Lead, Security Engineer

Lead Security Engineering

Position Level: Leader of Security Engineering

Department: Cybersecurity / Security Engineering

Reports To: Senior Leader of Security Architecture and Engineering

Direct Reports: 15-25 Security Engineering professionals

Location: Remote

Position Overview

We are seeking an experienced Leader of Security Engineering to establish lead and mature our Security Engineering organization. This senior leadership role is responsible for the full engineering lifecycle (architect build deploy maintain and decommission) of security capabilities across cloud infrastructure network and user environments. The Leader of Security Engineering will own the engineering delivery of cloud security posture management (CSPM) attack surface management (ASM) SaaS security posture management (SSPM) network security endpoint security and mobile security ensuring each capability is properly designed operationalized and handed off to Security Operations for ongoing use.

As a distributed leader this role carries dual responsibilities: driving security engineering excellence enterprise-wide while providing leadership mentorship and support to security team members across all locations.

Key Responsibilities

Security Engineering Program Development and Leadership

• Design and implement a comprehensive Security Engineering Program spanning cloud infrastructure network and user environment security including policies standards processes metrics and tooling
• Own the full engineering lifecycle (architect build deploy maintain and decommission) for all security capabilities within the programs scope
• Establish and mature engineering practices across infrastructure deployment network architecture and user environment security including threat modeling secure design reviews configuration hardening and security acceptance criteria
• Define and enforce engineering standards design patterns and operational readiness criteria that ensure security capabilities are stable scalable and operable by Security Operations upon handoff
• Drive security awareness initiatives that elevate secure infrastructure and operational practices across engineering SRE and IT operations teams
• Develop and deliver training programs for infrastructure engineers cloud engineers network engineers and IT operations staff on secure configuration threat modeling and emerging security risks
• Build security champions programs to embed security advocates within infrastructure and operations teams
• Define and track program metrics and KPIs to measure engineering delivery quality capability maturity and security posture improvements across all domains

Technical Leadership and Innovation

• Architect security capabilities across cloud network and user environment domains ensuring designs are scalable resilient and aligned with enterprise architecture principles
• Drive engineering delivery of security tooling integrating capabilities into CI/CD pipelines GitOps workflows and infrastructure operations
• Oversee policy-as-code frameworks to enforce security standards and configuration compliance at scale
• Evaluate and adopt emerging security technologies ensuring new capabilities are architected and deployed to production-ready standards
• Partner with Security Operations to define operational requirements runbooks and handoff criteria for all deployed capabilities
• Partner with engineering SRE and platform leadership to balance security requirements with operational efficiency and business objectives
• Stay current with the evolving threat landscape across cloud network endpoint and mobile domains continuously adapting the engineering program accordingly

Cloud Infrastructure Security Engineering

• Architect and engineer cloud security capabilities across all cloud environments including secure landing zones account structures governance frameworks and cloud-native security controls
• Build and maintain cloud security posture management (CSPM) capabilities owning the full engineering lifecycle from architecture through deployment tuning and eventual decommission
• Engineer cloud-native security controls including identity and access management network controls encryption services and data protection capabilities
• Build and maintain security engineering for containerized workloads serverless functions managed databases object storage and API gateways
• Engineer container and workload security across container orchestration platforms ensuring runtime protection image integrity and least-privilege access
• Implement and maintain secrets management and encryption key lifecycle infrastructure using vault and key management platforms
• Develop and maintain IaC security modules secure deployment templates and pipeline-integrated scanning capabilities for use by infrastructure and SRE teams

Attack Surface Management (ASM) Engineering

• Architect and deploy ASM capabilities that provide continuous discovery and inventory of all internet-facing assets including cloud resources network-exposed services and shadow IT
• Engineer integrations between ASM tooling and downstream systems including vulnerability management CSPM and Security Operations platforms
• Build and maintain the data pipelines connectors and automation workflows that ensure ASM coverage is complete accurate and current
• Tune and maintain ASM platform configurations asset classification logic and risk scoring to reduce noise and improve signal fidelity for Security Operations
• Establish engineering runbooks and handoff documentation so Security Operations can effectively monitor triage and act on ASM findings
• Manage the decommission lifecycle of ASM capabilities as tooling evolves ensuring continuity of coverage and clean transitions

SaaS Security Posture Management (SSPM) Engineering

• Architect and deploy SSPM capabilities providing continuous visibility into the security configuration and compliance posture of enterprise SaaS applications
• Engineer integrations between SSPM tooling and enterprise SaaS applications identity platforms and Security Operations workflows
• Build and maintain configuration baseline definitions compliance mappings and automated assessment workflows within the SSPM platform
• Tune and maintain SSPM detection logic OAuth and integration monitoring and excessive permissions detection to align with organizational risk tolerance
• Establish engineering runbooks and handoff documentation so Security Operations can effectively monitor and remediate SSPM findings
• Manage the decommission lifecycle of SSPM capabilities ensuring continuity of SaaS security visibility during platform transitions

Network Security Engineering

• Architect and engineer enterprise network security capabilities across on-premises hybrid and multi-cloud environments
• Design build and maintain network segmentation architectures including zero trust principles micro-segmentation and perimeter defense models
• Engineer and maintain network security controls including next-generation firewalls intrusion detection and prevention systems VPNs network access controls and secure DNS
• Architect and build secure connectivity solutions for hybrid and multi-cloud environments including software-defined networking and secure remote access
• Engineer network telemetry and logging pipelines to feed Security Operations monitoring and detection platforms
• Develop and maintain network security standards baselines configuration templates and operational runbooks
• Manage the decommission lifecycle of network security capabilities ensuring no gaps in coverage during transitions

User Environment Security Engineering

• Architect and engineer security capabilities for all user-facing environments encompassing desktop laptop mobile and virtual endpoints across the enterprise
• Build and maintain endpoint security standards and hardening baselines for all managed operating systems and device types
• Engineer and maintain endpoint detection and response (EDR) capabilities including platform deployment policy configuration detection tuning and integration with Security Operations platforms
• Architect and engineer mobile security capabilities including mobile device management (MDM) mobile application management (MAM) and security policy enforcement for corporate-owned and BYOD devices
• Build and maintain data protection controls on endpoints and mobile devices including device encryption data loss prevention and remote wipe capabilities
• Engineer secure access from user environments to enterprise and cloud resources including zero trust network access (ZTNA) and conditional access policy infrastructure
• Develop and maintain engineering runbooks and handoff documentation enabling Security Operations to monitor respond to and manage endpoint and mobile security events
• Manage the decommission lifecycle of endpoint and mobile security capabilities ensuring coverage continuity during platform transitions

Security Automation and Infrastructure as Code

• Build and scale security automation for deployment configuration validation detection engineering support and remediation across cloud network and user environment domains
• Create and maintain reusable IaC security modules and deployment templates for secure-by-default infrastructure provisioning
• Implement and maintain IaC scanning and validation in deployment pipelines to enforce security standards before production
• Build compliance validation automation to continuously assess environments against security baselines and regulatory frameworks
• Develop and maintain security metrics and dashboards providing unified visibility into engineering delivery and capability health across all domains

Compliance and Governance

• Support compliance initiatives for SOC 2 ISO 27001 PCI-DSS HIPAA and other applicable frameworks across all engineering domains
• Conduct security architecture and engineering reviews ensuring deployed capabilities meet compliance and control requirements
• Document security architectures and maintain system security plans (SSPs) control documentation and engineering design records
• Develop and maintain engineering runbooks and procedures for capability operation incident response support and lifecycle management
• Generate compliance reports demonstrating security control implementation and effectiveness to leadership and auditors

Team Management and Development

• Lead mentor and develop a team of 15-25 Cloud Infrastructure Network and User Environment Security Engineers and Architects
• Build team capabilities through hiring skills development career planning and performance management
• Foster a collaborative culture that emphasizes engineering excellence continuous learning and operational readiness
• Allocate resources effectively across engineering initiatives capability deployments and lifecycle management activities ensuring the team meets defined SLAs and SLOs

Cross-Functional Collaboration and Leadership

• Provide leadership mentorship and support to security team members across all locations regardless of functional reporting structure
• Act as a key point of contact for security team members seeking leadership guidance career development or organizational support
• Build and maintain strong relationships with engineering infrastructure network cloud IT operations Security Operations and business stakeholders
• Communicate program strategy delivery progress and risk to executive leadership and the CISO
• Collaborate with peer security leaders to ensure consistency and knowledge sharing across the enterprise security program

Required Qualifications

Experience

• 12 years of hands-on security engineering experience spanning cloud security infrastructure security network security or user environment security with progression into leadership roles
• 5 years leading security engineering programs owning the full lifecycle of security capability delivery from architecture through decommission
• 3 years managing and developing security teams across multiple disciplines with demonstrated success in team building and talent development
• Proven track record architecting deploying and maintaining production-grade security capabilities across cloud network and endpoint domains
• Deep expertise in CSPM ASM SSPM endpoint security mobile security and network security engineering disciplines
• Demonstrated experience partnering with Security Operations teams defining operational handoff criteria and enabling effective use of deployed capabilities

Technical Skills

• Deep knowledge of major cloud platform security models including IAM networking security services and governance frameworks across multiple cloud environments
• Experience with Infrastructure as Code security including secure module development pipeline-integrated scanning and policy-as-code enforcement
• Network security engineering expertise including next-generation firewalls segmentation zero trust architectures VPNs and IDS/IPS
• Endpoint and mobile security engineering expertise including EDR deployment and tuning MDM/MAM device hardening and BYOD security models
• Experience engineering and integrating CSPM ASM and SSPM platforms into enterprise security ecosystems
• Container and workload security engineering covering orchestration platforms and runtime protection
• Scripting and automation skills for building security engineering tooling and deployment automation
• Knowledge of security frameworks and standards: NIST CSF CIS Controls MITRE ATT&CK ISO 27001
• Experience with security monitoring platforms and the ability to engineer telemetry pipelines that feed Security Operations

Leadership and Communication

• Executive presence with the ability to communicate engineering strategy and risk to technical and non-technical audiences
• Strategic thinking balanced with hands-on engineering execution capabilities
• Ability to influence without authority to drive security engineering standards across infrastructure and operations organizations
• Strong interpersonal skills for coaching mentoring and building trust with diverse stakeholders including Security Operations peers

Education

• Bachelors degree in Computer Science Information Technology Cybersecurity or related field (or equivalent experience)
• Desired certifications: CISSP CCSP cloud security specialty certifications GCIH GCIA or equivalent

Preferred Qualifications

• Experience with AI-powered security tooling and AI-driven automation for security engineering and detection capabilities
• Experience in highly regulated industries (financial services healthcare government) with complex compliance requirements
• Zero trust architecture design and implementation experience across network and user access domains
• Multi-cloud security engineering experience spanning multiple major cloud platforms
• GitOps experience with infrastructure deployment automation tools
• Service mesh security engineering experience in complex microservices environments
• SOAR integration experience engineering automation workflows that connect deployed capabilities to Security Operations platforms
• Masters degree in a relevant field
• Experience with security metrics and reporting to board-level audiences
• Previous experience in multi-site or distributed team leadership
• Advanced certifications in cloud architecture network security or offensive security disciplines

Leadership Expectations

This role requires a leader who can:

• Inspire and empower teams to deliver security engineering excellence while maintaining infrastructure and operational agility
• Own the full capability lifecycle driving disciplined engineering practices from architecture through decommission across all domains
• Navigate ambiguity in a fast-paced environment with competing priorities across multiple security engineering domains
• Build consensus across diverse stakeholder groups including Security Operations infrastructure and business teams
• Demonstrate servant leadership by supporting team growth and removing barriers to engineering delivery
• Model security-first engineering behaviors that set the tone for the broader organization
• Provide guidance and mentorship to distributed security staff on professional development escalations and day-to-day engineering challenges
• Bridge cloud network and user environment security disciplines ensuring cohesive engineering strategy and execution across the full infrastructure and endpoint stack