Senior Security Engineer

Advertising Specialty Institute • Greater Philadelphia, US • $145k - $180k / year • 10h ago

ASI is the largest global provider of technology B2B services for the $26.1 billion promotional products industry (branding and marketing). With 25,000 clients in 53 countries, our mission is to inspire, inform, and empower our clients’ success every step of the way.

ASI currently has a hybrid work model. All employees, who live within a one-hour commuting distance, are required to work onsite on Tuesdays & Wednesdays.

In this role, you will be responsible for designing and implementing security controls primarily for endpoint devices in a hybrid cloud environment. This position requires deep understanding of Active Directory security, Entra ID security, and endpoint security (Windows client/server and mobile).

As a part of a skilled team of infrastructure professionals, the Senior Security Engineer will report to the Chief Information Security Officer (CISO). This role involves close collaboration with members of the Infrastructure and Security teams, encompassing system’s administration, networking, automation, and security. The role requires collaborative work with other technical teams, including Application Architecture and Development, Data Services, and internal Information Technology (IT).

The salary range for this role is $145,000 - $180,000.

Responsibilities:

Primary focus of endpoint security for end-user devices (primarily Windows 10/11) and Windows Server, but also iOS/Android mobile devices.
Monitoring and defending attacks using security technologies that include EDR, network forensics, and detection solutions.
Continuous implementation of security controls for operation systems and cloud services for attack surface reduction.
Review technical specifications for SIEM, logging and propose recommendations to improve the overall deployment of the solution.
Responsible for the proactive service/system monitoring of AD and Windows privileged and elevated access, including rotational, on-call support for a 24x7 operation for any security-related incidents.
Assist with meeting regulatory compliance and adhering to various security frameworks.

Qualifications:

8+ years total progressive IT experience with 5+ years of focus on Endpoint Security Management, including Intune MDM.
Excellent written and verbal communication skills with proven ability to communicate effectively with team, management, and key business partners.
Approachable demeanor and enjoys mentoring peers and sharing of knowledge.
Deep understanding of Active Directory / Entra ID and associated components, including LDAP, Kerberos / Kerberos fast armoring, Group Policy.
Expert-level Operating System security (Windows Server and Windows Client) for Windows platform - internals and hardening with an emphasis on endpoint security, including: EDR/XDR solutions, Application Control technologies, Windows Firewall hardening, Attack Service Reduction (ASR), Baseline security policies based on CIS benchmarks.
Expert-level Identify-driven security management platforms, including Microsoft Cloud App Security, Microsoft Defender for Identity, Privileged Identify management (PIM), Conditional Access/MFA/2FA, SSO, Federation, OAuth, Windows Hello for Business, passwordless technologies, Role-Based Access Control (RBAC).
Experience in cloud security platforms including Security Information Event Management (SIEM) and Security Orchestration Automated Response (SOAR), Cloud Security Posture Management (CSPM), Cloud Workload Protection Platform (CWPP)
Experience with Kusto Query Language (KQL) - the use of KQL will be a daily activity and proficiency is essential.
Experience with Azure IaaS/PaaS Security preferred.
Experience with Office 365 security preferred.
Experience PowerShell scripting preferred.

ASI offers a comprehensive benefits package including:

Medical, Dental, and Vision coverage, available on day one of employment.
Paid maternity and paternity/bonding leave (12 weeks paid for birthing/primary parent and 4 weeks paid for secondary parent) and a parent support group.
12 weeks of paid daycare for new parents (14 weeks at our onsite daycare center, Lots of Love).
Free Health and Wellness programs.
Free 24/7 access to Magellan Employee Assistance Program and Teladoc.
Day one 401(k) with company match.
Paid holidays, floating days, and paid time off (PTO).
Office amenities with onsite café, Starbucks, 24/7 free gym access and classes, onsite daycare, EV charging stations, creative spaces such as our community garden club, music room, art room, and relaxation space.

Take this opportunity to join our successful team! Apply today! EOE m/f/d/v. ASI is an equal opportunity employer, regardless of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, or Veteran status. Diversity makes us better. Check out ASI’s Diversity and Inclusion Blog Posts.

Visit our company career web site at www.asicareers.com.