulations (GDPR, CCPA) and privacy-by-design principles.

Other Requirements:

• Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent practical experience.
• 6+ years of experience in cybersecurity or security engineering roles, with demonstrated ownership of security initiatives.
• Experience operating at a senior or lead level, influencing across teams without direct authority.
• Relevant certifications such as CISSP, CISM, CCSP, or similar are a plus, but practical experience is valued equally.

Compensation:

Our job titles may span more than one career level. The salary for this position is between $126,000.00 - $150,000.00. The actual salary offered may be influenced by a variety of factors, such as: training, transferable skills, work experience, education, business needs, market demands and work location. The base pay range is subject to change and may be modified in the future. More information on offered benefits, which include health, welfare, and retirement, are available at www.greenlightnetworks.com/careers/.