IT Security Engineer
Ken's Foods · Marlborough, MA · 2 wk ago
On-siteInformation Technology$120k–$130k/yrFull-time
Key Responsibilities
- Review alerts and escalations from the MSSP to validate severity, impact, and required actions.
- Conduct technical investigation steps and support containment, eradication, and recovery activities.
- Harden and secure Windows servers, Windows clients, virtual machines, and other IT infrastructure.
- Ensure secure configuration, deployment, and management of endpoint protection (SentinelOne).
- Collaborate with the IT infrastructure team to ensure secure configurations across firewalls, switches, and network segments.
- Support network security improvements such as segmentation, least privilege network access, and secure remote access.
- Perform firewall rule reviews and contribute to network hardening efforts.
- Support secure configuration of identity platforms.
- Enforce role-based access controls, privileged access hygiene, and identity hardening standards.
- Work with the MSSP to ensure vulnerability scans are properly executed and tuned.
- Validate findings, prioritize risk, and coordinate remediation work with system and network teams.
- Lead patching and configuration remediation efforts for high-risk assets.
- Work with developers to identify, prioritize, and fix security issues (OWASP Top 10).
- Conduct security reviews of applications and servers.
- Collaborate with OT engineers to understand legacy systems, PLCs, and plant-floor constraints and assist in implementation of OT network segmentation and ICS security controls.
- Actively monitor emerging threats affecting OT and IT environments.
- Conduct periodic threat modeling for high-risk applications and systems.
Required Qualifications
- 5–8+ years of experience in IT security engineering, SOC, or incident response roles.
- Strong hands-on experience with: Windows Server and client security; Network and firewall security; Endpoint security tools; MFA and identity systems.
- Strong knowledge of Active Directory and identity security best practices.
- Practical experience hardening servers, endpoints, and network devices.
- Familiarity with log analysis and security event triage.
- Comfort working directly with SOC alerts and vulnerability scan reports.
- Understanding of security frameworks (NIST CSF, CIS Controls, SOC 2).
- Strong documentation habits and process-oriented mindset.
Preferred Qualifications
- Experience in manufacturing, industrial, or OT/ICS environments.
- Working knowledge of PLCs, or ISA/IEC 62443 principles.
- Familiarity with Office 365 security configuration and best practices.
- Experience automating workflows using PowerShell or Python.
- Exposure to segmentation projects or Zero Trust principles.
- Relevant certifications: GSEC, GCED, GCIH, GDSA, GDAT, GICSP, GCIP, and GRID.
Pay
The salary for this position is determined by a combination of experience, skills, and education level. The compensation range is $120K-130k annually.