Lead Security Engineer

About The Position

Requirements

• Bachelor’s degree with 8+ years of relevant experience, or a High School Diploma with 12+ years of experience.
• 8+ years of experience in security engineering, identity management, or enterprise infrastructure security.
• 5+ years supporting Zero Trust, identity services, or security operations in large enterprises or federal environments.
• Hands-on expertise with Microsoft Entra ID / Azure AD, conditional access, RBAC design, and identity lifecycle management.
• Strong experience with Active Directory, GPOs, authentication protocols, and secure directory integrations.
• Experience using Splunk or similar SIEM tools for event analysis, SOC collaboration, and incident response.
• Working knowledge of Zero Trust architecture, automated access controls, and OMB M-22-09 compliance.
• Familiarity with immutable infrastructure, CI/CD pipelines, DevOps practices, and secure configuration baselines.
• Excellent communication skills with the ability to work across technical teams and federal leadership.
• Ability to work full-time on-site at SEC Headquarters in Washington, DC.
• Must be a U.S. Citizen
• Must be able to obtain and maintain the required agency clearance.

Nice To Haves

• Degree in Cybersecurity, Engineering, or a related field.
• Preferred certifications: Security+ Azure Security Engineer (AZ-500) Certified Identity and Access Manager (CIAM) Splunk Power User/Admin CISSP ITIL v4 Foundation
• Experience with MFA/FIDO2, Zero Trust solutions, automated provisioning tools, and secure DevOps pipelines.
• Familiarity with SIEM, SOAR, vulnerability management, and cloud security configuration frameworks.

Responsibilities

• Lead security engineering initiatives aligned with SEC Zero Trust strategy, OMB M-22-09, and federal cybersecurity frameworks.
• Manage and enhance Microsoft Entra ID (Azure AD) identity services, including authentication, authorization, conditional access, directory synchronization, and identity governance.
• Design, implement, and maintain Role-Based Access Control (RBAC) frameworks enforcing least privilege and compliance requirements.
• Develop and maintain automated RBAC and access provisioning workflows to ensure accurate, real-time entitlement management.
• Oversee Active Directory infrastructure, including domain operations, Group Policy Objects (GPOs), identity lifecycle management, and secure hybrid integrations.
• Monitor and analyze security events using Splunk; partner with SOC teams to identify threats, perform root cause analysis, and recommend remediation.
• Enforce device-level Zero Trust compliance across identity, network, application, and data layers with automated validation and remediation.
• Lead secure infrastructure migration efforts and support CI/CD pipelines, DevOps tooling, documentation, and knowledge transfer activities.