SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 98057, Renton, WA
  3. Sr. Cyber Security Engineer

Sr. Cyber Security Engineer

Virtuoso, Ltd.
Posted 8 days ago, valid for 16 days
Location

Renton, WA 98057, US

Salary

$135,000 - $150,000 per year

Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • Virtuoso® is seeking a Senior Cyber Security Engineer to design and manage its security infrastructure in a cloud-first Microsoft Azure environment.
  • The ideal candidate should have 5–7 years of progressive cybersecurity experience and a Bachelor's degree in a related field or equivalent practical experience.
  • Key responsibilities include architecting Zero Trust security controls, leading incident response capabilities, and managing compliance programs like ISO 27001 and PCI-DSS.
  • The position offers a competitive salary and a comprehensive benefits package, including medical, dental, vision, and a 401(k) savings plan.
  • Virtuoso is an equal opportunity employer, promoting a diverse workforce and considering various factors for base pay, including location and experience.

Virtuoso® is the leading global travel agency network specializing in luxury and experiential travel. This by-invitation-only organization comprises over 1,200 travel agency locations with more than 20,000 travel advisors in 58 countries throughout North America, Latin America, the Caribbean, Europe, Asia-Pacific, Africa and the Middle East. Drawing upon its preferred relationships with 2,500 of the world’s best hotels and resorts, cruise lines, airlines, tour companies and premier destinations, the network provides its upscale clientele with exclusive amenities, rare experiences and privileged access. Annual sales of (U.S.) $35 billion make Virtuoso a powerhouse in the luxury travel industry. For more information, visit www.virtuoso.com.


The Senior Cyber Security Engineer is a hands-on technical leader responsible for designing, building, and owning Virtuoso’s security infrastructure in a cloud-first environment anchored in Microsoft Azure. This role moves well beyond monitoring and reporting — the engineer architects Zero Trust security controls, drives DevSecOps adoption across engineering teams, and owns the full lifecycle of security tooling from evaluation through production. The Sr. Cybersecurity Engineer leads vulnerability management, incident response capabilities, and SIEM/SOAR operations, while maintaining ISO 27001 and PCI-DSS compliance programs and delivering executive-level security intelligence to leadership. This individual is the primary technical authority for protecting Virtuoso’s data, systems, and cloud workloads — a builder who makes the environment demonstrably more secure every quarter.


Essential duties and responsibilities include the following. Other duties may be assigned.

  1. Cloud Security Architecture & Engineering
    1. Design and architect security controls across Virtuoso’s Azure-primary cloud environment, including network segmentation, encryption standards, and identity boundaries.
    2. Architect and implement Zero Trust security principles across cloud, hybrid, and SaaS environments.
    3. Own Microsoft Defender for Cloud and Azure Policy configurations — design guardrails, enforce compliance baselines, and remediate posture findings.
    4. Design and implement Azure Firewall rules, network security groups, and Cato Networks SASE policies.
  2. SIEM / SOAR & Incident Response
    1. Architect, implement, and continuously improve Virtuoso’s SIEM/SOAR platform — own analytics rules, playbooks, workbooks, and data connector onboarding.
    2. Design and lead incident response capabilities: build runbooks, lead tabletop exercises, and drive post-incident reviews that produce measurable hardening.
    3. Operate and tune endpoint detection and response (EDR) platforms; investigate and contain endpoint threats with full ownership through closure.
  3. Vulnerability Management & Threat Intelligence
    1. Own the enterprise vulnerability management program end-to-end: tooling selection, scan cadence, automation of remediation tracking, and SLA enforcement with asset owners.
    2. Lead the threat intelligence program — ingest, analyze, and operationalize threat feeds into detection rules and preventive controls.
    3. Conduct and coordinate penetration testing activities; translate findings into prioritized engineering remediation plans.
  4. Identity & Access Management Security
    1. Own identity security in Microsoft Entra ID (Azure AD): design Conditional Access policies, Privileged Identity Management (PIM) workflows, and enforce least-privilege across the environment.
    2. Define and enforce authentication standards (MFA, phishing-resistant authenticators, passwordless) across all workforce and privileged accounts.
  5. DevSecOps & Security Automation
    1. Lead DevSecOps integration — embed automated security gates (SAST, DAST, SCA, secrets scanning) into Azure DevOps and GitHub Actions CI/CD pipelines.
    2. Build and maintain security automation using PowerShell, Python, and Azure-native tools (Logic Apps, Azure Functions) to reduce manual effort and accelerate response.
    3. Own Infrastructure as Code (Terraform, Bicep, ARM templates) security practices — design secure templates and enforce policy-as-code.
  6. Compliance, Audit & Data Platform Security
    1. Support ISO 27001 and PCI-DSS compliance programs — maintain control documentation, manage evidence collection, and lead internal audit cycles without external handholding.
    2. Support GDPR and CPRA compliance requirements, translating regulatory obligations into technical controls.
    3. Design and maintain security monitoring, access controls, and data masking configurations for the Snowflake data platform.
    4. Evaluate, implement, and own security tooling decisions; manage vendor relationships and license optimization for the security stack.
  7. Reporting & Community Engagement
    1. Produce executive-level security metrics, dashboards, and risk reports that translate technical posture into business-relevant language for leadership and the board.
    2. Engage with the security community through threat intelligence sharing, industry groups, and continuous learning; bring external insights back to improve Virtuoso’s defenses.


Educational and Skills Requirements:

  • Experience & Education
    • 5–7 years of progressive cybersecurity experience with demonstrated ownership of engineering-level deliverables (not just monitoring or support functions).
    • Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or a related field — or equivalent practical experience with professional certifications.
    • Proven track record of designing and shipping security capabilities in cloud environments, not solely operating inherited tooling.
  • Certifications
    • AZ-500 — Microsoft Azure Security Engineer Associate (Highly Preferred): Directly validates the Azure-native security engineering skills central to this role.
    • CISSP — Certified Information Systems Security Professional: Validates breadth of security knowledge and engineering-level thinking across domains.
    • CCSP — Certified Cloud Security Professional: Validates cloud security architecture knowledge essential for a cloud-first environment.
    • OSCP — Offensive Security Certified Professional: Demonstrates hands-on penetration testing capability and attacker mindset.
    • CompTIA Security+ / PenTest+: Accepted as a foundational certification for candidates building toward CISSP or OSCP.
  • Security Frameworks & Methodologies
    • Deep working knowledge of ISO 27001, NIST Cybersecurity Framework (CSF), and NIST SP 800-53.
    • Hands-on experience implementing PCI-DSS controls in cloud or hybrid environments.
    • Familiarity with MITRE ATT&CK framework for threat modeling and detection engineering.
  • Core Competencies
    • Cloud security architecture and engineering — Azure primary; familiarity with multi-cloud patterns.
    • Incident response leadership: from detection through containment, eradication, and post-mortem.
    • Security automation and scripting (PowerShell, Python) for tooling integration and workflow acceleration.
    • DevSecOps and CI/CD pipeline security integration.
    • Strong written and verbal communication — ability to translate technical risk into executive-level narrative.
    • Threat intelligence analysis and operationalization.
  • Technical Competencies
    • Microsoft Azure Security Services: Microsoft Defender for Cloud, Microsoft Sentinel, Azure Policy, Azure Firewall, Azure Security Center.
    • Microsoft Entra ID (Azure AD): Conditional Access, Privileged Identity Management (PIM), Identity Protection, SSPR.
    • Microsoft 365 Defender / Microsoft 365 Security Suite: Defender for Endpoint, Defender for Identity, Defender for Office 365, Secure Score.
    • Snowflake Security: Data access controls, dynamic data masking, network policies, audit logging, and alerting.
    • Cato Networks SASE / Firewall Platform: Policy design, traffic inspection, and incident investigation.
    • Endpoint Detection & Response (EDR) Platforms: Deployment, tuning, investigation, and threat containment.
    • Vulnerability Management Platforms: Qualys, Rapid7, Tenable or equivalent — scan configuration, reporting, and remediation tracking.
    • Security Scripting & Automation: PowerShell and Python for automating security workflows, API integrations, and tooling pipelines.
    • SIEM / SOAR: Microsoft Sentinel — analytics rules, KQL queries, SOAR playbook development, workbook design.
    • Preferred:
      • Infrastructure as Code (IaC): Terraform, Bicep, or ARM templates with security policy enforcement and drift detection.
      • CI/CD Pipeline Security: Azure DevOps or GitHub Actions — integrating SAST, DAST, SCA, and secrets scanning into build pipelines.
      • Application & Network Penetration Testing: Experience scoping, executing, or managing internal or third-party assessments.
      • Zero Trust Architecture Implementation: Practical experience applying Zero Trust principles across identity, devices, network, and data workloads.


Travel Requirements:

  • Occasional travel (up to 10%) may be required for vendor meetings, security conferences, or audit activities.
  • Travel will be primarily domestic but may include some international.


Type/Nature of Contacts:

  • External: Regular contact with security vendors and managed service providers, PCI-DSS QSA auditors and ISO 27001 certification body, and threat intelligence sharing communities and industry groups.
  • Internal: Key job contacts include both clerical, technical staff and managers within the job’s immediate work unit/department, as well as regular cross-departmental work



We offer a competitive salary and full benefits package, including medical/dental/vision/life, 401(k) savings plan, and more. Virtuoso is an equal opportunity employer, dedicated to promoting a diverse workforce.


Pay ranges are intended to cover roles based across the United States. An individual's base pay depends on various factors including geographical location, experience, knowledge, skills, and abilities of the applicant.



Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs