Lead Security Engineer, Identity & Cloud Controls

Location: Beachwood, OH (Hybrid)

Reports To: Director of IT

We are seeking a highly experienced Lead Security Engineer to serve as the primary technical authority for security engineering, identity governance, and cloud control enforcement across our organization.

This is a high-impact, senior role responsible for designing and implementing modern security controls in a cloud-first environment, while working in close partnership with a managed security provider (SEI Sphere) that oversees monitoring and response operations.

Position Summary

The Lead Security Engineer, Identity & Cloud Controls serves as the organization’s primary technical security authority, responsible for designing, implementing, and governing security controls across identity platforms, cloud services, and enterprise applications.

Operating within a co-managed security model alongside SEI Sphere (MSSP), this role focuses on internal control design, enforcement, and integration—ensuring security policies are effectively translated into technical controls that are operational, measurable, and audit-ready.

This position plays a critical role in strengthening identity governance, reducing unauthorized application risk, improving access control consistency, and enabling automation across the security ecosystem.

Key Responsibilities:

Identity & Access Management (Primary Focus)

Design and implement identity security controls across:

• Microsoft Entra ID (Azure AD)
• Okta
• CyberArk (Privileged Access Management)

Develop and Maintain:

• Role-based access control (RBAC) models
• Conditional Access policies and MFA strategies

Lead implementation and automation of:

• User lifecycle management (joiner/mover/leaver)
• Periodic access reviews and certifications

Identify and remediate excessive permissions, orphaned accounts, and privilege escalation risks

Cloud & Microsoft Security Platform Ownership

Configure and optimize:

• Microsoft Defender (Endpoint, Office 365, Cloud Apps)
• Microsoft Purview (DLP, sensitivity labeling, data protection controls)

Ensure alignment of identity, endpoint, and data protection policies

Translate security policies into enforceable technical configurations

Application Governance & Shadow IT Control

Implement controls to detect and manage unauthorized applications and SaaS usage

Govern third-party app access, including OAuth and API integrations

Establish application onboarding and risk review processes

Reduce shadow IT exposure while balancing business usability

Security Automation & Integration

Design and implement automated security processes using:

• PowerShell, Microsoft Graph API, and other automation tools

Automate:

• Access provisioning and deprovisioning
• Policy enforcement and reporting

Integrate security tools to ensure consistent control application across platforms

MSSP (SEI Sphere) Integration & Oversight

Serve as the primary internal technical liaison with SEI Sphere

Ensure proper integration of identity, application, and cloud telemetry into MSSP monitoring

Validate detection coverage, escalation processes, and response coordination

Identify and remediate gaps between internal controls and MSSP visibility

Compliance, Audit & Governance

Translate SEC / FINRA regulatory requirements into technical controls

Maintain control mappings and generate audit evidence

Support internal and external audits, assessments, and regulatory reviews

Contribute to vendor due diligence and technical risk evaluations

Actively participate in the organization’s GRC Committee

Security Architecture & Strategy

Serve as the primary internal SME for security engineering and architecture decisions

Contribute to long-term security strategy, including identity-first and Zero Trust initiatives

Provide recommendations for platform improvements and future-state capabilities

Why This Role Matters

This role is critical to advancing our security maturity by focusing on what matters most:

• Identity and access control
• Application governance
• Control enforcement and automation
• Bridging internal security engineering with external security operations

You’ll have the opportunity to shape the security architecture, influence strategy, and build scalable solutions that directly reduce risk across the organization.

Work Environment

• Hybrid work model
• Direct collaboration with IT leadership and cross-functional teams
• High visibility role with impact across technology, compliance, and operations

Required Qualifications

• 7–10+ years in cybersecurity engineering or architecture roles
• Deep hands-on expertise with:
• Microsoft Entra ID (Azure AD), Conditional Access, identity governance
• Okta (SSO, federation, lifecycle management) Microsoft Defender suite and security ecosystem
• Proven experience implementing or managing:
• Privileged Access Management (CyberArk strongly preferred)
• Access control models and governance frameworks
• Strong scripting and automation skills (PowerShell required)
• Experience integrating security tools and platforms across cloud environments
• Familiarity with MSSP/SOC operating models
• Experience in regulated environments (FINRA, SEC, or equivalent)
• Ability to translate policy and regulatory requirements into technical control implementations

Preferred Qualifications

• Experience with Microsoft Purview (DLP, labeling, insider risk)
• Experience with Defender for Cloud Apps or CASB technologies
• Familiarity with API-based integrations and automation
• Background in financial services or highly regulated industries

Pay: $135,000.00 - $145,000.00 per year

Benefits:

• 401(k)
• Dental insurance
• Employee assistance program
• Health insurance
• Health savings account
• Paid time off
• Referral program
• Retirement plan
• Vision insurance

Work Location: Hybrid remote in Beachwood, OH 44122