Job description

A major client of ours has a need for a Cyber Security Engineer for their Farmingdale, NY office. This is a permanent position. Seeking a Principal Cybersecurity Engineer to lead the design and execution of a modern cybersecurity strategy. This role will protect our enterprise infrastructure, applications, and data by embedding security into every stage of the development and deployment lifecycle. You’ll play a key role in guiding the secure evolution of our digital ecosystem while fostering a security-first mindset across teams. As the Principal Cybersecurity Engineer, you will take ownership of designing, implementing, and continuously improving security controls across infrastructure, cloud, and software development lifecycles. You’ll align our security operations with modern DevSecOps practices—automating security testing, enforcing secure code practices, and integrating security into CI/CD pipelines. You’ll partner closely with IT, engineering, and business teams to build a culture of proactive security that balances innovation with risk mitigation. From securing cloud environments to enabling automated compliance checks, this is a hands-on and strategic role critical to our future. Responsibilities: • Develop and execute a cybersecurity strategy aligned with NIST, CIS, and ISO frameworks. • Define and enforce enterprise-wide security policies, standards, and architecture. • Maintain and secure on-premise infrastructure including servers, firewalls, switches, routers, backup systems, and storage appliances. • Implement and enforce network segmentation, access controls, and perimeter security policies on-prem. • Monitor and manage patching, configuration baselines, and physical server security for all on-premise systems. • Collaborate with IT operations to ensure high availability, backup integrity, and disaster recovery readiness of on-premise infrastructure. • Integrate on-prem security telemetry with cloud-native SIEM tools • Ensure consistent security posture and policy enforcement across hybrid environments using Azure Arc and other hybrid tooling. • Secure Microsoft Azure environments using Azure-native tools such as Microsoft Defender for Cloud, Azure Policy, Azure Security Center, and Azure Key Vault. • Define Azure Entra IAM strategies, monitor configurations, and implement guardrails via policy-as-code (e.g., Bicep, Azure Blueprints). • Conduct enterprise risk assessments and develop mitigation plans. • Lead threat hunting, incident response, and root cause analysis efforts. • Deploy and manage Endpoint and other tools for vulnerability scanning and log analysis. • Conduct red/blue team exercises and coordinate remediation with IT operations and DevOps teams. • Ensure compliance with data protection and industry regulations (e.g., CCPA, GDPR, HIPAA) using Microsoft Compliance Manager. • Maintain audit logs, control documentation, and readiness for third-party security assessments. • Lead employee security training programs, simulate phishing attacks, and drive secure behavior adoption. • Foster a DevSecOps mindset across the engineering and product development lifecycle. • Embed security practices into DevOps workflows, CI/CD pipelines, and infrastructure as code using Azure DevOps. • Automate security checks using GitHub Advanced Security, and container scanning tools. • Define secure development standards and review code, build, and deployment processes. • Enable shift-left security by training developers and automating early-stage testing in Azure-based environments. Qualifications: • Bachelor’s degree in Cybersecurity, Computer Science, or a related field. • CISSP, CISM, CEH, or Microsoft Security certifications (e.g., SC-200, AZ-500, SC-100) are preferred. • 10+ years in cybersecurity with recent hands-on experience in Azure security and DevSecOps practices. • Proven experience integrating security into Azure DevOps or GitHub CI/CD pipelines. • Familiarity with container and orchestration security (e.g., Docker, Kubernetes on AKS). • Strong scripting and automation capabilities (e.g., PowerShell, Python). • Experience with Microsoft security and compliance platforms (e.g., Defender suite, Purview, Azure AD). • Strong communication and collaboration skills with both technical and executive audiences. • Ability to work cross-functionally and influence secure design decisions throughout the software lifecycle.

Requirements