Lead Security Engineer- remote but local to Pittsburgh, PA

Location: Remote- local to Pittsburgh, PA

Job Type: Contract

Work Authorization: No Sponsorship

The A.C.Coy has an immediate need for a Lead Security Engineer. Qualified candidates will be responsible for supporting the security and compliance of the company-wide infrastructure, including networks, servers, workstations,and telecommunications systems.

• Manage and maintain the organization’s Public Key Infrastructure (PKI) systems, ensuring secure encryption, certificate management, and cryptographic key lifecycle processes are in place and operating effectively
• Implement and oversee encryption solutions to protect data at rest, in transit, and in use across both on premises and cloud environments, ensuring compliance industry security standards
• Secure cloud environments (including AWS, Azure, and GCP) by ensuring adherence to internal securitypolicies and industry best practices, and assist in the implementation and management of identitymanagement, access control, and data protection within cloud services
• Collaborate with third-party vendors to securely integrate external systems 
• Deploy, manage, and maintain firewalls, including Firewall-as-a-Service (FWaaS), Unified Threat Management (UTM) solutions, and Secure Web Gateways (SWG), to secure network traffic and enforce security policies
• Implement and manage advanced security technologies such as Cloud Access Security Brokers (CASB), Zero Trust Network Access (ZTNA), and other solutions to strengthen security posture
• Serve as a primary escalation point for security incidents and audits, leading or assisting in the development of mitigation strategies, post-incident reviews, and compliance reviews to ensure ongoing ISO 27001 adherence
• Act as an internal consultant to IT teams and departments, providing subject matter expertise on infrastructure security, cloud environments, and endpoint protection
• Lead reviews of infrastructure security components, recommend improvements, and develop risk mitigation strategies that align with the security posture and industry requirements
• Continuously monitor internal control systems to ensure appropriate access levels and security configurations are maintained across all infrastructure components
• Analyze daily security events and alerts in the context of policies, prioritizing and escalating issues as appropriate to support timely and effective incident response
• Evaluate security policies and procedures to identify improvement opportunities and ensure alignment with standards, industry requirements, and regulatory expectations
• Provide technical support and administration for LAN/WAN, remote access, IDS/IPS, and unified threat management systems, including troubleshooting, analysis, and the testing and deployment of new hardware and security applications
• Deploy and manage policies for antivirus and endpoint detection and response agents in collaboration with system owners to ensure effective endpoint security management
• Manage the availability and security of public domains and DNS records
  
  

Education: Bachelor’s degree in Computer Science, Business, Engineering, or a related field; or equivalent work experience is required. CISSP certification or progress toward CISSP certification is preferred.

Experience:

• 7-10+ years infrastructure or security engineering
  • Candidate must understand enterprise environments, not just security tools:
    • Windows Server and Active Directory
    • Microsoft 365 and Entra ID (Azure AD)
    • Azure infrastructure and migrations
    • Networking fundamentals (routing, DNS, load balancers, proxies)
    • Working with server and cloud teams during deployments
    • Comfortable supporting production systems and change control
    • Able to troubleshoot across network, identity, and platform layers
• CyberArk – Privileged Access & Identity Security
• Certificate lifecycle management via CyberArk / Venafi
• PKI modernization and certificate lifecycle automation
• Service to service authentication and machine identity strategy
• TLS and encryption design across applications and infrastructure