Principal Security Engineer

We are seeking a hands-on technical leader to serve as the primary technical and security authority for our Managed Services platform.

You will be responsible for designing, implementing, and continuously improving secure, scalable, compliant, and cost-effective IT operations across all client environments. This role requires deep technical ownership, active problem-solving, and the ability to set and enforce technical direction through direct involvement.

This role blends deep engineering expertise with strategic ownership. You will be the primary technical point of ownership for complex technical and security issues, lead SOC 2 compliance, and ensure all client environments are secure, resilient, and scalable.

Key Responsibilities

- Own the overall technical architecture for all managed client environments

- Act as Tier 3/4 escalation for major incidents and outages

- Define security standards, baselines, and best practices

- Lead SOC 2 Type I & II audits, controls, and evidence management

- Drive automation, standardization, and reliability improvements

- Oversee backup, disaster recovery, and business continuity planning

- Mentor service desk, NOC, and cloud engineers

- Partner with application and product teams to provision and manage cloud resources (VMs, storage, networks, databases, and related services)

- Design and maintain standardized VM images, landing zones, and infrastructure templates

- Own cloud resource lifecycle management including provisioning, scaling, patching, and decommissioning

- Implement cost controls, tagging standards, and resource governance policies

- Support application deployments with secure networking, identity, and access configurations

- Serve as a trusted technical advisor to clients

- Lead quarterly technical reviews, risk assessments, and roadmap planning

- Strong understanding of Zero Trust principles

- Experience designing and enforcing security controls

- SOC 2 Type I & II ownership or strong involvement (preferred)

- Familiarity with ISO 27001, NIST, or similar frameworks (nice to have)

- Ability to mentor and guide engineers

- Strong client-facing communication skills

- Comfortable working with CTOs, CIOs, and business leaders

Technical Skills

- Microsoft 365 (Exchange, SharePoint, Teams, OneDrive)

- Azure & Entra ID (Azure AD)

- Microsoft Intune / Endpoint Manager

- Microsoft Defender or equivalent EDR/XDR

- Identity & access management (MFA, Conditional Access, RBAC)

- Endpoint management, patching, and device lifecycle

- Backup & Disaster Recovery systems

- Networking fundamentals (firewalls, VPNs, segmentation)

- PowerShell and automation

Preferred Experience

- 812+ years in IT infrastructure, cloud, or managed services

- 35+ years in a technical leadership role

- Experience owning complex, multi-client or enterprise IT environments

- Proven experience with audits, compliance, or regulated systems

Preferred Certifications

- Azure Solutions Architect

- Azure Security Engineer (AZ-500 / SC series)

- ITIL v4

- CISSP, CCSP, or SOC 2 Practitioner (nice to have)