Security Engineer

at College of American Pathologists in Northfield, Illinois, United States Job Description Who we are? As the world's largest organization of board-certified pathologists and leading provider of laboratory accreditation and proficiency testing programs, the College of American Pathologists ( CAP ) serves patients, pathologists, and the public by fostering and advocating excellence in the practice of pathology and laboratory medicine worldwide. Our Culture + CAP employees make a meaningful difference by partnering with colleagues customers and members on challenging and rewarding work + CAP provides its employees with an energetic and collaborative work environment and encourage opportunities to further develop their skills-offering reimbursement for educational programs and participation in events that enhance your skills + We offer a generous compensation and benefits package, 401K, and more — visit Careers at the CAP (https://www.cap.org/careers-at-the-cap) for more details Brief Description The Security Engineer is responsible for designing, implementing, and improving security controls across one or more security domains, such as identity, endpoint, detection and response, cloud, network, application, or data security. This role partners closely with cross - functional teams to reduce risk, improve control maturity, and support secure business operations through hands - on engineering, technical guidance, and measurable security outcomes. While each Security Engineer maintains primary responsibility for specific security domains, the role is designed to be flexible, enabling engineers to support and contribute across multiple practice areas as organizational needs evolve. Specific Duties Specific responsibilities will vary based on assigned security practice areas; however, all Security Engineers are expected to contribute across domains and collaborate to support overall security objectives. Security Engineering & Operations + Implement, manage, and improve security controls across one or more domains, including identity, endpoint, detection and response, network, cloud, application, or data security. + Investigate security alerts, events, and incidents; support containment, remediation, and post-incident improvements. + Develop, tune, and maintain detection logic based on system, user, and network activity. + Identify security gaps, misconfigurations, and exposure risks; recommend and implement corrective actions. Identity & Access Management + Implement and manage authentication and authorization controls. + Support identity governance processes, including access reviews and lifecycle management. + Enhance controls for privileged and non-human identities. Vulnerability & Risk Management + Identify, prioritize, and track remediation of vulnerabilities across systems and platforms + Partner with IS and engineering teams to drive timely remediation and risk reduction. + Improve vulnerability scanning coverage, prioritization, and reporting processes. Cloud, Network, Application, and Data Security + Secure cloud environments and SaaS platforms through configuration review and monitoring. + Support network security controls such as segmentation, remote access, and traffic analysis. + Identify and remediate application security risks across the software development lifecycle. + Support implementation of controls to protect sensitive data across storage, transmission, and processing workflows. Practice Ownership & Project Oversight + Maintain security standards, control requirements, and technical guidance within assigned practice areas. + Define and validate security requirements, deliverables, and acceptance criteria for initiatives impacting the practice domain. + Support security scoping and risk assessments for enterprise initiatives. + Track security-related milestones and escalate material deviations from standards when necessary. Metrics & Reporting + Develop and maintain metrics related to control maturity, risk posture, and initiative progress. + Provide regular reporting and insights to security leadership and stakeholders.

Knowledge/Skills Required/Preferred Personal:

+ Demonstrates strong ownership and accountability for assigned responsibilities. + Proactively identifies opportunities to improve security controls and processes. + Operates effectively in ambiguous environments and makes sound, risk-informed decisions. + Maintains a collaborative mindset focused on enabling the business securely. + Communicates clearly and professionally with both technical and non-technical stakeholders.

Professional:

+ Ability to collaborate effectively with IS, application owners, vendors, and business stakeholders. + Strong analytical and problem-solving skills, with the ability to assess complex security issues. + Ability to manage multiple priorities and deliver work in a structured and timely manner. + Strong written and verbal communication skills, including the ability to document standards, processes, and configurations. + Ability to influence stakeholders and drive adoption of security controls and standards.

Technical:

+ Solid understanding of core security principles such as authentication, authorization, least privilege, and system hardening. + General familiarity with enterprise IT environments across operating systems, networks, and cloud platforms.

Education/Experience Education:

+ Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field, or equivalent practical experience.

Experience:

+ 5+ years of experience in security engineering or a related field. + Demonstrated depth in at least one security domain (e.g., identity, detection and response, endpoint, network, cloud, application, or data security), with working exposure across multiple domains and the ability to adapt to new practice areas over time. + Experience designing, implementing, and supporting security controls in enterprise environments. + Experience working with security technologies such as endpoint protection platforms, logging and monitoring solutions, access control systems, and cloud security configurations. + Experience investigating, troubleshooting, and resolving complex security issues across systems and platforms. + Experience collaborating with cross-functional teams to reduce risk and improve security posture.

Related certifications:

+ Relevant certifications such as

CISSP , CISM

, or similar are preferred but not required Additional Criteria + Schedule flexibility to allow for availability required during the CAP's non-business hours for activities such as resolution of critical issues or outages, managing off-hours maintenance, meetings with offshore teams, or other critical business needs. + Travel is required when necessary; expected to be less than 10%. Travel required when necessary; expected to be less than 10%. + Candidates must reside within 75-miles of the Northfield, IL office and meet in office requirements. +

Salary:

$87,000 - $111,000 Equal Opportunity Employer The CAP is an equal opportunity/affirmative action employer, providing equal employment opportunities ( EEO ) to all employees and qualified applicants for employment without regard to race, creed, color, religion, sex, gender identity and/or expression, national origin, age, ancestry, disability or genetic information, military status, sexual orientation, marital status, citizenship status, order of protection status, homelessness, or any other characteristic protected by federal law and the applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. Applicants have rights under

Federal Employment Laws:

Family and Medical Leave Act Equal Employment Opportunity Employee Polygraph Protection Act Job Details Job Family To view full details and how to apply, please login or create a Job Seeker account