Principal Security Engineer
1 day ago
Milwaukee
Job Description Our Story: Crisis Prevention Institute Inc. (CPI) is the worldwide leader in evidence-based de-escalation and crisis prevention training and dementia care services. Our programs teach professionals the skills to recognize, prevent, and respond to crises in the workplace. Since 1980, we’ve helped train more than 17 million people within service-oriented industries including education, health care, behavioral health, long-term care, human services, security, corporate, and retail. At CPI, we are dedicated to changing behaviors and reducing conflict for the Care, Welfare, Safety, and Security of everyone. We believe the power of empathy, meaningful connections, personal safety, and security are the antidotes to fear and anxiety. It’s a philosophy that is central to everything we do, and traces back to our beginning. The Role: The Principal Security Engineer (PSE) will play a pivotal role in safeguarding our organization's digital assets. The PSE will serve as the lead cybersecurity engineer in our organization, collaborating closely with the CISO and engineering stakeholders across Technology Services. This role will interact with various business functions to secure and optimize our technology stack, driving the implementation of security best practices. The PSE will also contribute to strategic initiatives, security automation, and security metrics. This role will involve hands-on security engineering while guiding security decisions across the enterprise. What You Get To Do Everyday: • Develop, mature, and own a comprehensive data governance program, including policies, procedures, and standards., • Collaborate with business units to ensure compliance with data privacy regulations and best practices., • Conduct regular security audits and assessments and ensure compliance with relevant security standards, regulations, and industry best practices., • Perform mature identity and access management (IAM) capabilities within CPI., • Develop and maintain IAM policies, procedures, and standards., • Automate appropriate IAM processes., • Work with the CISO on security strategies, architecture, and roadmaps., • Provide technical guidance and support to engineering teams on security best practices., • Improve the security posture of continuous integration and continuous delivery (CI/CD) pipelines by collaborating with DevSecOps teams to integrate security measures and ensure robust, secure delivery practices., • Work with the Software Engineering team to improve the security posture of development practices., • Identify and mitigate security risks in collaboration with various stakeholders across CPI., • Respond to security incidents and breaches in a timely and effective manner., • Develop and maintain incident response plans and processes., • Evaluate, select, and manage security tools and technologies to meet organizational needs., • Oversee the integration, operation, and performance of various security and infrastructure tools., • Continuously monitor and assess the 24/7 managed security service provider (MSSP) to ensure effective threat management and response., • Develop and refine key performance indicators (KPIs) and metrics to measure the effectiveness of security controls and initiatives., • Create comprehensive security reports to inform stakeholders about the organization's security posture., • Analyze security data to identify trends, anomalies, and potential risks., • Monitor, manage, and recommend improvements for infrastructure systems to ensure security, reduce complexity, and enhance operational efficiency., • Identify, document, and recommend security safeguards and configurations across all infrastructure systems., • Participate in architecture, planning, and support of infrastructure environments, focusing on security., • Prepare, coordinate, and execute changes to production and non-production systems while assessing business impact., • Investigate and implement automation or system enhancements to reduce repetitive support tickets and improve system efficiency., • Lead collaboration efforts between various Technology Services partners to strengthen security posture., • Demonstrate the ability to provide direction, shape team decisions, and inspire teamwork., • Actively share knowledge, mentor peers, and stay informed on industry trends to apply best practices., • Manage system capacity, maintainability, and security life cycle across the infrastructure., • Propose alternative solutions with cost analysis, estimate resources, and drive best practices within the team., • Identify dependencies and critical paths for technology platforms and propose risk mitigation strategies., • Mentor System Administrators and Service Desk teams by creating knowledge base articles, providing training, and shifting operational tickets into their queue to drive efficiency and reduce escalations., • Seven years or more of experience in cybersecurity engineering, including architecture, security operations, IAM, risk management, governance, and audit reporting, • Experience working with identity and access management systems (e.g., AAD, Ping Identity), • Experience working with data governance (NIST, COBIT) and privacy frameworks (GDPR, CCPA), • Experience working with cloud security (e.g., Azure, CSPM), • Experience working with cloud infrastructure (Azure, AWS), • Experience working with security monitoring, incident response, and log management, • Experience developing and refining security metrics for operations and resource management, • Knowledge of security principles, concepts, and best practices, • Ability to troubleshoot and resolve security-related issues across cloud and on-premises environments, ensuring secure and efficient operations, • Highly collaborative, capable of interacting and communicating effectively with peers, management, and leadership teams of varying technical levels, and acting with urgency in response to security challenges or requirements, • Strong analytical skills, with attention to detail, • Advanced technical writing skills and the ability to lead and communicate effectively within an enterprise environment, • Exceptional written and verbal communication skills, • Well-developed interpersonal skills, negotiation, writing, speaking, and listening skills, • Security certifications (CISSP, CISM, CCSP, CRISC or CISA), • Microsoft certified (Azure Security Engineer Associate), • Experience working with cloud security posture management (CSPM), • Experience working with DevSecOps automated security testing (SAST, DAST), infrastructure as code (IaC), and continuous security monitoring, • Experience developing security automation strategies, utilizing scripting languages (PowerShell, Python) and tools such as Azure Automation, or Terraform for infrastructure security, • Experience with Advanced Data Protection (encryption at rest, in transit) and key management in cloud environments (Azure Key Vault, AWS KMS), • Experience implementing and managing data loss prevention (DLP) solutions across cloud and on-premises environments to protect sensitive information, • Experience working with enterprise email security and threat protection platforms (phishing defense, URL rewriting, attachment sandboxing, and security awareness integration), • $135,000 - $145,000 annual salary, • Annual company performance bonus, • Comprehensive benefits package, • 401k, • PTO, • Health & Wellness Days, • Paid Volunteer Time Off, • Continuing education and training Powered by JazzHR ZPvSxYWaWN