Key skills
Information SecuritySecurity EngineeringInfrastructure SecurityCloud Security - AzureCloud Security - AWSMicrosoft 365 SecurityAzure Virtual Desktop (AVD) SecurityPKICertificate-based AuthenticationEncryptionPowerShellPythonBashSIEMSOARXDR/EDRSecurity AutomationNetworkingIdentityAccess ManagementOperating Systems - WindowsOperating Systems - LinuxActive DirectoryAuthentication Protocols - NTLMAuthentication Protocols - KerberosSIEM Content EngineeringSecurity Certifications - CISSPSecurity Certifications - GIACSecurity Certifications - Azure SecuritySecurity Certifications - AWS SecurityAIAWSAmazon Web ServicesAzureLDAPCollaborationNetwork SecurityZero Trust
About this role
CBIZ Inc. is a leading professional services advisor to middle market businesses and organizations nationwide. They are seeking a Lead Security Engineer who will be responsible for designing, implementing, and optimizing enterprise security technologies and controls across various domains including cloud and data protection. The role emphasizes building secure solutions, improving platform capabilities, and driving technical maturity within the organization.
Responsibilities:
- Design, implement, harden, and maintain enterprise security controls and reference architectures across: Microsoft Azure and Azure Virtual Desktop (AVD), Amazon Web Services (AWS), Microsoft 365 security and compliance platforms, Hybrid identity, endpoint, email, and data protection environments
- Engineer secure-by-default configurations and technical guardrails that reduce attack surface, improve resilience, and support scalable enterprise operations
- Translate business, compliance, and security requirements into practical engineering designs and sustainable technical solutions
- Evaluate current-state architectures, identify control gaps, and implement improvements that strengthen security posture while maintaining operational usability
- Partner with infrastructure, cloud, networking, systems, and endpoint teams to embed security into enterprise platforms, workflows, and lifecycle processes
- Engineer and operationalize controls for identity protection, phishing defense, DLP, conditional access, privileged access, tenant security baselines, and cloud workload protection
- Secure workloads, identities, and data across hybrid and multi-cloud environments through design standards, configuration baselines, and measurable technical guardrails
- Support and troubleshoot certificate-based authentication, encryption, and PKI-related services, including lifecycle considerations such as issuance, renewal, revocation, and dependency management
- Improve authentication security, access control design, and privileged access protections across enterprise systems and cloud platforms
- Design and validate visibility and monitoring coverage for cloud, identity, endpoint, email, and platform security events to ensure reliable telemetry and actionable data
- Build, administer, and continuously improve core security platforms and integrations, including: SIEM and log ingestion pipelines, SOAR and workflow automation platforms, XDR/EDR and endpoint security tooling, Network and zero trust security controls, CASB, DLP, and data security platforms, Identity and access management controls, Email and collaboration security technologies
- Develop and maintain automation using PowerShell, Python, Bash, APIs, and workflow tooling to support enrichment, orchestration, reporting, evidence collection, system validation, and control enforcement
- Design and optimize log collection, parsing, normalization, retention, and access models to improve searchability, detection quality, auditability, and investigative efficiency
- Improve platform reliability, scalability, and maintainability through lifecycle upgrades, engineering standards, technical documentation, and structured change control
- Evaluate and responsibly implement AI-enabled security capabilities where they provide measurable improvements in efficiency, visibility, or control effectiveness
- Engineer and refine analytic rules, correlation logic, alerting thresholds, and detection content across cloud, identity, endpoint, email, and network security technologies
- Validate detections and controls through testing, simulation, tuning, and gap analysis to improve fidelity and reduce noise
- Translate lessons learned from incidents, platform issues, and control failures into durable engineering improvements such as new detections, automation, hardening standards, and preventive safeguards
- Contribute to complex investigations and incident response activities as a senior technical resource, including root cause analysis, containment support, and remediation validation
- Participate in on-call or escalation support as needed for significant incidents or high-priority technical issues
- Own complex technical initiatives from design through implementation, support, optimization, and documentation
- Balance project-based engineering work with platform maintenance, technical debt remediation, backlog reduction, and continuous control improvement
- Create and maintain actionable documentation including architecture diagrams, standards, SOPs, runbooks, playbooks, and knowledge base content aligned to production reality
- Define and track measurable improvements in platform health, control coverage, alert quality, automation effectiveness, and engineering maturity
- Serve as a senior technical contributor who establishes patterns, improves standards, and advances overall enterprise security engineering maturity
- Partner closely with GRC, IT, Cloud, Networking, Systems, Endpoint, and business teams to develop secure designs and pragmatic technical solutions
- Clearly communicate architecture decisions, technical findings, control gaps, implementation plans, and remediation priorities to both technical and non-technical stakeholders
- Provide technical guidance and mentorship to analysts and engineers, helping elevate engineering practices, platform understanding, and troubleshooting capability across the team
- Influence cross-functional stakeholders and help remove blockers to drive timely technical outcomes
Requirements:
- College Degree or equivalent required
- 8 years related experience
- Expert technical knowledge
- Knowledge of industry regulations
- Ability to lead and coordinate the team activities of others
- Ability to formulate, document and recommend new policies and procedures
- Able to work in and lead a team
- Demonstrated ability to communicate verbally and in writing throughout all levels of an organization, both internally and externally
- Ability to travel as required by business and on-call availability
- 10+ years of experience in Information Security, Security Engineering, Infrastructure Security, or closely related technical roles, including senior or lead ownership of complex security initiatives
- Demonstrated hands-on expertise designing, implementing, and supporting enterprise security technologies across cloud, identity, endpoint, network, email, and data protection domains
- Deep experience securing cloud environments such as Azure and/or AWS, and operationalizing Microsoft 365 security capabilities including Defender, email protection, DLP, conditional access, and identity protections
- Strong experience securing and supporting Azure Virtual Desktop (AVD) environments, including identity controls, endpoint protections, logging, monitoring, and configuration hardening
- Working knowledge of PKI, certificate-based authentication, and encryption, with the ability to troubleshoot production issues and understand operational and security impacts
- Strong scripting and systems skills, including PowerShell as a core requirement, with Python and/or Bash strongly preferred
- Hands-on experience building and maintaining security platforms such as SIEM, SOAR, XDR/EDR, log pipelines, and platform integrations, including data onboarding, content tuning, and workflow development
- Strong understanding of security engineering fundamentals including networking, identity and access management, operating systems, endpoint behavior, logging and telemetry, and common attack techniques
- Demonstrated ability to work independently, exercise strong technical judgment, and drive complex engineering efforts through completion
- Security certifications such as CISSP, GIAC (GCIA, GCIH, GCED), Azure/AWS security certifications, or other relevant technical credentials
- Strong command of enterprise networking concepts including TCP/IP, VLANs, routing, packet analysis, DNS, and application protocols such as HTTP/S, SMTP, and LDAP
- Experience supporting Windows and Linux systems in enterprise environments, including Active Directory, authentication protocols such as NTLM and Kerberos, domain services, and systems hardening practices
- Advanced experience in SIEM content engineering, including architecting correlation logic, custom parsers, rule tuning, and dashboards using platforms and query languages such as KQL, SPL, or equivalent tools
- Advanced automation experience using PowerShell and Python, including API integrations, orchestration, data transformation, workflow design, and scalable operational automation