Lead, Security Engineer

About The Position

Requirements

• 12+ years of hands-on security engineering experience spanning cloud security, infrastructure security, network security, or user environment security, with progression into leadership roles
• 5+ years leading security engineering programs, owning the full lifecycle of security capability delivery from architecture through decommission
• 3+ years managing and developing security teams across multiple disciplines, with demonstrated success in team building and talent development
• Proven track record architecting, deploying, and maintaining production-grade security capabilities across cloud, network, and endpoint domains
• Deep expertise in CSPM, ASM, SSPM, endpoint security, mobile security, and network security engineering disciplines
• Demonstrated experience partnering with Security Operations teams, defining operational handoff criteria, and enabling effective use of deployed capabilities
• Deep knowledge of major cloud platform security models, including IAM, networking, security services, and governance frameworks across multiple cloud environments
• Experience with Infrastructure as Code security, including secure module development, pipeline-integrated scanning, and policy-as-code enforcement
• Network security engineering expertise including next-generation firewalls, segmentation, zero trust architectures, VPNs, and IDS/IPS
• Endpoint and mobile security engineering expertise including EDR deployment and tuning, MDM/MAM, device hardening, and BYOD security models
• Experience engineering and integrating CSPM, ASM, and SSPM platforms into enterprise security ecosystems
• Container and workload security engineering covering orchestration platforms and runtime protection
• Scripting and automation skills for building security engineering tooling and deployment automation
• Knowledge of security frameworks and standards: NIST CSF, CIS Controls, MITRE ATT&CK, ISO 27001
• Experience with security monitoring platforms and the ability to engineer telemetry pipelines that feed Security Operations
• Executive presence with the ability to communicate engineering strategy and risk to technical and non-technical audiences
• Strategic thinking balanced with hands-on engineering execution capabilities
• Ability to influence without authority to drive security engineering standards across infrastructure and operations organizations
• Strong interpersonal skills for coaching, mentoring, and building trust with diverse stakeholders including Security Operations peers
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience)
• Desired certifications: CISSP, CCSP, cloud security specialty certifications, GCIH, GCIA, or equivalent

Nice To Haves

• Experience with AI-powered security tooling and AI-driven automation for security engineering and detection capabilities
• Experience in highly regulated industries (financial services, healthcare, government) with complex compliance requirements
• Zero trust architecture design and implementation experience across network and user access domains
• Multi-cloud security engineering experience spanning multiple major cloud platforms
• GitOps experience with infrastructure deployment automation tools
• Service mesh security engineering experience in complex microservices environments
• SOAR integration experience, engineering automation workflows that connect deployed capabilities to Security Operations platforms
• Master's degree in a relevant field
• Experience with security metrics and reporting to board-level audiences
• Previous experience in multi-site or distributed team leadership
• Advanced certifications in cloud architecture, network security, or offensive security disciplines

Responsibilities

• Design and implement a comprehensive Security Engineering Program spanning cloud infrastructure, network, and user environment security, including policies, standards, processes, metrics, and tooling
• Own the full engineering lifecycle (architect, build, deploy, maintain, and decommission) for all security capabilities within the program's scope
• Establish and mature engineering practices across infrastructure deployment, network architecture, and user environment security, including threat modeling, secure design reviews, configuration hardening, and security acceptance criteria
• Define and enforce engineering standards, design patterns, and operational readiness criteria that ensure security capabilities are stable, scalable, and operable by Security Operations upon handoff
• Drive security awareness initiatives that elevate secure infrastructure and operational practices across engineering, SRE, and IT operations teams
• Develop and deliver training programs for infrastructure engineers, cloud engineers, network engineers, and IT operations staff on secure configuration, threat modeling, and emerging security risks
• Build security champions programs to embed security advocates within infrastructure and operations teams
• Define and track program metrics and KPIs to measure engineering delivery quality, capability maturity, and security posture improvements across all domains
• Architect security capabilities across cloud, network, and user environment domains, ensuring designs are scalable, resilient, and aligned with enterprise architecture principles
• Drive engineering delivery of security tooling, integrating capabilities into CI/CD pipelines, GitOps workflows, and infrastructure operations
• Oversee policy-as-code frameworks to enforce security standards and configuration compliance at scale
• Evaluate and adopt emerging security technologies, ensuring new capabilities are architected and deployed to production-ready standards
• Partner with Security Operations to define operational requirements, runbooks, and handoff criteria for all deployed capabilities
• Partner with engineering, SRE, and platform leadership to balance security requirements with operational efficiency and business objectives
• Stay current with the evolving threat landscape across cloud, network, endpoint, and mobile domains, continuously adapting the engineering program accordingly
• Architect and engineer cloud security capabilities across all cloud environments, including secure landing zones, account structures, governance frameworks, and cloud-native security controls
• Build and maintain cloud security posture management (CSPM) capabilities, owning the full engineering lifecycle from architecture through deployment, tuning, and eventual decommission
• Engineer cloud-native security controls including identity and access management, network controls, encryption services, and data protection capabilities
• Build and maintain security engineering for containerized workloads, serverless functions, managed databases, object storage, and API gateways
• Engineer container and workload security across container orchestration platforms, ensuring runtime protection, image integrity, and least-privilege access
• Implement and maintain secrets management and encryption key lifecycle infrastructure using vault and key management platforms
• Develop and maintain IaC security modules, secure deployment templates, and pipeline-integrated scanning capabilities for use by infrastructure and SRE teams
• Architect and deploy ASM capabilities that provide continuous discovery and inventory of all internet-facing assets, including cloud resources, network-exposed services, and shadow IT
• Engineer integrations between ASM tooling and downstream systems including vulnerability management, CSPM, and Security Operations platforms
• Build and maintain the data pipelines, connectors, and automation workflows that ensure ASM coverage is complete, accurate, and current
• Tune and maintain ASM platform configurations, asset classification logic, and risk scoring to reduce noise and improve signal fidelity for Security Operations
• Establish engineering runbooks and handoff documentation so Security Operations can effectively monitor, triage, and act on ASM findings
• Manage the decommission lifecycle of ASM capabilities as tooling evolves, ensuring continuity of coverage and clean transitions
• Architect and deploy SSPM capabilities providing continuous visibility into the security configuration and compliance posture of enterprise SaaS applications
• Engineer integrations between SSPM tooling and enterprise SaaS applications, identity platforms, and Security Operations workflows
• Build and maintain configuration baseline definitions, compliance mappings, and automated assessment workflows within the SSPM platform
• Tune and maintain SSPM detection logic, OAuth and integration monitoring, and excessive permissions detection to align with organizational risk tolerance
• Establish engineering runbooks and handoff documentation so Security Operations can effectively monitor and remediate SSPM findings
• Manage the decommission lifecycle of SSPM capabilities, ensuring continuity of SaaS security visibility during platform transitions
• Architect and engineer enterprise network security capabilities across on-premises, hybrid, and multi-cloud environments
• Design, build, and maintain network segmentation architectures, including zero trust principles, micro-segmentation, and perimeter defense models
• Engineer and maintain network security controls including next-generation firewalls, intrusion detection and prevention systems, VPNs, network access controls, and secure DNS
• Architect and build secure connectivity solutions for hybrid and multi-cloud environments, including software-defined networking and secure remote access
• Engineer network telemetry and logging pipelines to feed Security Operations monitoring and detection platforms
• Develop and maintain network security standards, baselines, configuration templates, and operational runbooks
• Manage the decommission lifecycle of network security capabilities, ensuring no gaps in coverage during transitions
• Architect and engineer security capabilities for all user-facing environments, encompassing desktop, laptop, mobile, and virtual endpoints across the enterprise
• Build and maintain endpoint security standards and hardening baselines for all managed operating systems and device types
• Engineer and maintain endpoint detection and response (EDR) capabilities, including platform deployment, policy configuration, detection tuning, and integration with Security Operations platforms
• Architect and engineer mobile security capabilities, including mobile device management (MDM), mobile application management (MAM), and security policy enforcement for corporate-owned and BYOD devices
• Build and maintain data protection controls on endpoints and mobile devices, including device encryption, data loss prevention, and remote wipe capabilities
• Engineer secure access from user environments to enterprise and cloud resources, including zero trust network access (ZTNA) and conditional access policy infrastructure
• Develop and maintain engineering runbooks and handoff documentation enabling Security Operations to monitor, respond to, and manage endpoint and mobile security events
• Manage the decommission lifecycle of endpoint and mobile security capabilities, ensuring coverage continuity during platform transitions
• Build and scale security automation for deployment, configuration validation, detection engineering support, and remediation across cloud, network, and user environment domains
• Create and maintain reusable IaC security modules and deployment templates for secure-by-default infrastructure provisioning
• Implement and maintain IaC scanning and validation in deployment pipelines to enforce security standards before production
• Build compliance validation automation to continuously assess environments against security baselines and regulatory frameworks
• Develop and maintain security metrics and dashboards providing unified visibility into engineering delivery and capability health across all domains
• Support compliance initiatives for SOC 2, ISO 27001, PCI-DSS, HIPAA, and other applicable frameworks across all engineering domains
• Conduct security architecture and engineering reviews ensuring deployed capabilities meet compliance and control requirements
• Document security architectures and maintain system security plans (SSPs), control documentation, and engineering design records
• Develop and maintain engineering runbooks and procedures for capability operation, incident response support, and lifecycle management
• Generate compliance reports demonstrating security control implementation and effectiveness to leadership and auditors
• Lead, mentor, and develop a team of 15-25 Cloud, Infrastructure, Network, and User Environment Security Engineers and Architects
• Build team capabilities through hiring, skills development, career planning, and performance management
• Foster a collaborative culture that emphasizes engineering excellence, continuous learning, and operational readiness
• Allocate resources effectively across engineering initiatives, capability deployments, and lifecycle management activities, ensuring the team meets defined SLAs and SLOs
• Provide leadership, mentorship, and support to security team members across all locations regardless of functional reporting structure
• Act as a key point of contact for security team members seeking leadership guidance, career development, or organizational support
• Build and maintain strong relationships with engineering, infrastructure, network, cloud, IT operations, Security Operations, and business stakeholders
• Communicate program strategy, delivery progress, and risk to executive leadership and the CISO
• Collaborate with peer security leaders to ensure consistency and knowledge sharing across the enterprise security program

Benefits

• annual incentive program