Senior IT Security Engineer

Sr. IT Security Engineer

The Sr. IT Security Engineer is a hands-on technical leader responsible for executing and continuously improving Sequel's security operations program. This role plays a key part in protecting the organization's systems, data, and users by managing day-to-day security operations, responding to risks, and strengthening core security capabilities.

The Manager partners closely with the Senior Manager, Security & Compliance and IT leadership to implement security priorities, support compliance efforts, and drive measurable risk reduction. This role balances deep technical execution with practical input into process improvements and program maturity.

This position does not own helpdesk or end-user provisioning activities and works in close collaboration with IT operations to continuously raise the organization's security posture and deliver measurable, auditable risk reduction.

Job Responsibilities and Essential Duties

• Execute and support ongoing security operations aligned with Sequel's security priorities and roadmap
• Translate security findings, alerts, and audit requirements into actionable remediation plans
• Proactively monitor the evolving threat landscape and regulatory environment; assess their impact on Sequel's security posture and bring forward-looking recommendations before they become reactive obligations.
• Contribute to investment and business-case discussions by articulating risk-reduction value, projected outcomes, and cost framing in terms leadership can act on.
• Partner with IT and Security & Compliance to implement security initiatives and enhancements

• Manage the vulnerability lifecycle, including scanning, triage, prioritization, and remediation tracking
• Drive recurring patch cycles in coordination with IT operations; champion timely remediation of high-severity findings and validate that fixes close the underlying vulnerability, not just the ticket.
• Track and report on vulnerability metrics, trends, and SLA adherence
• Support improvements to tooling, processes, and reporting over time

• Monitor, triage, and investigate alerts across SIEM and Microsoft Defender tools (Defender for Endpoint, Defender for Cloud Apps, Defender for Identity).
• Lead end-to-end incident response, including containment, investigation, root cause analysis. Communicate status and findings to security leadership.
• Own SIEM platform maturity: build and tune detection rules, develop response automation and playbooks, expand log and data-source coverage, and continuously reduce alert noise and analyst fatigue.
• Define, track, and present response metrics — MTTD, MTTR, alert volume, false-positive rates — and use trend data to prioritize tuning and platform investment decisions.

• Identify, investigate and remediate risky users and devices across Microsoft Entra and Defender tools.
• Support Conditional Access and device compliance policies
• Partner with IT to address identity risks and improve overall security posture

• Administer Microsoft 365 security and data protection solutions, including Purview DLP, sensitivity labeling, retention policies, data lifecycle management, and defensible deletion.
• Maintain and update security configurations and documentation in response to evolving business and compliance feedback.
• Assess current data-protection coverage and recommend policy enhancements aligned to the compliance roadmap.

• Support the execution of the security awareness program, including phishing simulations and training campaigns (KnowBe4).
• Analyze simulation results, assess the threat landscape, and provide recommendations on training content and simulation difficulty to keep improve training program outcomes.

• Support audit readiness activities, including evidence collection and control execution (e.g., SOC 2, HITRUST) in the GRC platform (Vanta).
• Maintain documentation and drive remediation of audit findings; partner with the Senior Manager, Security & Compliance to ensure audit readiness is maintained.
• Partner with Security & Compliance to ensure controls are operating effectively

• Maintain runbooks, standard operating procedures, and security workflow documentation sufficient for audit evidence and operational continuity.
• Track and report security and compliance metrics and related platforms; deliver leadership-ready reporting on a regular cadence.
• Contribute to board- and executive-level security reporting by providing clear, data-backed summaries of program status, risk posture, and progress against roadmap milestones.

• Partner with IT, Legal, and People & Culture to align security practices with business and regulatory needs
• Provide security guidance on IT projects, configurations, and change requests

Minimum Requirements 7+ years in security engineering, security operations, or a closely related discipline, with at least 4 years of hands-on ownership of security operations or incident response programs. Required Knowledge, Skills and Abilities

• Demonstrated experience contributing to or owning a security roadmap or program maturity initiative — helping define what the program should accomplish next and building the case for it.
• Hands-on experience with vulnerability management and incident response
• Experience with SIEM tools and Microsoft security ecosystem (Defender, Entra, Purview)
• Exposure to security and compliance frameworks (SOC 2, HITRUST, or similar)
• Experience supporting audits, including evidence collection and remediation
• Ability to work independently and manage multiple priorities
• Strong communication skills with both technical and non-technical stakeholders
• Candidate must reside in the contiguous United States and work East Coast hours

$100,000 - $165,000 a year

Sequel Med Tech provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

At Sequel, we believe that when you thrive, we thrive. That's why our benefits package is designed to support you from day one. You'll be automatically enrolled in our 401k plan, featuring a 6% company match and 100% immediate vesting. We're committed to your well-being and understand the unique needs of employees and families living with diabetes, so we offer capped out-of-pocket insulin costs and GLP-1 coverage across all plans. You'll have access to a variety of Meritain health insurance plans to suit your needs and can also take advantage of Flexible Spending Accounts (FSAs) or Health Savings Account (HSA). Our comprehensive benefits package includes vision and dental coverage, plus voluntary options such as long-term disability, accident, critical illness, hospital indemnity, and even discounts for pet care. In addition, we provide employer-paid short-term disability and life insurance for extra peace of mind.

We know the importance of taking time to rest and recharge. That's why Sequel offers flexible PTO, generous paid holidays, and Flex Time options to help you balance work and life when you need it most. Our team enjoys a culture built on hard work, fun, and genuine support. At Sequel, you're not just starting a job, you're building a rewarding career and a brighter future. Join us, and let's thrive together!

Environmental/Safety/Physical Work Conditions

Ensures environmental consciousness and safe practices are exhibited in decisions

Use of computer and telephone equipment and other related office accessories/devices to complete assignments

May work extended hours during peak business cycles

Physical requirements such as lifting specific weights

Some travelling is expected