Jobs · himalayas
Senior IT Security Engineer
Ironwood Digital · United States · Posted 20d ago
About the role
Manage and improve security operations to protect systems and data.
About Sequel Sequel, headquartered in Manchester, New Hampshire, is a company developing the next generation of transformative drug-delivery advancements starting with diabetes. Sequel’s approach is to look at diabetes management holistically to advance systems that make living with diabetes simpler and easier for all. Sequel’s flagship product, the twiist Automated Insulin Delivery (AID) System, launched in July 2025 for people with type 1 diabetes providing them with personalized diabetes management. Job Overview: The Sr. IT Security Engineer is a hands-on technical leader responsible for executing and continuously improving Sequel’s security operations program. This role plays a key part in protecting the organization’s systems, data, and users by managing day-to-day security operations, responding to risks, and strengthening core security capabilities. The Manager partners closely with the Senior Manager, Security & Compliance and IT leadership to implement security priorities, support compliance efforts, and drive measurable risk reduction. This role balances deep technical execution with practical input into process improvements and program maturity. This position does not own helpdesk or end-user provisioning activities and works in close collaboration with IT operations to continuously raise the organization's security posture and deliver measurable, auditable risk reduction. Job Responsibilities and Essential Duties Security Strategy, Roadmap & Program Leadership Execute and support ongoing security operations aligned with Sequel’s security priorities and roadmap Translate security findings, alerts, and audit requirements into actionable remediation plans Proactively monitor the evolving threat landscape and regulatory environment; assess their impact on Sequel's security posture and bring forward-looking recommendations before they become reactive obligations. Contribute to investment and business-case discussions by articulating risk-reduction value, projected outcomes, and cost framing in terms leadership can act on. Partner with IT and Security & Compliance to implement security initiatives and enhancements Vulnerability & Patch Management Manage the vulnerability lifecycle, including scanning, triage, prioritization, and remediation tracking Drive recurring patch cycles in coordination with IT operations; champion timely remediation of high-severity findings and validate that fixes close the underlying vulnerability, not just the ticket. Track and report on vulnerability metrics, trends, and SLA adherence Support improvements to tooling, processes, and reporting over time SIEM Operations, Incident Response & Platform Maturity Monitor, triage, and investigate alerts across SIEM and Microsoft Defender tools (Defender for Endpoint, Defender for Cloud Apps, Defender for Identity). Lead end-to-end incident response, including containment, investigation, root cause analysis. Communicate status and findings to security leadership. Own SIEM platform maturity: build and tune detection rules, develop response automation and playbooks, expand log and data-source coverage, and continuously reduce alert noise and analyst fatigue. Define, track, and present response metrics — MTTD, MTTR, alert volume, false-positive rates — and use trend data to prioritize tuning and platform investment decisions. Risky User & Risky Device Remediation Identify, investigate and remediate risky users and devices across Microsoft Entra and Defender tools. Support Conditional Access and device compliance policies Partner with IT to address identity risks and improve overall security posture Security Policy & Data Protection Administration (Microsoft Purview & DLP) Administer Microsoft 365 security and data protection solutions, including Purview DLP, sensitivity labeling, retention policies, data lifecycle management, and defensible deletion. Maintain and update security configurations and documentation in response to evolving business and compliance feedback. Assess current data-protection coverage and recommend policy enhancements aligned to the compliance roadmap. Security Awareness & Training Program Support the execution of the security awareness program, including phishing simulations and training campaigns (KnowBe4). Analyze simulation results, assess the threat landscape, and provide recommendations on training content and simulation difficulty to keep improve training program outcomes. Audit & Compliance Execution Support audit readiness activities, including evidence collection and control execution (e.g., SOC 2, HITRUST) in the GRC platform (Vanta). Maintain documentation and drive remediation of audit findings; partner with the Senior Manager, Security & Compliance to ensure audit readiness is maintained. Partner with Security & Compliance to ensure controls are operating effectively Documentation, Metrics & Reporting Maintain runbooks, standard operating procedures, and security workflow documentation sufficient fo
Read the full posting on himalayas →
FAQ
Is the Senior IT Security Engineer role at Ironwood Digital remote?+
This Senior IT Security Engineer position is listed as remote (United States).
What is the salary for the Senior IT Security Engineer role at Ironwood Digital?+
The listing states Estimated 100k-231k USD.
What seniority level is this Senior IT Security Engineer role?+
This is a senior level position.
How do I apply for the Senior IT Security Engineer role at Ironwood Digital?+
Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Ironwood Digital.