IT Security & Compliance Engineer

We are looking for an IT Security & Compliance Engineer who can wear multiple hats across cybersecurity, regulatory compliance, and network engineering in an MSP environment serving SEC and FINRA-regulated financial firms. This is a hands-on, senior-level individual contributor role where you will be the go-to expert for securing client environments, writing and maintaining compliance documentation, managing Microsoft 365 data governance, and designing and maintaining network infrastructure. You will work directly with clients and serve as a trusted advisor on all matters related to security posture, regulatory readiness, and IT resilience.

What You'll Do

Security Operations & Threat Management

• Deploy, monitor, and manage SentinelOne (EDR/XDR) across client endpoints; manage policies, exclusions, threat hunting, and incident response workflows
• Administer KnowBe4 security awareness training programs and simulated phishing campaigns for regulated clients
• Perform vulnerability scanning and management using tools such as Nessus, Qualys, or Rapid7; coordinate remediation with client stakeholders on defined timelines
• Conduct and support penetration testing engagements (internal and third-party); translate findings into actionable remediation plans
• Security incident response - investigate alerts, triage security incidents, perform root cause analysis, and manage escalation procedures
• Implement and refine SIEM rules, log aggregation, and alerting (e.g., Microsoft Sentinel, Splunk, or equivalent)
• Manage core security controls, including MFA enforcement, conditional access policies, privileged access management (PAM), and least-privilege models
• Conduct periodic security posture reviews to align with SEC, FINRA, and NIST/CIS requirements for each client environment

Regulatory Compliance & Policy Development (SEC/FINRA Focus)

• Author, review, and maintain compliance documentation, including Information Security Policies (ISPs), Acceptable Use Policies, Incident Response Plans, Data Classification policies, and Vendor Risk Management frameworks tailored to SEC and FINRA-regulated firms
• Develop and maintain Business Continuity Plans (BCPs) covering critical business functions, RTOs/RPOs, communication plans, alternate site procedures, and annual tabletop exercises
• Write and test Disaster Recovery (DR) plans, including failover procedures, backup validation schedules, recovery runbooks, and DR testing protocols aligned to SEC Rule 17a-4 and FINRA Rules 4370/3110
• Support client compliance initiatives by supporting annual SEC examinations, FINRA audits, SOC 2 readiness, and regulatory questionnaire responses
• Assist with risk assessments and audit preparation; own the evidence collection process for Books and Records requirements, cybersecurity assessments, and supervisory procedure reviews
• Ensure client environments meet regulatory data protection standards per SEC Regulation S-P, S-ID (Red Flags), and Regulation SCI where applicable

Microsoft 365 Security, Retention & Data Governance

• Configure and manage retention policies and retention labels in Microsoft 365 / Purview to meet SEC Rule 17a-4 and FINRA 3110/4511 requirements for electronic communications archiving
• Implement and manage litigation holds in Microsoft Purview eDiscovery to support regulatory examinations, internal investigations, and legal proceedings
• Administer data loss prevention (DLP) and information protection, including sensitivity labels, DLP rules for PII/NPI, and information barriers for firms with Chinese wall requirements
• Manage Microsoft 365 security and device management - conditional access, app protection policies, Intune compliance policies, and device enrollment for BYOD and firm-owned endpoints
• Configure mailbox journaling, audit logging, and unified audit log searches for compliance evidence and incident investigations
• Manage Exchange Online Protection (EOP) and Defender for Office 365, including anti-phishing, anti-malware, safe links/attachments, and DMARC/DKIM/SPF configurations

Network Engineering & Infrastructure

• Design, deploy, and maintain enterprise network infrastructure, including VLANs, inter-VLAN routing, ACLs, port security, and spanning tree for client office and data center environments
• Configure and manage site-to-site and client VPN solutions, including IPsec tunnels, SD-WAN overlays, and secure remote access solutions (always-on VPN, ZTNA)
• Firewall administration (Meraki, Fortinet, SonicWall, Cisco) - manage policies, DNS security (Cisco Umbrella), web filtering, NAT, and IDS/IPS for client perimeters
• Deploy and manage wireless networks with proper segmentation, QoS, and hardening for financial services environments
• Network monitoring and performance management using PRTG, Auvik, Datto RMM, or similar tools; maintain network documentation and topology diagrams
• Troubleshoot complex connectivity issues for VoIP, trading platforms, and real-time market data feeds where latency sensitivity is critical

Security Tool Implementation & Management

• Evaluate, deploy, and manage the security tool stack: SentinelOne (EDR/XDR), KnowBe4, Cisco Umbrella (DNS security), email security gateways, and privileged access management solutions
• Own the full lifecycle of security tooling: coordinate rollouts, policy configurations, and ongoing tuning across all client environments
• Manage endpoint hardening and patch management through RMM platforms; ensure patching cadence meets CIS benchmarks and regulatory expectations
• Implement and deploy certificate management solutions, including root CA distribution, SSL/TLS inspection, and PKI for client environments
• Maintain documentation for all security tools, including SOPs, configuration baselines, and runbooks

Client Advisory & Cross-Functional Support

• Serve as a trusted security and compliance advisor to clients on security posture, compliance readiness, and technology strategy; present findings and recommendations to firm leadership, CCOs, and compliance counsel
• Create client-facing security assessment deliverables, actionable reports, and compliance evidence packages for regulatory examinations
• Collaborate with the helpdesk and infrastructure teams to ensure security is embedded in daily operations, onboarding/offboarding, and change management
• Provide mentorship and training for both internal team members and client staff on security awareness and regulatory best practices

• 5+ years of hands-on experience in IT security, compliance, or network engineering, ideally within an MSP or multi-client financial services environment
• Demonstrated experience supporting SEC-registered investment advisers, FINRA broker-dealers, hedge funds, or similar regulated entities
• Proven track record authoring ISPs, BCPs, DR plans, incident response plans, and related compliance documentation
• Hands-on proficiency with security tools: SentinelOne (or comparable EDR), KnowBe4, vulnerability management platforms (Nessus, Qualys, Rapid7)
• Strong Microsoft 365 security and compliance experience, including retention policies, litigation holds, DLP, eDiscovery, Purview compliance portal, and Defender for Office 365
• Solid networking foundation: VLANs, VPNs (IPsec/SSL), firewalls (Meraki, Fortinet, SonicWall), switching, routing, and wireless
• Working knowledge of regulatory frameworks: SEC Rule 17a-4, Regulation S-P, FINRA Rules 3110/4370/4511, NIST CSF, CIS Controls
• Strong written and clear communication skills - ability to translate technical findings into business risk language for compliance officers and firm leadership, * Industry certifications: CISSP, CISM, Security+, CEH, CCNA, CCNP Security, or Microsoft Security certifications (SC-200, SC-300, SC-400)
• Experience with compliance frameworks: SOC 2 readiness, NIST 800-171, CIS Benchmarks, ISO 27001
• Scripting/automation skills: PowerShell, Python, or Bash for automation of security operations and compliance tasks
• Experience with Azure/AWS security configurations and cloud networking (Azure Virtual WAN, ExpressRoute, AWS VPC)
• SIEM administration and log analysis (Microsoft Sentinel, Splunk, or equivalent)
• Experience with documentation of network architectures, security control matrices, and compliance evidence repositories
• Backup and recovery experience with Datto, Veeam, or similar platforms, including immutable backup strategies for ransomware resilience, * Writing Security Policies: 2 years (Required)
• Security User Training: 2 years (Required)
• DUO: 2 years (Preferred)
• KnowBe4: 2 years (Preferred)

Professional development assistance, Health insurance, Paid time off, Vision insurance, Dental insurance, Flexible schedule, Why Join Option One Technologies

• High-impact, multi-disciplinary role - work at the intersection of cybersecurity, compliance, and financial services with some of the most sophisticated firms in the industry
• Accelerated professional growth - direct exposure to SEC/FINRA regulatory environments, advanced security tooling, and complex network architectures across a diverse client portfolio
• Entrepreneurial culture - small, senior team where your work directly shapes client outcomes and company direction
• Professional development budget to earn industry certifications and attend training
• Comprehensive benefits: health, dental, and vision insurance; flexible schedule; paid time off; hybrid work arrangement
• Competitive compensation commensurate with experience

Pay: From $80,000.00 per year

Benefits:

• Dental insurance
• Flexible schedule
• Health insurance
• Paid time off
• Professional development assistance
• Vision insurance

Option One Technologies is a next-generation managed IT and cloud platform revolutionizing how financial services firms and institutions access best-in-class technology. Founded in 2019 by alumni from the Boston-based hedge fund Highfields Capital Management, we deliver white-glove managed services purpose-built for SEC-registered investment advisers, FINRA broker-dealers, hedge funds, and high-net-worth family offices. Our mission is to make enterprise-grade security, compliance, and infrastructure accessible to firms of every size - from established institutions to emerging managers.