Note: The job is a remote job and is open to candidates in USA. CBIZ, Inc. is a leading professional services advisor to middle-market businesses nationwide. They are seeking a Lead Security Engineer to design, implement, and continuously improve enterprise security technologies and controls across various domains, focusing on building secure solutions and enhancing operational resilience.
Responsibilities
- Design, implement, harden, and maintain enterprise security controls and reference architectures across:
- Engineer secure-by-default configurations and technical guardrails that reduce attack surface, improve resilience, and support scalable enterprise operations
- Translate business, compliance, and security requirements into practical engineering designs and sustainable technical solutions
- Evaluate current-state architectures, identify control gaps, and implement improvements that strengthen security posture while maintaining operational usability
- Partner with infrastructure, cloud, networking, systems, and endpoint teams to embed security into enterprise platforms, workflows, and lifecycle processes
- Engineer and operationalize controls for identity protection, phishing defense, DLP, conditional access, privileged access, tenant security baselines, and cloud workload protection
- Secure workloads, identities, and data across hybrid and multi-cloud environments through design standards, configuration baselines, and measurable technical guardrails
- Support and troubleshoot certificate-based authentication, encryption, and PKI-related services, including lifecycle considerations such as issuance, renewal, revocation, and dependency management
- Improve authentication security, access control design, and privileged access protections across enterprise systems and cloud platforms
- Design and validate visibility and monitoring coverage for cloud, identity, endpoint, email, and platform security events to ensure reliable telemetry and actionable data
- Build, administer, and continuously improve core security platforms and integrations, including:
- Develop and maintain automation using PowerShell, Python, Bash, APIs, and workflow tooling to support enrichment, orchestration, reporting, evidence collection, system validation, and control enforcement
- Design and optimize log collection, parsing, normalization, retention, and access models to improve searchability, detection quality, auditability, and investigative efficiency
- Improve platform reliability, scalability, and maintainability through lifecycle upgrades, engineering standards, technical documentation, and structured change control
- Evaluate and responsibly implement AI-enabled security capabilities where they provide measurable improvements in efficiency, visibility, or control effectiveness
- Engineer and refine analytic rules, correlation logic, alerting thresholds, and detection content across cloud, identity, endpoint, email, and network security technologies
- Validate detections and controls through testing, simulation, tuning, and gap analysis to improve fidelity and reduce noise
- Translate lessons learned from incidents, platform issues, and control failures into durable engineering improvements such as new detections, automation, hardening standards, and preventive safeguards
- Contribute to complex investigations and incident response activities as a senior technical resource, including root cause analysis, containment support, and remediation validation
- Participate in on-call or escalation support as needed for significant incidents or high-priority technical issues
- Own complex technical initiatives from design through implementation, support, optimization, and documentation
- Balance project-based engineering work with platform maintenance, technical debt remediation, backlog reduction, and continuous control improvement
- Create and maintain actionable documentation including architecture diagrams, standards, SOPs, runbooks, playbooks, and knowledge base content aligned to production reality
- Define and track measurable improvements in platform health, control coverage, alert quality, automation effectiveness, and engineering maturity
- Serve as a senior technical contributor who establishes patterns, improves standards, and advances overall enterprise security engineering maturity
- Partner closely with GRC, IT, Cloud, Networking, Systems, Endpoint, and business teams to develop secure designs and pragmatic technical solutions
- Clearly communicate architecture decisions, technical findings, control gaps, implementation plans, and remediation priorities to both technical and non-technical stakeholders
- Provide technical guidance and mentorship to analysts and engineers, helping elevate engineering practices, platform understanding, and troubleshooting capability across the team
- Influence cross-functional stakeholders and help remove blockers to drive timely technical outcomes
Skills
- College Degree or equivalent required
- 8 years related experience
- Expert technical knowledge
- Knowledge of industry regulations
- Ability to lead and coordinate the team activities of others
- Ability to formulate, document and recommend new policies and procedures
- Able to work in and lead a team
- Demonstrated ability to communicate verbally and in writing throughout all levels of an organization, both internally and externally
- Ability to travel as required by business and on-call availability
- 10+ years of experience in Information Security, Security Engineering, Infrastructure Security, or closely related technical roles, including senior or lead ownership of complex security initiatives
- Demonstrated hands-on expertise designing, implementing, and supporting enterprise security technologies across cloud, identity, endpoint, network, email, and data protection domains
- Deep experience securing cloud environments such as Azure and/or AWS, and operationalizing Microsoft 365 security capabilities including Defender, email protection, DLP, conditional access, and identity protections
- Strong experience securing and supporting Azure Virtual Desktop (AVD) environments, including identity controls, endpoint protections, logging, monitoring, and configuration hardening
- Working knowledge of PKI, certificate-based authentication, and encryption, with the ability to troubleshoot production issues and understand operational and security impacts
- Strong scripting and systems skills, including PowerShell as a core requirement, with Python and/or Bash strongly preferred
- Hands-on experience building and maintaining security platforms such as SIEM, SOAR, XDR/EDR, log pipelines, and platform integrations, including data onboarding, content tuning, and workflow development
- Strong understanding of security engineering fundamentals including networking, identity and access management, operating systems, endpoint behavior, logging and telemetry, and common attack techniques
- Demonstrated ability to work independently, exercise strong technical judgment, and drive complex engineering efforts through completion
- Security certifications such as CISSP, GIAC (GCIA, GCIH, GCED), Azure/AWS security certifications, or other relevant technical credentials
- Strong command of enterprise networking concepts including TCP/IP, VLANs, routing, packet analysis, DNS, and application protocols such as HTTP/S, SMTP, and LDAP
- Experience supporting Windows and Linux systems in enterprise environments, including Active Directory, authentication protocols such as NTLM and Kerberos, domain services, and systems hardening practices
- Advanced experience in SIEM content engineering, including architecting correlation logic, custom parsers, rule tuning, and dashboards using platforms and query languages such as KQL, SPL, or equivalent tools
- Advanced automation experience using PowerShell and Python, including API integrations, orchestration, data transformation, workflow design, and scalable operational automation
Company Overview
Company H1B Sponsorship