Sr. Security Engineer

About The Position

Requirements

• Bachelor’s Degree is required from an accredited, not for profit, in-person university or college.
• A track record of commitment to prior employers
• 5+ years of experience in Information Security or Security Engineering.
• One or more industry-recognized certifications (e.g., CISSP, SANS/GIAC, CCNA, equivalent).
• Strong experience securing AWS networking (NACLs, Security Groups, ALB/NLB, Transit Gateway, Network Firewall).
• Hands-on experience with NGFWs, WAFs, load balancers, and enterprise network segmentation.
• Strong scripting or automation skills (Python, PowerShell, or similar).
• Deep understanding of subnetting, routing, and network isolation principles.
• Experience with SaaS security platforms, CASB, or SSE tooling.

Nice To Haves

• Familiarity with identity-driven security models (SSO, OAuth, API tokens, service principals).
• Working knowledge of Azure DevOps, Terraform, or infrastructure-as-code workflows.
• Experience operating in large, complex enterprise environments.
• Ability to produce high-quality technical documentation and security standards.
• Strong communication and collaboration skills across technical and non-technical teams.
• Exposure to AI systems, model-assisted tooling, or developer copilots in an enterprise context.

Responsibilities

• Provide engineering expertise to ensure enterprise network changes are designed and implemented securely (on-prem and cloud).
• Audit existing network designs and infrastructure configurations and recommend improvements to security posture.
• Evaluate firewall change requests across on-premise and cloud environments.
• Design, enforce, and audit policies for Next Generation Firewalls (NGFW), load balancers, routers, switches, and wireless infrastructure.
• Manage Secure Service Edge (SSE) platform
• Partner with application owners and third-party risk teams to review SaaS security architecture and control effectiveness.
• Operate and tune SaaS security tooling (e.g., CASB/SSE capabilities) to detect risky behavior, misconfigurations, and data exfiltration paths.
• Define and enforce SaaS security standards for logging, identity integration, and least-privilege access.
• Support SaaS incident investigation and remediation efforts in coordination with legal, privacy, and compliance teams.
• Develop reusable SaaS security review patterns and documentation for engineering and procurement teams.
• Assess security risks associated with AI platforms, copilots, and agent-based systems, including model access controls, prompt/data leakage risks, and tool/plugin abuse.
• Partner with engineering teams to design security controls for AI-assisted workflows and developer tools.
• Contribute to governance models for AI usage, including enforcement of network, identity, and data security boundaries.
• Monitor AI-related telemetry and logs to identify anomalous behavior, data exposure, or misuse patterns.
• Support threat modeling and risk assessments for AI integrations with enterprise systems and SaaS platforms.
• Stay current on AI security threats, abuse patterns, and control frameworks, translating them into actionable enterprise safeguards.

Benefits

• Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug
• Life, legal, and supplementary insurance
• Virtual and in person mental health counseling services for individuals and family
• Commuter and parking benefits
• 401(K) retirement plan with matching contributions
• Employee stock purchase plan
• Paid time off
• Tuition reimbursement
• On-site fitness center and/or reimbursed fitness center membership costs (location dependent), with yoga studio, Pelotons, personal training, group exercise classes
• Access to CoStar Group’s Diversity, Equity, & Inclusion Employee Resource Groups
• Complimentary gourmet coffee, tea, hot chocolate, fresh fruit, and other healthy snacks