Security Engineer II
Job Description:
- Design and implement security control architectures and reference implementation patterns aligned with ISO 27001:2022
- Engineer and maintain assigned security controls across domains like Identity, Endpoint, Workloads, and Data
- Develop, maintain, and operationalize security standards, baselines, and reference architectures
- Perform threat modeling (STRIDE) and risk assessments for new systems
- Lead security discovery and integration activities for new and existing environments
- Proactively identify security improvement opportunities and execute approved work items
- Integrate and optimize security tooling
- Partner with Development and Application teams to embed security by design
- Support audit and compliance activities related to ISO 27001:2022
Requirements:
- Bachelor's Degree in computer science, information systems, or a related field, or equivalent work experience
- 6+ years of IT Experience
- 3+ years in an IT Security or Security Engineering role
- Strong practical knowledge of systems and infrastructure engineering (Windows/Linux fundamentals, networking, cloud architecture, identity, and common enterprise services)
- Proven ability to scope security improvements into actionable work items
- Cloud security experience (Azure preferred)
- Experience with scripting and infrastructure as code for security automation and control deployment (PowerShell, Terraform, ARM/Bicep)
- Experience with a MDR/vSOC provider
- Strong understanding of Identity and Access Management (IAM) concepts and implementations
- Working knowledge of industry security frameworks and standards, including ISO 27001:2022 (preferred), NIST CSF, CIS Controls, and MITRE ATT&CK
- Practical experience implementing security controls within Azure/M365 environments
Benefits:
- Health insurance
- Flexible work arrangements
- Professional development opportunities