Principal Security Engineer

Job Description

Job Description

Our Story :

Crisis Prevention Institute Inc. is the worldwide leader in evidence-based de-escalation and crisis prevention training, and dementia care services.

Since 1980, we’ve helped train more than 15 million people within service-oriented industries including education, healthcare, behavioral health, long-term care, human services, security, corrections, corporate, and retail.

At CPI, we are dedicated to changing behaviors and reducing conflict for the Care, Welfare, Safety, and SecuritySM of everyone.

We believe in the power of empathy, compassion, and meaningful connections. We believe personal safety and security are the antidotes to fear and anxiety.

It’s a philosophy that is central to everything we do, and traces back to our beginning. It is what defines and differentiates us, and informs our core beliefs.

The Role :

The Principal Security Engineer (PSE) will play a pivotal role in safeguarding our organization's digital assets. The PSE will serve as the lead cybersecurity engineer in our organization, collaborating closely with the Enterprise Security Architect and engineering stakeholders across Technology Services.

This role will interact with various business functions to secure and optimize our technology stack, driving the implementation of security best practices.

The PSE will also contribute to strategic initiatives, security automation, and security metrics. This role will involve hands-on security engineering while guiding security decisions across the enterprise.

What You Get To Do Everyday :

• Develop, mature, and own a comprehensive data governance program, including policies, procedures, and standards.
• Collaborate with business units to ensure compliance with data privacy regulations and best practices.
• Conduct regular security audits and assessments and ensure compliance with relevant security standards, regulations, and industry best practices.
• Perform mature identity and access management (IAM) capabilities within CPI.
• Develop and maintain IAM policies, procedures, and standards.
• Automate appropriate IAM processes.
• Work with the Enterprise Security Architect on security strategies, architecture, and roadmaps.
• Provide technical guidance and support to engineering teams on security best practices.
• Improve the security posture of continuous integration and continuous delivery (CI / CD) pipelines by collaborating with DevSecOps teams to integrate security measures and ensure robust, secure delivery practices.
• Work with the Software Engineering team to improve the security posture of development practices.
• Identify and mitigate security risks in collaboration with various stakeholders across CPI.
• Respond to security incidents and breaches in a timely and effective manner.
• Develop and maintain incident response plans and processes.
• Evaluate, select, and manage security tools and technologies to meet organizational needs.
• Oversee the integration, operation, and performance of various security and infrastructure tools.
• Continuously monitor and assess the 24 / 7 managed security service provider (MSSP) to ensure effective threat management and response.
• Develop and refine key performance indicators (KPIs) and metrics to measure the effectiveness of security controls and initiatives.
• Create comprehensive security reports to inform stakeholders about the organization's security posture.
• Analyze security data to identify trends, anomalies, and potential risks.
• Monitor, manage, and recommend improvements for infrastructure systems to ensure security, reduce complexity, and enhance operational efficiency.
• Identify, document, and recommend security safeguards and configurations across all infrastructure systems.
• Participate in architecture, planning, and support of infrastructure environments, focusing on security.
• Prepare, coordinate, and execute changes to production and non-production systems while assessing business impact.
• Investigate and implement automation or system enhancements to reduce repetitive support tickets and improve system efficiency.
• Lead collaboration efforts between various Technology Services partners to strengthen security posture.
• Demonstrate the ability to provide direction, shape team decisions, and inspire teamwork.
• Actively share knowledge, mentor peers, and stay informed on industry trends to apply best practices.
• Manage system capacity, maintainability, and security life cycle across the infrastructure.
• Propose alternative solutions with cost analysis, estimate resources, and drive best practices within the team.
• Identify dependencies and critical paths for technology platforms and propose risk mitigation strategies.
• Perform other position-related duties as assigned.

You Need to Have :

• Bachelor’s degree in computer engineering, computer science, data science, or related field
• Seven years or more of experience in cybersecurity engineering, including architecture, security operations, IAM, risk management, governance, and audit reporting
• Experience working with identity and access management systems (e.g., AAD, Ping Identity)
• Experience working with data governance (NIST, COBIT) and privacy frameworks (GDPR, CCPA)
• Experience working with cloud security (e.g., Azure, CSPM)
• Experience working with cloud infrastructure (Azure, AWS)
• Experience working with security monitoring, incident response, and log management
• Experience developing and refining security metrics for operations and resource management
• Knowledge of security principles, concepts, and best practices
• Ability to troubleshoot and resolve security, related issues across cloud and on-premises environments, ensuring secure and efficient operations
• Highly collaborative, capable of interacting and communicating effectively with peers, management, and leadership teams of varying technical levels, and acting with urgency in response to security challenges or requirements
• Strong analytical skills, with attention to detail
• Advanced technical writing skills and the ability to lead and communicate effectively within an enterprise environment
• Exceptional written and verbal communication skills
• Well-developed interpersonal skills, negotiation, writing, speaking, and listening skills
• Strong business acumen and strategic thinking ability

We'd Love to See :

• Security certifications (CISSP, CISM, CCSP, CRISC or CISA)
• Microsoft certified (Azure Security Engineer Associate)
• Experience working with cloud security posture management (CSPM)
• Experience working with DevSecOps automated security testing (SAST, DAST), infrastructure as code (IaC), and continuous security monitoring
• Experience developing security automation strategies, utilizing scripting languages (PowerShell, Python) and tools such as Azure Automation, or Terraform for infrastructure security
• Experience with Advanced Data Protection (encryption at rest, in transit) and key management in cloud environments (Azure Key Vault, AWS KMS)
• Experience working with DLP solutions in cloud and on-premises

What We Offer :

• $135,000 - $145,000 annual salary
• Annual company performance bonus
• Comprehensive benefits package
• 401k
• Health & Wellness Days
• Paid Volunteer Time Off
• Continuing education and training
• Hybrid work schedule

Crisis Prevention Institute is an Equal Opportunity Employer that does not discriminate against any applicant or employee on the basis of age, race, color, ethnicity, national origin, citizenship, religion, diversity of thoughts and beliefs, creed, sex, sexual orientation, gender, gender identity, or expression (including against any individual that is transitioning, has transitioned, or is perceived to be transitioning), marital status or civil partnership / union status, physical or mental disability, medical condition, pregnancy, childbirth, genetic information, military and veteran status, or any other basis prohibited by applicable federal, state, or local law.

The Company will consider for employment qualified applicants with criminal histories in a manner consistent with local and federal requirements.

Our management team is dedicated to this policy with respect to recruitment, hiring, placement, promotion, transfer, training, compensation, benefits, employee activities, and general treatment during employment.

Powered by JazzHR

DGmLW6I4XM