Lead, Cybersecurity Architecture & Operations
Culligan International · Rosemont, IL · 1 wk ago
HybridEngineeringFull-time
Responsibilities
- Security architecture: Define and maintain the enterprise security architecture and reference patterns across cloud, SaaS, network, endpoint, and identity domains.
- SSPM: Deploy, operate, and continuously tune our SSPM platform; drive remediation of SaaS misconfigurations, risky integrations, and identity/permission sprawl across the global SaaS estate.
- DSPM: Lead DSPM implementation and operations—discover, classify, and protect sensitive data across cloud and on-premises stores; partner with privacy and legal on data governance.
- Vulnerability management: Own the end-to-end vulnerability management lifecycle: scanning coverage, risk-based prioritization, remediation SLAs, exception handling, and executive reporting across global infrastructure and applications.
- SIEM: Administer and optimize the SIEM platform—log source onboarding, parsing, detection engineering, use-case development, and cost/ingestion management.
- SOC operations: Run day-to-day SOC operations, including oversight of MSSP/MDR partners; mature triage, escalation, and incident response playbooks; lead and coordinate response to security incidents across time zones.
- Audit and Compliance: Strengthen controls, documentation, and evidence to support SOX ITGC and internal/external audits; conduct application and technology security assessments to evaluate risk and ensure compliance with security standards.
- Threat-informed defense: Track threat actor activity relevant to our industry and translate it into detections, hardening priorities, and leadership briefings.
- Global collaboration & mentorship: Partner with IT, infrastructure, application, and business teams across regions; mentor analysts and engineers and raise the technical bar of the broader team.
- Tooling & automation: Evaluate, select, and integrate security tooling; manage vendor relationships and drive consolidation and automation where it adds value.
Requirements
- 6+ years of progressive, hands-on experience in cybersecurity engineering, architecture, and/or security operations.
- Deep, practitioner-level experience with SSPM and DSPM platforms (e.g., deploying, operating, and driving remediation at scale).
- Proven ownership of an enterprise vulnerability management program, including risk-based prioritization and remediation governance.
- Hands-on experience administering a SIEM (e.g., detection engineering, log onboarding, tuning) and managing or overseeing a SOC, including MSSP/MDR relationships.
- Strong working knowledge of cloud security (AWS, Azure, and/or GCP), identity and access management, and SaaS ecosystems (e.g., M365, Salesforce, Workday).
- Experience operating in a global, multi-region environment with distributed teams and follow-the-sun coordination.
- Excellent communication skills—able to brief executives, write clear standards, and influence engineers without direct authority.
- Self-starter who operates with minimal direction and drives initiatives from concept to steady-state operation.
Preferred Qualifications
- Experience supporting SOX ITGC controls or operating in a public company environment.
- Familiarity with frameworks and regulations such as NIST CSF, ISO 27001, CIS Controls, GDPR, and PCI DSS.
- Scripting/automation skills (Python, PowerShell, APIs) and experience with SOAR platforms.
- Relevant certifications such as CISSP, CISM, GIAC (GCIA, GCIH, GDSA), or cloud security certifications (AWS/Azure security specialty, CCSP).
- Experience in manufacturing, consumer products, or other distributed-operations industries.