Senior Cybersecurity Engineer - Remote Eligible

Senior Cybersecurity Engineer

We are seeking a seasoned Cybersecurity Engineer to join our team as the primary architect of our automated defense posture, primary defender, and technical security strategist. This is not an entry-level cybersecurity role; it is designed for a "builder" who can bridge the gap between traditional security operations and modern automation, ensuring our small team operates with maximum efficiency through code and systemic hardening. We are looking for a practitioner with 3–5 years of direct experience in security engineering, operations, or risk mitigation.

You will:

• Partner with the Director, Information Security to update and implement the cybersecurity roadmap
• Guide the secure integration of AI tools into Barnard administrative processes
• Take ownership of our security tools
• Lead incident response efforts
• Drive our security hygiene and vulnerability management programs

Primary Responsibilities

Security Operations & Incident Response (50%)

• Incident Response: Drive the end-to-end incident response lifecycle with a focus on leading our response to active incidents, utilizing automation to speed up containment and recovery.
• MSSP Partnership: Own the relationships with our Managed Security Service Providers to ensure service level agreements are met, expanding their reach and maximizing service value.
• Detection Engineering: Expand and optimize our SIEM and XDR capabilities to enhance our MDR service and streamline threat hunting capabilities. Develop and tune custom alerting logic and automated playbooks to reduce dwell times.
• Threat Hunting: Search for malicious activity within our environment and take appropriate action to reduce risk of data loss.
• Emerging Trends: Stay up-to-date on emerging security trends, vulnerabilities, and threat actors and recommend enhancements to our security defenses.

Security Engineering & Hygiene (50%)

• Cybersecurity Strategy: Partner with Director, Information Security to develop and implement the cybersecurity strategic plan to improve program maturity and compliance.
• Vulnerability Management: Drive risk-based prioritization of discovered vulnerabilities and collaborate with technical owners to ensure remediation of critical flaws.
• AI Consultation: Engineer and maintain technical controls for the secure deployment of AI/LLM tools, ensuring proper data governance and protection against AI-specific attack vectors (e.g., prompt injection).
• Secure Architecture: Serve as the security lead in cross-functional technical projects, conducting security reviews of system configurations and cloud environments to balance College business needs while reducing risk.
• Security Tool Optimization: Own our security technologies to maximize their value and measure their efficacy against evolving threats. Evaluate new tools and services to enhance our security posture with a focus on automation.
• Identity Architecture: Act as the technical lead for our Identity Management system, optimizing the automated lifecycle of student and faculty accounts. Lead the annual access review process for critical systems to ensure enterprise-wide adherence to the principle of least privilege.

Experience & Qualifications

Required Experience

• 7–10 years of experience in a Security Engineering role or Systems Engineering role with previous Security experience. We are looking for a candidate who has moved beyond troubleshooting and has experience designing and implementing technical solutions.
• Proven Automation Proficiency: Demonstrated ability to use PowerShell, Python, or Bash to automate security workflows, interact with APIs, and manage infrastructure as code.
• Systems Architecture Knowledge: Strong understanding of how security tools integrate with core infrastructure, including Active Directory/Entra ID, Virtualization (VMware/Hyper-V), and Cloud Platforms (GCP/Azure).

• Proven Incident Response Track Record: Experience leading security incident response activities.
• Technical Mastery: Proficiency with XDR telemetry, secure system configuration, and SIEM management.

Preferred Qualifications

• Network Security Engineering: Hands-on experience managing and hardening network infrastructure, including firewall policy logic, VPN architecture, and VLAN segmentation for security.
• AI Security Practices: Experience securing Generative AI/LLM implementations, including familiarity with the OWASP Top 10 for LLMs, AI red teaming, or data privacy controls for AI models.
• Identity Engineering Specialist: Specific experience with Identity Management (IAM) platforms (like Fischer Identity, Okta, or SailPoint), including experience managing automated user lifecycles.
• Higher Education Experience: Familiarity with the unique security needs of a campus environment, including HECVAT assessments and navigating decentralized "Shadow IT."
• Advanced Certifications: CISSP, GIAC (GCDE, GCIH, GCIA), or CISA.
• Regulatory/Framework Knowledge: Experience applying security controls within frameworks such as NIST CSF, ISO 27001, etc.

This position is a full-time remote position, with the possibility of occasional requirements to come onsite for planning or strategic meetings.

Salary Range: $135,000 - 155,000 annually

Company: Barnard College

Time Type: Full time