Lead Security Engineer

Duration:
Contract to Hire

The Security Engineer Lead is a senior, hands-on technical expert responsible for leading advanced security operations, incident response, and engineering initiatives across the organization’s security platforms. This role serves as the primary escalation point for complex security events and provides technical leadership across the Microsoft security stack and supporting technologies.

The Security Engineer Lead operates as a senior individual contributor, driving investigations, improving detection and response capabilities, and guiding less experienced engineers. This role partners closely with Security leadership to enhance operational maturity while remaining deeply engaged in day-to-day security engineering and response activities.

Leading a team of 4.

• Lead complex investigations, containment, and remediation of escalated security incidents
• Act as the primary escalation point for advanced threats across endpoint, identity, cloud, and network domains
• Perform deep-dive forensic and behavioral analysis using security telemetry
• Coordinate response efforts across Infrastructure, IAM, and IT teams
• Contribute to and refine incident response playbooks and procedures

• Serve as the technical lead for operation and optimization of:
• Microsoft Security Platform
• Web Application Firewall (WAF), including Akamai
• Data Loss Prevention (DLP) solutions
• Identity and Access Management (IAM) systems
• Asset management and visibility tools
• Tune detections and improve signal quality to reduce false positives and increase coverage
• Lead investigations leveraging multiple security platforms and data sources
• Recommend and implement improvements to tooling and integrations

• Drive remediation efforts for complex security issues across endpoints and platforms
• Perform hands-on incident response for endpoint and identity-based threats
• Partner with IT teams to implement and enforce security hardening standards
• Support the adoption of modern security practices such as identity-centric security and segmentation

• Provide technical expertise supporting the security of IP-based physical systems, including:
• Access control systems
• Collaborate with Physical Security teams to ensure secure configurations and access controls
• Assist in aligning cybersecurity practices with physical security operations

• Mentor and support Security Engineer 1 (L1) and junior team members
• Provide guidance during investigations and daily operations
• Contribute to the development of runbooks, standards, and operational procedures
• Promote best practices and consistency across the security engineering function

• Identify gaps in detection, response, and visibility and drive improvements
• Support metrics collection and operational reporting
• Contribute to continuous improvement of security operations processes and tooling
• Apply working knowledge of AI/LLM-related risks, including:
• Data exposure and prompt-based attacks
• Model misuse and abuse scenarios
• AI-assisted phishing and social engineering
• Support secure adoption and usage of AI technologies within the organization

• Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience)
• 5–8+ years of progressive cybersecurity or security operations experience
• Strong hands-on experience with incident response and security investigations
• Deep understanding of endpoint, identity, and cloud security principles

• Strong experience with Microsoft security technologies
• Advanced analytical and investigative skills
• Ability to independently handle complex security issues
• Strong communication skills with the ability to guide and influence technical teams
• Experience mentoring junior engineers in an operational environment

• Microsoft Security certifications
• CISSP, GIAC (GCIH, GCIA, etc.), or similar