Entegrata, Inc. Senior Security Engineer Indianapolis, IN · Full time Company website

The Senior Security Engineer will be the dedicated security owner for our Azure platform — running security reviews, keeping our policies and posture current, driving detection and incident response, owning identity and endpoint security, and running our SOC 2 / Drata compliance program day to day.

About Entegrata, Inc.

Entegrata is a fast-growing startup transforming how the legal industry works with data. We design and deliver Azure-based data lakehouses purpose-built for law firms, enabling them to turn complex operational, financial, and matter data into reliable, decision-grade insights.

Description

About Entegrata

At Entegrata, we help law firms turn data into decisions. We deploy a turnkey data lakehouse platform that consolidates siloed legal, operational, and financial data into single sources of truth, enabling unified reporting and AI-driven innovation. Founded in 2023 and headquartered in Indianapolis, we’re a fast-growing, venture-backed SaaS company on a mission to be the data platform of choice for the top law firms in the world. 


The Role

We’re hiring a Senior Security Engineer to be the dedicated security owner for our Azure platform — running security reviews, keeping our policies and posture current, driving detection and incident response, owning identity and endpoint security, and running our SOC 2 / Drata compliance program day to day. You’ll report to our Security Lead and operate as a senior individual contributor focused squarely on security and compliance.

This is deliberately a security specialist role, not a security-plus-everything generalist. Day-to-day infrastructure and ops build work — including shipping infrastructure as code — is covered by our team today, with a dedicated DevSecOps hire planned down the road. You’ll define the security requirements and review how they’re implemented, but you won’t be on the hook for building and operating the platform. The compliance side of this role is a deliberate pairing with security, and may grow into its own function as we scale.


What You’ll Own

Security reviews & posture. Review architecture and changes for security impact, keep our security baselines and policies current, and run posture management across the environment (Defender for Cloud), driving findings through to remediation.

Detection & incident response. Own detection engineering and IR day to day — KQL detections in Log Analytics, Azure Monitor dashboards, SIEM forwarding via Event Hub, and incident.io alerting and runbooks. The Security Lead steps in as incident commander for major events.

Identity & endpoint security. Own Entra ID Conditional Access (device-based policies, Enterprise SSO) and our EDR estate — SentinelOne (primary on macOS), Microsoft Defender (Windows), and the remaining Sophos footprint. Define the device-security baselines that compliant endpoints must meet.

Compliance (SOC 2 / Drata). Own our SOC 2 Type II program day to day in Drata — evidence collection, control monitoring, customer security questionnaires, and vendor / third-party risk — partnering with security, IT, and engineering. This is the security–to–compliance bridge, and may grow into a dedicated compliance role as we scale.


What You’ll Partner On

Cloud & Azure security. Shape posture, guardrails, and Defender for Cloud coverage together with the Security Lead.

Security as code. Define the security requirements and guardrails that get implemented in our Pulumi (Go) IaC, and review and contribute to that code. Building and operating the infrastructure is owned by the team today, with a future DevSecOps hire — you set and verify the security bar, you don’t own the build.

Device management. A separate IT hire owns Microsoft Intune and patching; you set the device-security baselines (compliance policies, LAPS, BitLocker/FileVault, ASR rules, removable-media controls) and partner on patch posture.


Must-Have Qualifications

Cloud security depth (Azure). Hands-on securing Azure — identity (Entra ID, RBAC, managed identities, PIM), network, and secrets / key management (Key Vault, customer-managed keys).

Identity & endpoint. Practical experience with Entra Conditional Access and at least one major EDR platform (SentinelOne, Microsoft Defender, or equivalent).

Detection & IR. Detection-engineering and incident-response experience, including writing KQL against Log Analytics or a comparable SIEM, and running investigations end to end.

Security reviews & policy. Experience running security and architecture reviews and maintaining security policies and posture.

Compliance. SOC 2 Type II experience, ideally hands-on with Drata or a comparable platform — comfortable owning evidence, controls, and customer security questionnaires.

Ownership. A senior IC who can run the security function independently and partner across engineering, IT, and compliance.


Nice-to-Have Qualifications

•Comfort reading and contributing to infrastructure as code (Pulumi and/or Terraform) and scripting in PowerShell and/or Bash for security automation — a plus, but you won’t own infra builds.

•Deeper DevSecOps / IaC build experience — Go and Pulumi development. This is the area a future dedicated hire will own; useful here, but not required.

•Familiarity with ISO 27001 or GDPR,control frameworks.

•Coordinating penetration tests and driving remediation to closure.

•Experience with multi-tenant or per-client isolated (“stamp”) architectures.


Our Tech Stack

Detection & monitoring: Log Analytics / KQL, Azure Monitor dashboards, Defender for Cloud, SIEM forwarding via Event Hub, incident.io.

Identity & endpoint: Entra ID, Conditional Access, Enterprise SSO; EDR via SentinelOne, Microsoft Defender, and Sophos; Microsoft Intune (Windows 10/11 + macOS 15+).

Compliance: SOC 2 Type II via Drata; practices informed by ISO 27001, GDPR, and GLBA.

Cloud & IaC: Azure (AKS, Container Apps, Azure SQL, Databricks, Data Factory); Pulumi (Go SDK) as primary IaC, with a small amount of Bicep; GitHub Actions for CI/CD.

Network & secrets: Hub-and-spoke, Azure Firewall (IDPS), NSGs, private endpoints, private DNS, NAT and VPN gateways; RBAC, managed identities, PIM (JIT), Key Vault, customer-managed keys with rotation.

Languages & tools: KQL, PowerShell, Bash, Go, Pulumi, the Azure SDK, and GitHub Actions.


Logistics

Location: Remote (US), or hybrid from Indianapolis, IN.

Reports to: Principle DevSecOps Enginer.

Scope note: Infrastructure / ops and DevSecOps build work is covered internally today; this role is focused on security and compliance, with ops and compliance potentially separating into their own roles as the team grows.

 


What We Offer

•Competitive salary

•Medical, dental, and vision insurance

• 401k plan with match

•Unlimited paid time off

•Company holidays

•The chance to shape a company's talent strategy from day one and grow with it

 

If you're energized by fast-moving companies, care deeply about bringing exceptional people into a team, and want to build something rather than just fill a queue, we'd love to talk.