D’Addario & Company is the world’s largest manufacturer and distributor of musical instrument accessories, trusted by musicians globally. As a U.S.-based manufacturing company, we take pride in our commitment to cutting-edge automation, sustainable practices, and giving back through the D’Addario Foundation—providing music education access to underserved communities.  At D’Addario, our success is built on a culture of curiosity, passion, candor, family, and responsibility.

D’Addario is seeking a Principal Cybersecurity Engineer to lead the design and execution of a modern cybersecurity strategy. This role will protect our enterprise infrastructure, applications, and data by embedding security into every stage of the development and deployment lifecycle. You’ll play a key role in guiding the secure evolution of D’Addario’s digital ecosystem while fostering a security-first mindset across teams. As the Principal Cybersecurity Engineer, you will take ownership of designing, implementing, and continuously improving security controls across infrastructure, cloud, and software development lifecycles. You’ll align our security operations with modern DevSecOps practices—automating security testing, enforcing secure code practices, and integrating security into CI/CD pipelines. You’ll partner closely with IT, engineering, and business teams to build a culture of proactive security that balances innovation with risk mitigation. From securing cloud environments to enabling automated compliance checks, this is a hands-on and strategic role critical to our future.  This is a hybrid role and will require the candidate to work onsite in the Farmingdale, Long Island Headquarters office three days a week.

Here at D’Addario, not only do we offer a competitive compensation package, but the opportunity to build a career with one of the most highly regarded organizations in the music industry. We are eager to connect with individuals with all types of diverse backgrounds, thinking and perspectives.

Just a few of the benefits and perks of working at D’Addario:

• Health, vision, and dental insurance
• Assisted Reproduction/Fertility benefits
• Prioritize investing in your future with our 401k plan. Once eligible, we'll contribute 3% of your total annual compensation (and potentially up to an additional 7%) regardless of how much you choose to contribute to the plan.
• Paid Time Off (PTO)
• Flexible sick day policy
• 12 Paid Holidays
• Life and AD&D Insurance
• Enhanced Short-term disability insurance
• Employee Assistance Program (EAP)
• Tuition Reimbursement
• Discounts on D’Addario products and merchandise
• Company jam nights, holiday parties and special events
• An awesome team of colleagues who are passionate about what they do!!!

• Develop and execute a cybersecurity strategy aligned with NIST, CIS, and ISO frameworks.
• Define and enforce enterprise-wide security policies, standards, and architecture.
• Maintain and secure on-premise infrastructure including servers, firewalls, switches, routers, backup systems, and storage appliances.
• Implement and enforce network segmentation, access controls, and perimeter security policies on-prem.
• Monitor and manage patching, configuration baselines, and physical server security for all on-premise systems.
• Collaborate with IT operations to ensure high availability, backup integrity, and disaster recovery readiness of on-premise infrastructure.
• Integrate on-prem security telemetry with cloud-native SIEM tools
• Ensure consistent security posture and policy enforcement across hybrid environments using Azure Arc and other hybrid tooling.
• Secure Microsoft Azure environments using Azure-native tools such as Microsoft Defender for Cloud, Azure Policy, Azure Security Center, and Azure Key Vault.
• Define Azure Entra IAM strategies, monitor configurations, and implement guardrails via policy-as-code (e.g., Bicep, Azure Blueprints).
• Conduct enterprise risk assessments and develop mitigation plans.
• Lead threat hunting, incident response, and root cause analysis efforts.
• Deploy and manage Endpoint and other tools for vulnerability scanning and log analysis.
• Conduct red/blue team exercises and coordinate remediation with IT operations and DevOps teams.
• Ensure compliance with data protection and industry regulations (e.g., CCPA, GDPR, HIPAA) using Microsoft Compliance Manager.
• Maintain audit logs, control documentation, and readiness for third-party security assessments.
• Lead employee security training programs, simulate phishing attacks, and drive secure behavior adoption.
• Foster a DevSecOps mindset across the engineering and product development lifecycle.
• Embed security practices into DevOps workflows, CI/CD pipelines, and infrastructure as code using Azure DevOps.
• Automate security checks using GitHub Advanced Security, and container scanning tools.
• Define secure development standards and review code, build, and deployment processes.
• Enable shift-left security by training developers and automating early-stage testing in Azure-based environments.

• Bachelor’s degree in Cybersecurity, Computer Science, or a related field.
• CISSP, CISM, CEH, or Microsoft Security certifications (e.g., SC-200, AZ-500, SC-100) are preferred.
• 10+ years in cybersecurity with recent hands-on experience in Azure security and DevSecOps practices.
• Proven experience integrating security into Azure DevOps or GitHub CI/CD pipelines.
• Familiarity with container and orchestration security (e.g., Docker, Kubernetes on AKS).
• Strong scripting and automation capabilities (e.g., PowerShell, Python).
• Experience with Microsoft security and compliance platforms (e.g., Defender suite, Purview, Azure AD).
• Strong communication and collaboration skills with both technical and executive audiences.
• Ability to work cross-functionally and influence secure design decisions throughout the software lifecycle.

The base salary range for this role would be commensurate with experience: $135k to $150k per year

#LI-HYBRID