Senior Security Engineer

Our customer in the auto industry is seeking a Senior Security Engineer to design, implement, and operate enterprise security technologies within a mid-size enterprise environment. This is a hands-on engineering role responsible for engineering, maintaining, and continuously improving enterprise security controls across identity, endpoint, network, and application security domains.

The engineer will collaborate closely with infrastructure, networking, and development teams to ensure security controls are integrated into enterprise systems and services, strengthening and advancing the organization's overall security posture.

Strong hands-on experience securing Microsoft enterprise environments including:

• Microsoft Entra ID identity governance and administration

• Privileged Identity Management (PIM) implementation and operations

• Endpoint and identity protection using Microsoft Defender XDR

• Endpoint management and hardening using Microsoft Intune

• Data protection and monitoring using Microsoft Purview including:

• Data Loss Prevention (DLP)

• Insider Risk Management / Insider Threat monitoring

Candidates must be able to design, deploy, and operate these controls, not just administer them.

Deep operational and engineering experience with:

• CyberArk Privileged Access Manager

Required capabilities include:

• Vault architecture and deployment

• Privileged account onboarding

• Session management and monitoring

• High availability and disaster recovery

• Platform integrations

Candidates should have end-to-end engineering experience, not just operational use.

Experience designing and managing enterprise PKI environments including:

• Microsoft Active Directory Certificate Services

• Certificate lifecycle management platforms such as Keyfactor or Sectigo

• TLS certificate automation and renewal processes

Experience securing certificates used for:

• Web applications

• APIs

• Internal services

• Machine identities

Hands-on engineering experience with enterprise network security platforms, including:

• F5 BIG-IP Local Traffic Manager (LTM)

• F5 Advanced WAF / Web Application Firewall configuration

• Load balancing architecture and traffic management

• High availability and disaster recovery design for network security platforms

• Cisco Secure Access – Web Security

Candidates should be capable of architecting and troubleshooting production-grade deployments.

Strong foundational knowledge in:

• Enterprise networking (routing, segmentation, firewalls, load balancing)

• Windows enterprise environments

• Active Directory architecture and security

• Authentication protocols and identity infrastructure

• VMware ESXi architecture and operation

Strong capability in security operations including:

• Threat hunting

• Incident detection and response

• Incident containment and remediation

• Root cause analysis and post-incident improvements

Candidates should be capable of leading investigations and coordinating response actions.

Strong understanding of secure application development and application security practices including:

• Secure coding principles

• API security architecture

• Authentication and authorization design

• Application threat modeling

• Integration of security into development pipelines

Working knowledge of enterprise security frameworks and control standards including:

• National Institute of Standards and Technology (NIST) security frameworks

• ISO / IEC 27002 security controls

The ideal candidate will:

• Be a hands-on security engineer, not just an analyst

• Have experience working across multiple security domains

• Be comfortable collaborating with infrastructure, networking, and development teams

• Be capable of both engineering new security capabilities and improving existing security controls

Travel: Periodic travel between our engineering offices is required.

Compensation: 130,000 - $140,000 DOE plus benefits

Applicants must be authorized to work for any U.S. employer.

Staff Smart, Inc. is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, genetic information, disability status, or any other characteristic protected by law.