Lead Security Engineer

We are seeking an experienced Lead Security Engineer to strengthen the protection, compliance, and Zero Trust maturity of enterprise infrastructure supporting the Securities and Exchange Commission (SEC). In this role, you will collaborate closely with infrastructure leadership, SOC teams, and identity/security engineers to secure identity services, advance Zero Trust controls, automate access governance, and ensure compliance with federal cybersecurity standards.

This position supports the ISS Program, which delivers enterprise IT services for the SEC Office of Information Technology (OIT), including infrastructure and security operations across headquarters, regional offices, data centers, and cloud environments. Our mission is to provide secure, modern, and resilient IT capabilities that inspire confidence in SEC technology operations.

What will you do:

• Lead security engineering initiatives aligned with SEC Zero Trust strategy, OMB M-22-09, and federal cybersecurity frameworks.
• Manage and enhance Microsoft Entra ID (Azure AD) identity services, including authentication, authorization, conditional access, directory synchronization, and identity governance.
• Design, implement, and maintain Role-Based Access Control (RBAC) frameworks enforcing least privilege and compliance requirements.
• Develop and maintain automated RBAC and access provisioning workflows to ensure accurate, real-time entitlement management.
• Oversee Active Directory infrastructure, including domain operations, Group Policy Objects (GPOs), identity lifecycle management, and secure hybrid integrations.
• Monitor and analyze security events using Splunk; partner with SOC teams to identify threats, perform root cause analysis, and recommend remediation.
• Enforce device-level Zero Trust compliance across identity, network, application, and data layers with automated validation and remediation.
• Lead secure infrastructure migration efforts and support CI/CD pipelines, DevOps tooling, documentation, and knowledge transfer activities.

Required Qualifications:

• Bachelor’s degree with 8+ years of relevant experience, or a High School Diploma with 12+ years of experience.
• 8+ years of experience in security engineering, identity management, or enterprise infrastructure security.
• 5+ years supporting Zero Trust, identity services, or security operations in large enterprises or federal environments.
• Hands-on expertise with Microsoft Entra ID / Azure AD, conditional access, RBAC design, and identity lifecycle management.
• Strong experience with Active Directory, GPOs, authentication protocols, and secure directory integrations.
• Experience using Splunk or similar SIEM tools for event analysis, SOC collaboration, and incident response.
• Working knowledge of Zero Trust architecture, automated access controls, and OMB M-22-09 compliance.
• Familiarity with immutable infrastructure, CI/CD pipelines, DevOps practices, and secure configuration baselines.
• Excellent communication skills with the ability to work across technical teams and federal leadership.
• Ability to work full-time on-site at SEC Headquarters in Washington, DC.
• Must be a U.S. Citizen
• Must be able to obtain and maintain the required agency clearance.

Desired Skills:

• Degree in Cybersecurity, Engineering, or a related field.
• Preferred certifications:
• Security+
• Azure Security Engineer (AZ-500)
• Certified Identity and Access Manager (CIAM)
• Splunk Power User/Admin
• CISSP
• ITIL v4 Foundation
• Experience with MFA/FIDO2, Zero Trust solutions, automated provisioning tools, and secure DevOps pipelines.
• Familiarity with SIEM, SOAR, vulnerability management, and cloud security configuration frameworks.