IT Security Engineer
Kleinfelder · Boston, MA · 1 wk ago
Design$76k–$127k/yrFull-time
Responsibilities
- Partners Security Manager to create and maintain security architecture strategy road map.
- Develops and implements security tools to assist in detection, prevention, and analysis of security threats.
- Acts as the subject matter expert for Kleinfelder's identity access management program for both internal and external identities as well as design, implement, and support IAM best practice configurations.
- Partner with DevOps and engineering teams to embed security controls into CI/CD pipelines and application architectures, ensuring secure-by-design implementations throughout the Software Development Lifecycle (SDLC).
- Manages Kleinfelder's vulnerability management program and partners with other IT members to discover/remediate system vulnerabilities, documents results, and provides recommendations to minimize risks.
- Acts as technical leader for the implementation of security projects that require compliance with customer and corporate policies and standards.
- Represent security during the change advisory board (CAB) and software approval board to review and approve changes in software, hardware, facilities, telecommunications, and user needs.
- Maintains and updates cybersecurity policies and procedures working closely with other internal IT stakeholders.
- Supports internal audits and customer assessments to identify risks and determine mitigation actions.
- Generates monthly security reports which demonstrate overall security maturity.
Requirements
- Bachelor's degree or equivalent experience
- 7+ years of progressive information security experience supporting enterprise environments.
- 5+ years of hands-on experience designing, implementing, and supporting Active Directory and Azure Active Directory, including multi-factor authentication (MFA), single sign-on (SSO), conditional access policies, and password security controls.
- 3+ years of experience supporting security operations, including incident response, investigation, and remediation through a ticketing or helpdesk system.
- 3+ years’ experience working with DevOps and engineering teams to integrate security into the Software Development Lifecycle (SDLC) rather than performing after-deployment reviews.
- 2+ years of experience leading or contributing to technical security initiatives, collaborating across multiple departments and external IT vendors to drive security improvements.
- Hands-on experience implementing security controls within CI/CD pipelines (e.g., Azure DevOps or Git-based workflows), including secure build, deployment, and change management practices.
- Experience designing, reviewing, or securing Infrastructure as Code (IaC) deployments (e.g., ARM, Bicep, Terraform), with a focus on preventing misconfiguration and enforcing guardrails prior to deployment.
- Experience supporting or securing API-based solutions, including systems using Azure API Management (APIM) for authentication, authorization, and traffic control.
- Experience securing Microsoft Power Platform solutions, including Power Apps, Power Automate, and Dataverse, with an understanding of environment security, access controls, and data protection models.
- Strong experience conducting third-party/vendor risk assessments, with the ability to clearly communicate technical risks and remediation options to IT and engineering staff.
- Experience managing, configuring, and supporting Microsoft advanced threat protection and security monitoring technologies.
- Working knowledge of Microsoft Information Protection, including sensitivity labels, data classification, and Microsoft Compliance Center configurations.
- Ability to translate security requirements into clear, actionable technical guidance for engineers and IT teams, supporting risk-based decision-making.
- Excellent organizational and communication skills.
- Able to work independently with guidance and direction as appropriate.
Skills
- Hands-on experience with Active Directory and Azure Active Directory.
- Experience with DevOps and engineering teams.
- Experience with CI/CD pipelines.
- Experience with Infrastructure as Code (IaC) deployments.
- Experience with API-based solutions.
- Experience with Microsoft Power Platform solutions.
- Experience with third-party/vendor risk assessments.
- Experience with Microsoft Information Protection.
Benefits
The expected salary range for the position is displayed in accordance with the California Pay Transparency Law. Final agreed upon compensation is based upon individual qualifications and experience. Salary Range: $75,850-$126,585