Senior SecOps Security Engineer

Overview:

QSC seeks a Senior Security Engineer with extensive Azure experience to help design, implement, and maintain robust security practices within our cloud and application environments. As a Senior Security Engineer, you will be responsible for defining and driving automated security operations (SecOps), performing and supporting audits, hardening the cloud infrastructure, and working to guide and enhance secure coding and testing practices.

Responsibilities include identifying vulnerabilities, ensuring compliance, and working closely with architecture, development and infrastructure teams to embed security throughout the QSC SecDevOps lifecycle. This position supports QSC’s cloud-native platform and requires an expert understanding of Azure cloud security, secure coding practices, code coverage, and automated security testing within cloud environments. You will also leverage your knowledge of security frameworks, threat modeling, vulnerability management, tools, policies, documentation and and incident response.

Position is a remote role. 

Base Pay Range $139,000 - $182,000

The above reflects the pay range that QSC reasonably expects to pay for this role. This pay range also depends on various factors such as job duties and requirements, relevant experience and skills and geographic location. In addition to the base salary range, QSC offers a comprehensive package including but not limited to health benefits, 401K or Roth retirement plans, generous time off and profit sharing.

QSC thrives where innovative technology and compelling audio-visual experiences intersect. For over 50 years, QSC has pioneered the technology and solutions that enable immersive cinema, live performance audio, themed entertainment, digital collaboration and meeting experiences for our customers and partners around the world. A globally recognized innovator in the design, engineering, and manufacture of category leading high-performance loudspeakers, digital mixers, power amplifiers, audio processors, digital cinema solutions, and the Q-SYS™ software-based audio, video and control Ecosystem.

By joining the QSC team, you will be in a challenging, collaborative, fun, and innovative environment. We encourage employees to take ownership, to color outside the lines, and to imagine possibilities. Our culture is casual but dynamic, with cross-functional teams collaborating on creating memorable audio-visual experiences that deliver joy to people, wherever they are. At QSC, fun and hard work go hand in hand. Join us and make a difference in the way people experience movies, meetings, presentations, live performances, and much more.

Cloud Security Architecture & Design:

• Lead the design and implementation of secure cloud web application, data and API infrastructure on Microsoft Azure, ensuring best practices are followed for data protection, identity and access management, and network security.
  
  

Threat Modeling & Vulnerability Management:

• Perform proactive threat modeling, risk assessments, and penetration testing to identify and address potential security risks and vulnerabilities in Azure environments.
• Develop and maintain processes to identify, track, and remediate vulnerabilities using tools such as Azure Defender, or other vulnerability management platforms.

Security Audits & Compliance:

• Conduct regular internal security audits and vulnerability assessments on Azure resources, applications, and services to ensure compliance with industry regulations and standards (e.g., GDPR, HIPAA, SOC 2, etc.).
  
• Support and manage 3rd party audits and risk assessments, working with internal and external teams to identify security gaps, propose solutions, and implement risk mitigation strategies.

Collaboration and Stakeholder Management:

• Work closely with product owners, architecture ,and infrastructure teams to understand data needs and translate them into technical requirements.
  
• Present complex data architecture solutions to both technical and non-technical stakeholders.
  
• Serve as a thought leader in the security engineering and architecture space, fostering collaboration and promoting a culture of data-driven decision-making across QSC.

• Minimum 5 years of experience in security engineering, with at least 3 years focused on securing cloud environments, particularly in
• Experience in securing web applications, micro services architecture and API-driven solutions.
• Extensive hands-on experience in secure software development, security testing, vulnerability management, and cloud security operations.
• Proven track record in conducting security audits, vulnerability assessments, and risk management, monitoring and incident response  for enterprise-level environments.

Education:

Minimum: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent practical experience. 

Preferred: Master's Degree in Computer Science, IT, Cybersecurity or, or equivalent technical discipline

Minimum Certifications:

• Microsoft Certified: Azure Security Engineer Associate or Azure Solutions Architect Expert.
• Certified Information Systems Security Professional (CISSP) or Certified Cloud Security Professional (CCSP).

Preferred Certifications:

• Certified Ethical Hacker (CEH) or Offensive Security Certified Professional (OSCP) is highly desirable
• Certified Information Security Manager (CISM) or Certified Information Systems Auditor (CISA) is a plus.
•  

Technical Skills:

• Deep knowledge of Azure security tools and services, including Azure Security Center, Azure Sentinel, Azure Key Vault, and Azure Active Directory.
• Proficient in scripting and automation (Node.js, Python, PowerShell) for automating security testing, tasks and integrations.
• Strong understanding of web application security, encryption, authentication, IAM, network security, and threat modeling.
• Familiar with modern CI/CD tools and practices (e.g., Jenkins, Azure Devops, GitHub Actions) for integrating security pipelines into DevOps processes.

Organizational Skills:

• Excellent communication skills, capable of clearly articulating security risks and solutions to both technical and non-technical stakeholders.
• Strong analytical and problem-solving abilities to quickly assess threats and mitigate risks.
• Experience mentoring junior security engineers and collaborating with cross-functional teams to build secure solutions.