Jobs · Engineering · Illinois

Lead, Cybersecurity Architecture & Operations

Culligan International · Rosemont, IL · 1 wk ago
HybridEngineeringFull-time

Responsibilities

  • Security architecture: Define and maintain the enterprise security architecture and reference patterns across cloud, SaaS, network, endpoint, and identity domains.
  • SSPM: Deploy, operate, and continuously tune our SSPM platform; drive remediation of SaaS misconfigurations, risky integrations, and identity/permission sprawl across the global SaaS estate.
  • DSPM: Lead DSPM implementation and operations—discover, classify, and protect sensitive data across cloud and on-premises stores; partner with privacy and legal on data governance.
  • Vulnerability management: Own the end-to-end vulnerability management lifecycle: scanning coverage, risk-based prioritization, remediation SLAs, exception handling, and executive reporting across global infrastructure and applications.
  • SIEM: Administer and optimize the SIEM platform—log source onboarding, parsing, detection engineering, use-case development, and cost/ingestion management.
  • SOC operations: Run day-to-day SOC operations, including oversight of MSSP/MDR partners; mature triage, escalation, and incident response playbooks; lead and coordinate response to security incidents across time zones.
  • Audit and Compliance: Strengthen controls, documentation, and evidence to support SOX ITGC and internal/external audits; conduct application and technology security assessments to evaluate risk and ensure compliance with security standards.
  • Threat-informed defense: Track threat actor activity relevant to our industry and translate it into detections, hardening priorities, and leadership briefings.
  • Global collaboration & mentorship: Partner with IT, infrastructure, application, and business teams across regions; mentor analysts and engineers and raise the technical bar of the broader team.
  • Tooling & automation: Evaluate, select, and integrate security tooling; manage vendor relationships and drive consolidation and automation where it adds value.

Requirements

  • 6+ years of progressive, hands-on experience in cybersecurity engineering, architecture, and/or security operations.
  • Deep, practitioner-level experience with SSPM and DSPM platforms (e.g., deploying, operating, and driving remediation at scale).
  • Proven ownership of an enterprise vulnerability management program, including risk-based prioritization and remediation governance.
  • Hands-on experience administering a SIEM (e.g., detection engineering, log onboarding, tuning) and managing or overseeing a SOC, including MSSP/MDR relationships.
  • Strong working knowledge of cloud security (AWS, Azure, and/or GCP), identity and access management, and SaaS ecosystems (e.g., M365, Salesforce, Workday).
  • Experience operating in a global, multi-region environment with distributed teams and follow-the-sun coordination.
  • Excellent communication skills—able to brief executives, write clear standards, and influence engineers without direct authority.
  • Self-starter who operates with minimal direction and drives initiatives from concept to steady-state operation.

Preferred Qualifications

  • Experience supporting SOX ITGC controls or operating in a public company environment.
  • Familiarity with frameworks and regulations such as NIST CSF, ISO 27001, CIS Controls, GDPR, and PCI DSS.
  • Scripting/automation skills (Python, PowerShell, APIs) and experience with SOAR platforms.
  • Relevant certifications such as CISSP, CISM, GIAC (GCIA, GCIH, GDSA), or cloud security certifications (AWS/Azure security specialty, CCSP).
  • Experience in manufacturing, consumer products, or other distributed-operations industries.

Similar jobs