Security Engineering Manager

Thorlabs is pleased to play a role in advancing science through the components, instruments, and systems we design and manufacture. We believe that science and innovation have great potential to improve the world around us and are committed to advancing photonics (i.e., light-based) technologies that positively impact our customers, employees, and communities. Via educational outreach and more sustainable business practices, we continuously invest in a brighter future. We recognize that each of our employees is a unique individual with the ability to contribute to our success and seek to find great people who will thrive in our fun, fast-paced culture. The Security Engineering Manager will lead the evolution of our cybersecurity engineering, architecture, and operations. This role bridges strategic and tactical domains – collaborate cross-functionally with IT and business stakeholders, oversee enterprise security architecture (both Cloud and on-prem), manage security engineering team, and optimize security operations (including an outsourced SOC). This is a strategic role designed for a seasoned security expert with a proven ability to manage teams, architect complex solutions, and influence across departments. The successful candidate must be strategic while also comfortable at tactical level, with both leadership and hands-on responsibilities. Although the location of the position is in Newton, NJ, from time to time it may be required to undertake duties at other Thorlabs locations. Essential Job Functions include the following, but are not limited to: Leadership & Strategy Serve as a strategic advisor to the IT leadership team on emerging threats, investment priorities, and security posture. Set and track KPIs, KRIs, OKRs, and metrics to ensure effectiveness and continuous improvement. Collaborate closely with Infrastructure and Operations, Enterprise Applications, Application Development, and Enterprise Data teams to embed security into their processes. Present to executive stakeholders and help translate technical risk into business impact. Serve as the security SME in enterprise projects and technology investments, including tool evaluations, acquisitions, and divestitures, including strategic planning, budgeting, and cross-functional alignment. Security Architecture & Engineering Define and drive the enterprise security architecture roadmap across infrastructure, cloud, applications, and Operational Technology (OT). Lead the design and implementation of security controls, frameworks, and reference architectures. Oversee architecture reviews, and secure-by-design practices across the organization. Ensure baseline security measures are implemented and monitored (e.g., hardening, patching, zero trust, segmentation). Manage integration and ongoing optimization of security tools (e.g., CSPM, CNAPP, IAM, PKI, DLP). Identity & Access Management (IAM) Lead the Security Engineering function responsible for Identity and Access Management Architect and enhance enterprise IAM strategy including RBAC, PAM, MFA, SoD, and JML lifecycle. Drive IAM policy creation and enforcement across service, privileged, and user accounts. Guide the definition of IAM operating models, access certification processes, and automation of identity governance. Security Operations & Incident Response Oversee day-to-day security operations including SOC management (outsourced), SIEM/SOAR (Microsoft Sentinel), EDR/XDR, and threat detection and response. Collaborate with the SOC to improve detection rules, reduce false positives, and ensure robust incident detection and response capabilities. Plan and oversee penetration testing, forensic analysis, and incident investigations. Governance, Risk, & Compliance Align security architecture and operations with regulatory frameworks such as NIST, ISO 27001, CMMC, PCI-DSS, and GDPR. Partner with the GRC and Audit teams to ensure technical controls support broader compliance and risk. Coordinate with the GRC team to support policy development, risk assessments, and business continuity/disaster recovery planning. Requirements Physical Activities: The employee is occasionally required to stoop, kneel, crouch, climb or crawl. The employee must frequently lift and move up to 10 pounds and occasionally lift and move up to 25 pounds. Qualifications Experience: 10+ years of experience in cybersecurity with increasing leadership responsibility, with at least 4+ years direct people management in technical security teams. Extensive experience in security architecture, cloud platforms (Microsoft Azure, M365), and enterprise security tools. Strong command of at least 3 of the following core security domains: IAM, SIEM, vulnerability management, network security, DevSecOps, and incident response. Experience leading or managing an outsourced SOC or MDR provider. Proven leadership in security engineering and operations in a hybrid (cloud/on-prem) environment. Education: Bachelor’s degree in computer science, Engineering, related field, or equivalent work experience. Specialized Knowledge and Skills: Advanced degree (e.g., MS in Cybersecurity) is a plus. Certifications such as CISSP, CISM, Microsoft Certified: Cybersecurity Architect Expert, Azure Solutions Architect, or CEH. Experience with Microsoft Defender suite, Intune, Microsoft Sentinel, various IAM and Vulnerability Management Tools. Familiarity with security control frameworks (e.g., NIST CSF, MITRE ATT&CK, CIS). Excellent communication and interpersonal skills, with proven ability to lead across functions and influence executive stakeholders. Experience in Zero Trust architecture and OT security a big plus. Salary range for this position is $111,000 - $165,000 depending on experience Thorlabs values its diverse environment and is proud to be an Equal Employment Opportunity/Affirmative Action Employer. All qualified individuals will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age or veteran status. Job descriptions are not intended as and do not create employment contracts. The organization maintains its status as an at-will employer. Employees can be terminated for any reason not prohibited by law.