Principal Cyber Security Engineer 2026-01508

About The Position

Requirements

• Bachelor's Degree (typically in Computer Technology)
• 1-3 years of progressive work experience (typically in Computer Technology) OR 4-7 years of progressive work experience (typically in Computer Technology)
• Mastery of general cybersecurity architecture, enterprise defense strategies, and unified threat management.
• Expert knowledge of the CrowdStrike Falcon platform, Real Time Response (RTR), sensor deployment, Windows kernel hardening, and Active Directory security.
• Deep expertise in securing Google Environments (Google Workspace, Google Cloud Platform (GCP) IAM, Security Command Center) and bridging cloud environments with Active Directory.
• Expert proficiency in Python and PowerShell for security automation and REST API interaction (especially Google Admin SDK and CrowdStrike APIs).
• Advanced knowledge of memory forensics, malware analysis, and cloud telemetry hunting via the MITRE ATT&CK framework.
• Working knowledge of applying CJIS, IRS Pub 1075, and NIST 800-53 controls to both cloud and local assets.
• Ability to translate complex technical risks into business terms for executive leadership.
• Successful applicants must pass a comprehensive fingerprint-based background check to comply with CJIS and IRS Pub 1075 access requirements.
• Must be available for 24/7 on-call rotation and immediate emergency response during state-level cyber incidents.

Nice To Haves

• Proven track record of handling high-stakes breaches and managing enterprise-scale security platforms across hybrid Windows/Cloud environments.
• Verifiable project history in custom security tooling and integration.

Responsibilities

• Serves as the state’s lead security architect, defining overarching cybersecurity architecture across all domains, advising the CISO on emerging threats, evaluating enterprise-wide security investments, and setting state-wide technical standards.
• Leads engineering for CrowdStrike Falcon and enterprise Zero Trust frameworks, architecting conditional access policies that securely bridge Google Environments with Active Directory.
• Optimizes sensor and log ingestion across Windows servers, cloud-native workloads, and multi-cloud (GCP/Azure/AWS) environments to ensure 100% visibility.
• Serves as the final escalation point for the most complex security breaches, performing deep-dive forensics spanning memory analysis on obfuscated Windows malware to anomalous behavioral tracking within Google Workspace audit logs.
• Reconstructs attack timelines, identifies persistence, and leads technical containment for state-level crises.
• Utilizes Python, PowerShell, and Bash to automate complex security workflows and builds custom API bridges utilizing Google Workspace Admin SDK, GCP Security Command Center, and CrowdStrike APIs to orchestrate automated response actions.
• Designs infrastructure security using IaC (Terraform/Ansible) to ensure all systems meet CJIS, IRS Pub 1075, and NIST 800-53 requirements by default.
• Implements hardening baselines tailored for both cloud-native workloads and Windows systems based on emerging threat intelligence.
• Performs proactive threat modeling on new enterprise systems before deployment and provides technical mentorship to CSOC Analysts and junior engineers.

Benefits

• Comprehensive health, dental, and vision insurance
• Paid vacation, sick leave, FMLA and holidays
• Retirement - Pension and 457B plans that help you build a secure future
• Flexible schedules and work-life balance options
• Meaningful work that makes a difference for Wyoming communities