Aprio - Senior Cybersecurity Engineer

• You will own the operational health of one or two engineering domains, lead cross-team initiatives that touch multiple control areas, and design the patterns the rest of the team executes against. • You’re the engineer who can take a tool from “purchased” to “deployed, tuned, and instrumented,” the partner Cloud Ops and Identity call when they need a security pattern that actually works, and the senior who makes the Mid and Associate engineers better through pairing, code review, and clear standards. • You’ll also be a senior voice in architecture and decision conversations alongside the Principal Engineer and the Manager. • Domain ownership: Own the operational health of one or two engineering domains (identity, network/segmentation, cloud security baselines, monitoring/logging, encryption/key management, endpoint, vulnerability management, configuration management). Keep them measurably healthy and improving. • Cross-team initiatives: Lead initiatives that span Security, IT, Identity, Cloud Operations, and delivery teams — controlled rollouts, control set hardening, tool migrations. Land them without breaking production. • Architecture and standards: Design new control patterns and reference architectures. Write the decision records, runbooks, and standards the team executes against and the auditors review. • Controlled rollouts: Lead the end-to-end deployment of new control sets (e.g., bringing a new EDR online, hardening a new cloud account, standing up new logging pipelines) — pilot, measure, expand, document. • Mentorship: Pair with Mid and Associate engineers, run design reviews, give substantive code/config review, and grow the next tier. Quality of output from less senior engineers is part of your scope. • Operational partnership: Be the senior partner Cloud Ops, Identity, IT Service Management, GRC, and the SOC call when they need security engineering input. Solve problems with them, not at them. • Detection/response engineering support: Partner with Detection Engineering and the SOC on logging coverage, telemetry quality, and the engineering pieces of response (privileged access tooling, isolation capabilities, evidence capture). • Evidence and audit readiness: Produce control evidence and architecture documentation that holds up under audit and peer review. Keep your domains’ evidence map current. • Automation: Push toward repeatable, codified controls (IaC, policy-as-code, automated evidence collection) instead of one-off manual work. • What Success Looks Like: • First 30–60 days: You can operate your priority domains safely on Aprio’s tooling, you’ve assessed current control posture, and you’ve published a prioritized remediation backlog for at least one domain. • By 6–12 months: Your domains have measurably improved control health (less drift, cleaner evidence, faster remediation, fewer escalations). At least one controlled rollout has landed cleanly. Less senior engineers on the team are visibly better because of how you work with them.