Department: Security
Reports To: Director of Information Security
Employment Type: Full-Time
Location: Remote (US only)
Preferred Time Zones: Mountain or West Coast
About Sentant
Sentant is a managed service provider delivering IT support, cybersecurity, compliance, infrastructure, and strategic technology services to growing organizations. Our security practice is built around a curated, tiered set of security platforms that we deploy, configure, and manage on behalf of clients across Finance, SaaS, Healthcare, and other regulated industries.
Position Summary
The Security Engineer is responsible for designing, deploying, and maintaining security controls across a diverse portfolio of managed services clients. This role spans the full breadth of a modern security stack — endpoint protection, email security, identity and access management, network security and Zero Trust access, vulnerability management, backup and recovery, security monitoring, and compliance automation.
You will work with the specific platforms Sentant has standardized on for each of these domains, while also helping evaluate and refine that stack as client needs and the threat landscape evolve. This role is ideal for someone who enjoys solving complex security problems, building repeatable processes, and communicating effectively with both technical and non-technical stakeholders.
This position offers significant upward mobility, including a potential long-term path toward leading a security team or department.
Key Responsibilities
Endpoint & Device Security
- Deploy, tune, and maintain endpoint detection and response (EDR) coverage across client environments.
- Administer mobile device management (MDM) and endpoint configuration policies.
- Monitor endpoint alerts, investigate detections, and drive remediation to closure.
Email & Identity Security
- Configure and maintain email security platforms, including phishing and malware protection.
- Manage DMARC, SPF, and DKIM policies and guide domains toward full enforcement.
- Support identity and access management, including MFA, privileged account controls, and identity threat detection and response.
- Administer password/secrets management tooling for client and internal use.
Network Security & Zero Trust
- Deploy and manage Zero Trust Network Access (ZTNA) policies and access groups.
- Collaborate with infrastructure and network teams to improve network segmentation and access controls.
- Troubleshoot connectivity and policy issues across Zero Trust and network security tooling.
Vulnerability & Patch Management
- Perform vulnerability scanning and analysis, and build practical remediation plans.
- Administer RMM and patch management tooling to keep client environments current and compliant.
- Track remediation items through completion and escalate overdue or high-risk findings.
Monitoring, Backup & Compliance Tooling
- Monitor security event and log data (SIEM) for signs of compromise, and tune detection rules to reduce noise while preserving coverage.
- Configure and maintain backup and recovery solutions (endpoint, Google Workspace/M365, and other data sources) to support business continuity.
- Support compliance automation platforms used to track controls and evidence for frameworks such as SOC 2, HIPAA, NIST, and ISO 27001.
Incident Response & Documentation
- Monitor, investigate, and respond to security incidents across all the domains above.
- Develop security playbooks, runbooks, and operational documentation for each part of the organizational stack.
- Assist with implementing and mapping frameworks such as NIST and CIS.
- Communicate technical issues and findings clearly to both technical and non-technical stakeholders.
Required Qualifications
- 5+ years of Security Engineering experience, ideally supporting multiple client or business-unit environments.
- Hands-on experience with endpoint detection and response (EDR) at production scale.
- Experience with email security and DMARC/SPF/DKIM configuration.
- Experience with vulnerability management and RMM/patch management tooling.
- Familiarity with Zero Trust network access concepts and identity/access management practices.
- Familiarity with NIST and CIS frameworks.
- Strong troubleshooting and analytical skills, with the ability to work independently in a remote environment.
- Strong documentation and communication skills, including the ability to explain technical issues to non-technical stakeholders.
Preferred Experience
- Direct experience with platforms such as CrowdStrike, Avanan, Qualys, NinjaOne, Cloudflare Zero Trust, JAMF, Microsoft Intune, or similar tools across the domains above.
- Experience with SIEM platforms and security automation or scripting.
- AWS security experience.
- Experience in an MSP or multi-tenant security environment.
- Relevant certifications tied to any of the domains above (e.g., vendor-specific EDR, cloud, or Zero Trust certifications).
Work Environment
This position operates remotely within the United States, with a preference for Mountain or West Coast time zones to align with client and team coverage needs. The employee must maintain a reliable internet connection, work securely with confidential client information, and remain available during assigned working hours. Occasional travel or onsite work may be required for incidents or client engagements.
Additional Information
This job description describes the general nature and level of work performed and is not an exhaustive list of responsibilities or qualifications. Duties may be modified based on business needs, client requirements, regulatory changes, or the employee's skills and experience.
Sentant is an equal opportunity employer and considers qualified applicants without regard to legally protected characteristics.