Sr. Engineering & Security Architect

We are hiring a Sr. Engineering & Security Architect to help maintain our architecture standards, enable security operations, manage core tooling and automations, handle procurement and vendor orchestration, and handle high-severity technical escalations. You will lead complex infrastructure and security initiatives across client environments, ensure monitoring and alerting pipelines are operational, manage hardware/software procurement and licensing lifecycles, and continuously improve how our service desk and SOC/NOC workflows run through strong tooling, runbooks, and integrations. This role also serves as a cybersecurity control partner to executive leadership, participates in post-i ---------- reviews, and oversees engineer scheduling and workload sustainability.

What You’ll Do: Architecture & Engineering

Design and evolve reference architectures for client environments (network, identity, endpoint, cloud).
Lead complex networking/firewall initiatives (Fortinet, SonicWall), including HA failover configurations, firmware upgrades, and execute cutovers with validated test plans.
Lead complex Microsoft Cloud architecture projects (Azure, M365, Intune, AVD, Entra)
Translate requirements into secure, supportable technical standards and documentation.
Own external vulnerability scanning programs and deliver actionable client-facing reports on findings and remediation.
Design and quote client network builds (Fortinet/Azure), including point-based licensing and software/hardware specifications.
Security Operations Enablement

Ensure telemetry and alerting are correctly configured and operational (e.g., Defender/SIEM pipelines, Huntress MDR/ITDR).
Review policies against Microsoft standards and produce actionable recommendation sets.
Support SOC/NOC event management workflows, escalation paths, and automation roadmap.
Enable MDR/ITDR vendor pilots and rollouts (e.g., Huntress, SentinelOne); coordinate enablement across client environments.
Lead post-i ---------- reviews (PIR/post-mortems), document root cause, and drive SOP updates to prevent recurrence.
Serve as cybersecurity control partner to executive/CISO leadership on strategy, compliance requirements, and baseline security stack decisions.
Tool Stack, Integrations, and Automation

Own PSA/RMM technical operations (Halo PSA, Ninja RMM): configuration, integrations, runbooks, and reporting.
Drive automation initiatives (e.g., identity verification workflows, admin runbooks) to reduce manual service desk effort.
Manage tool selection, subscriptions, and cost/performance tradeoffs for internal and client-facing tools.
Escalation & I ---------- Stabilization

Act as final escalation for complex i ---------- ; approve high-impact changes/hotfixes and clear blockers.
Partner with service delivery leadership to drive post-i ---------- stabilization and prevent recurrence.
Procurement & Vendor Management

Oversee hardware/software quoting and procurement workflows (Fortinet, SonicWall, Azure, licensing) and enforce quote pipeline hygiene.
Manage firewall and security appliance renewals, licensing terms, firmware case escalations with vendors, and early-termination fee language in client quotes.
Coordinate with Finance/Procurement on SKU validation, subscription term enforcement, and cost controls across Pax8, Ingram, and Synnex channels.
IT Lifecycle & Team Operations

Coordinate IT onboarding (Day-1 hardware provisioning, systems setup) and offboarding (access deactivation, asset recovery) alongside HR.
Oversee engineer scheduling, load balancing, and sustainable workload management across the technical team.
Project Engineering

Scope and estimate technical work; build technical project plans, validate SOWs and pricing models, and guide resource execution.
Support new client onboarding and major migrations/cutovers (including SharePoint and device management migrations) with strong readiness and change control.
Participate in the PM escalation matrix and maintain tracking for active projects to ensure delivery cadence and accountability.
What Success Looks Like

Client environments operate on clear standards with fewer repeat i ---------- .
PSA/RMM/SIEM integrations are stable and reduce manual toil (billing, ticket enrichment, alert correlation).
High-severity escalations stabilize quickly with clear decisions and clean handoffs.
Automation and runbooks measurably reduce service desk friction and improve security posture.
Procurement and quoting workflows are repeatable and gated, with clean SKU/term enforcement and minimal revenue leakage.
Post-i ---------- reviews produce documented root causes and SOP improvements that prevent recurrence.
IT onboarding/offboarding is consistently executed with security attestation and zero orphaned accounts.
Required Qualifications

7+ years in technical leadership, systems/network engineering, or security engineering in a client-facing services environment (MSP/MSSP a plus).
Hands-on expertise with Microsoft 365 / Entra ID / Defender ecosystem and modern endpoint + identity security concepts.
Strong networking & firewall fundamentals (Fortinet, SonicWall); experience leading HA deployments, firmware upgrades, cutovers, and validating DR/network routing.
Experience operating or integrating PSA/RMM/SIEM tooling (runbooks, workflows, reporting).
Excellent documentation and communication skills, can translate technical decisions into operationally usable runbooks.
Experience with hardware/software procurement, vendor quoting, licensing lifecycle management, and subscription term enforcement.
Proven ability to manage engineer workloads, scheduling, and resource allocation across concurrent client engagements.
Demonstrated experience managing enterprise IT environments across healthcare, financial, and/or real estate sectors.
Proven track record designing and implementing business continuity and disaster recovery (BDR) policies, procedures, and testing.
Deep knowledge of enterprise networking including WAN/LAN design, BGP, OSPF, and multi-carrier datacenter networking.
Deep hands-on use of AI to improve MSP/MSSP client outcomes, including AI-assisted scripting, log analysis, alert triage, documentation, root-cause investigation, policy/report drafting, and faster engineering execution across Microsoft 365, Azure, security, backup, network, and endpoint platforms.
Preferred Qualifications

Experience with Azure networking, AVD/Citrix migrations, and cloud security telemetry.
Experience building automation tools/workflows that correlate alerts across multiple systems.
Experience defining escalation paths and i ---------- stabilization processes for service teams.
Familiarity with MDR/ITDR platforms (Huntress, Defender) and experience running vendor pilots and rollout enablement.
Experience conducting external vulnerability scans and translating findings into client-ready remediation reports.
Experience leading post-i ---------- reviews (PIR/post-mortems) and driving SOP improvements from findings.
Experience coordinating IT onboarding/offboarding workflows with HR, including access provisioning/deprovisioning and asset management.
Preferred Certifications

Fortinet, Sonicwall and Cisco certifications
Microsoft and Google Cloud cybersecurity and cloud certifications
Education

Degree or diploma in Information Technology, Network Administration, Computer Science, or a related field
Equivalent professional experience will be considered in lieu of formal education