Senior - Security Engineer, Information Security

Citrin Cooperman offers a dynamic work environment, fostering professional growth and collaboration. We’re continuously seeking talented individuals who bring a problem-solving mindset, fresh perspectives, and sharp technical expertise. We know you have choices, so our team of collaborative, innovative professionals are ready to support your professional development. At Citrin Cooperman, we offer competitive compensation and benefits and most importantly, the flexibility to manage your personal and professional life to focus on what matters most to you! We are seeking a Senior – Security Engineer, Information Security, to join our Information Security team within the Information Technology department. They’re responsible for protecting our organization's digital assets through the deployment, management, and optimization of security technologies, including but not limited Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), Data Loss Prevention (DLP) and email security. The ideal candidate will manage vulnerability and threat programs, lead incident response efforts, and have strong technical skills in threat detection and security operations. Responsibilities are, but not limited to Enterprise Detection and Response

• Deploy and manage EDR solutions across enterprise endpoints including workstations, servers, and mobile devices.
• Configure detection rules and automated response actions to identify malware, suspicious behaviors, and advanced persistent threats.
• Conduct proactive threat hunting to identify compromised systems and hidden threats.
• Maintain agent deployment coverage and optimize EDR performance across all critical assets.

Security Information and Event Management (SIEM)

• Administer SIEM platform including log source onboarding, parsing, and correlation rule development.
• Design use cases and correlation rules to detect security incidents and policy violations.
• Monitor and triage security alerts to determine severity, scope, and impact.
• Create dashboards and reports for security metrics, compliance, and executive visibility.
• Integrate threat intelligence feeds to enhance detection capabilities.

Incident Response

• Serve as escalation point for security incidents following established procedures.
• Perform digital forensics and investigation including log analysis, memory analysis, and disk forensics.
• Coordinate incident response across IT, legal, HR, and executive stakeholders.
• Document incidents thoroughly include timelines, indicators of compromise, and remediation actions.
• Develop and maintain incident response playbooks for common attack scenarios.
• Participate in tabletop exercises and conduct post-incident reviews to improve security posture.

Threat and Vulnerability Management

• Establish and maintain a continuous vulnerability management program.
• Deploy and manage vulnerability scanning tools across network, systems, applications, and cloud infrastructure.
• Analyze vulnerability scan results and prioritize remediation based on risk, exploitability, and business impact.
• Work with system owners and IT teams to develop remediation plans and track vulnerabiity closure.
• Monitor threat intelligence sources for emerging threats, exploit activity, and vulnerabilities affecting the organization.
• Conduct risk assessments for newly discovered vulnerabilities and provide guidance on compensating controls.
• Generate vulnerability metrics and reports for management and compliance purposes
• Integrate vulnerability data with SIEM and EDR for enhanced threat correlation
• Perform penetration testing coordination and validate remediation effectiveness
• Maintain vulnerability management policies, procedures, and SLAs

Security Operations and Collaboration

• Participate in 24/7/365 security operations center (SOC) rotation (if applicable) or on-call rotation.
• Collaborate with IT operations, development, and business teams on security initiatives.
• Mentor junior security analysts and share knowledge across the security team.
• Stay current with emerging threats, attack techniques, and security technologies.
• Contribute to security awareness training programs by providing real-world incident examples.

Email Security

• Manage email security gateway solutions to detect and block malicious emails, phishing attempts, and spam.
• Investigate and respond to reported phishing emails and business email compromise (BEC) attempts.
• Analyze email-based threats and implement rules to block malicious senders, domains, and attachment types.
• Monitor email security metrics and trends to identify emerging attack patterns.
• Work with human security awareness team to shape awareness campaigns and phishing simulations to improve user vigilance.

Data Loss Prevention (DLP)

• Implement and manage DLP solutions across email, endpoints, network, and cloud applications.
• Create and tune DLP policies to prevent unauthorized data exfiltration while minimizing false positives.
• Monitor DLP alerts and investigate potential data leakage incidents.
• Classify sensitive data and configure appropriate protection controls based on data classification.
• Collaborate with business units to understand data flows and implement appropriate DLP controls.
• Generate DLP metrics and reports for compliance and risk management purposes.

The ideal candidate must:

• Have a bachelor’s degree in computer science, Information Security, Cybersecurity, or technical field related.
• Have equivalent work experience may be considered in lieu of degree.
• 3+ years of hands-on experience in information security operations, SOC, or similar role.
• Have demonstrated experience with EDR platforms and endpoint security management.
• Have experience conducting incident response investigations and forensic analysis.
• Have hands-on experience with vulnerability management and remediation programs.
• Have experience with email security solutions and investigating phishing/BEC attacks.
• Be familiar with DLP technologies and data protection strategies.
• Have a track record of managing security incidents from detection through resolution.
• Possess a strong understanding of attack vectors, TTPs, and MITRE ATT&CK framework.
• Be proficient in log analysis, correlation, and security event interpretation.
• Have experience with EDR platforms (CrowdStrike, SentinelOne, Microsoft Defender, Carbon Black, Cortex XDR).
• Have hands-on experience with SIEM solutions (Splunk, QRadar, Azure Sentinel, LogRhythm, Elastic SIEM).
• Be knowledgeable of vulnerability management tools (Tenable, Qualys, Rapid7).
• Have experience with email security gateways (Proofpoint, Mimecast, Barracuda, Microsoft Defender for Office 365).
• Be familiar with DLP platforms (Symantec DLP, Microsoft Purview, Forcepoint, Digital Guardian).
• Understand network protocols, packet analysis, and network security monitoring.
• Have experience with scripting/automation (Python, PowerShell, Bash) for security operations.
• Be knowledgeable of cloud security (AWS, Azure, GCP) and hybrid environments.
• Understand security frameworks (NIST CSF, CIS Controls, ISO 27001, MITRE ATT&CK).
• Be knowledgeable of compliance requirements (PCI DSS, HIPAA, SOX, GDPR) as applicable.
• Possess a strong security‑focused mindset with deep understanding of compliance frameworks.
• Work effectively under pressure and adapt to rapidly changing environments.
• Be highly analytical, detail‑oriented, and self‑driven with strong ownership.
• Possess excellent verbal and written communication skills.
• Possess strong collaboration, interpersonal skills, and consistent follow‑through.