Lead, Security Engineer

Lead, Security Engineer Pearson - 3.7 Durham, NC Job Details Full-time $200,000 - $230,000 a year 3 hours ago Qualifications Cloud identity and access management (IAM) DevSecOps Practices Network design Infrastructure as Code (IaC) Security engineering Infrastructure architecture design Team development IT security architecture Team management Scripting Cross-functional collaboration Project leadership Senior leadership

Full Job Description Lead, Security Engineering Position Level:

Leader of Security Engineering Department:

Cybersecurity /

Security Engineering Reports To:

Senior Leader of Security Architecture and Engineering Direct Reports:

15-25 Security Engineering professionals

Location:

Remote Position Overview We are seeking an experienced Leader of Security Engineering to establish, lead, and mature our Security Engineering organization. This senior leadership role is responsible for the full engineering lifecycle (architect, build, deploy, maintain, and decommission) of security capabilities across cloud infrastructure, network, and user environments. The Leader of Security Engineering will own the engineering delivery of cloud security posture management (CSPM), attack surface management (ASM), SaaS security posture management (SSPM), network security, endpoint security, and mobile security, ensuring each capability is properly designed, operationalized, and handed off to Security Operations for ongoing use. As a distributed leader, this role carries dual responsibilities: driving security engineering excellence enterprise-wide while providing leadership, mentorship, and support to security team members across all locations. Key Responsibilities Security Engineering Program Development and Leadership Design and implement a comprehensive Security Engineering Program spanning cloud infrastructure, network, and user environment security, including policies, standards, processes, metrics, and tooling Own the full engineering lifecycle (architect, build, deploy, maintain, and decommission) for all security capabilities within the program's scope Establish and mature engineering practices across infrastructure deployment, network architecture, and user environment security, including threat modeling, secure design reviews, configuration hardening, and security acceptance criteria Define and enforce engineering standards, design patterns, and operational readiness criteria that ensure security capabilities are stable, scalable, and operable by Security Operations upon handoff Drive security awareness initiatives that elevate secure infrastructure and operational practices across engineering, SRE, and IT operations teams Develop and deliver training programs for infrastructure engineers, cloud engineers, network engineers, and IT operations staff on secure configuration, threat modeling, and emerging security risks Build security champions programs to embed security advocates within infrastructure and operations teams Define and track program metrics and KPIs to measure engineering delivery quality, capability maturity, and security posture improvements across all domains Technical Leadership and Innovation Architect security capabilities across cloud, network, and user environment domains, ensuring designs are scalable, resilient, and aligned with enterprise architecture principles Drive engineering delivery of security tooling, integrating capabilities into CI/CD pipelines, GitOps workflows, and infrastructure operations Oversee policy-as-code frameworks to enforce security standards and configuration compliance at scale Evaluate and adopt emerging security technologies, ensuring new capabilities are architected and deployed to production-ready standards Partner with Security Operations to define operational requirements, runbooks, and handoff criteria for all deployed capabilities Partner with engineering, SRE, and platform leadership to balance security requirements with operational efficiency and business objectives Stay current with the evolving threat landscape across cloud, network, endpoint, and mobile domains, continuously adapting the engineering program accordingly Cloud Infrastructure Security Engineering Architect and engineer cloud security capabilities across all cloud environments, including secure landing zones, account structures, governance frameworks, and cloud-native security controls Build and maintain cloud security posture management (CSPM) capabilities, owning the full engineering lifecycle from architecture through deployment, tuning, and eventual decommission Engineer cloud-native security controls including identity and access management, network controls, encryption services, and data protection capabilities Build and maintain security engineering for containerized workloads, serverless functions, managed databases, object storage, and API gateways Engineer container and workload security across container orchestration platforms, ensuring runtime protection, image integrity, and least-privilege access Implement and maintain secrets management and encryption key lifecycle infrastructure using vault and key management platforms Develop and maintain IaC security modules, secure deployment templates, and pipeline-integrated scanning capabilities for use by infrastructure and SRE teams Attack Surface Management (ASM) Engineering Architect and deploy ASM capabilities that provide continuous discovery and inventory of all internet-facing assets, including cloud resources, network-exposed services, and shadow IT Engineer integrations between ASM tooling and downstream systems including vulnerability management, CSPM, and Security Operations platforms Build and maintain the data pipelines, connectors, and automation workflows that ensure ASM coverage is complete, accurate, and current Tune and maintain ASM platform configurations, asset classification logic, and risk scoring to reduce noise and improve signal fidelity for Security Operations Establish engineering runbooks and handoff documentation so Security Operations can effectively monitor, triage, and act on ASM findings Manage the decommission lifecycle of ASM capabilities as tooling evolves, ensuring continuity of coverage and clean transitions SaaS Security Posture Management (SSPM) Engineering Architect and deploy SSPM capabilities providing continuous visibility into the security configuration and compliance posture of enterprise SaaS applications Engineer integrations between SSPM tooling and enterprise SaaS applications, identity platforms, and Security Operations workflows Build and maintain configuration baseline definitions, compliance mappings, and automated assessment workflows within the SSPM platform Tune and maintain SSPM detection logic, OAuth and integration monitoring, and excessive permissions detection to align with organizational risk tolerance Establish engineering runbooks and handoff documentation so Security Operations can effectively monitor and remediate SSPM findings Manage the decommission lifecycle of SSPM capabilities, ensuring continuity of SaaS security visibility during platform transitions Network Security Engineering Architect and engineer enterprise network security capabilities across on-premises, hybrid, and multi-cloud environments Design, build, and maintain network segmentation architectures, including zero trust principles, micro-segmentation, and perimeter defense models Engineer and maintain network security controls including next-generation firewalls, intrusion detection and prevention systems, VPNs, network access controls, and secure DNS Architect and build secure connectivity solutions for hybrid and multi-cloud environments, including software-defined networking and secure remote access Engineer network telemetry and logging pipelines to feed Security Operations monitoring and detection platforms Develop and maintain network security standards, baselines, configuration templates, and operational runbooks Manage the decommission lifecycle of network security capabilities, ensuring no gaps in coverage during transitions User Environment Security Engineering Architect and engineer security capabilities for all user-facing environments, encompassing desktop, laptop, mobile, and virtual endpoints across the enterprise Build and maintain endpoint security standards and hardening baselines for all managed operating systems and device types Engineer and maintain endpoint detection and response (EDR) capabilities, including platform deployment, policy configuration, detection tuning, and integration with Security Operations platforms Architect and engineer mobile security capabilities, including mobile device management (MDM), mobile application management (MAM), and security policy enforcement for corporate-owned and BYOD devices Build and maintain data protection controls on endpoints and mobile devices, including device encryption, data loss prevention, and remote wipe capabilities Engineer secure access from user environments to enterprise and cloud resources, including zero trust network access (ZTNA) and conditional access policy infrastructure Develop and maintain engineering runbooks and handoff documentation enabling Security Operations to monitor, respond to, and manage endpoint and mobile security events Manage the decommission lifecycle of endpoint and mobile security capabilities, ensuring coverage continuity during platform transitions Security Automation and Infrastructure as Code Build and scale security automation for deployment, configuration validation, detection engineering support, and remediation across cloud, network, and user environment domains Create and maintain reusable IaC security modules and deployment templates for secure-by-default infrastructure provisioning Implement and maintain IaC scanning and validation in deployment pipelines to enforce security standards before production Build compliance validation automation to continuously assess environments against security baselines and regulatory frameworks Develop and maintain security metrics and dashboards providing unified visibility into engineering delivery and capability health across all domains Compliance and Governance Support compliance initiatives for

SOC 2, ISO

27001, PCI-DSS, HIPAA, and other applicable frameworks across all engineering domains Conduct security architecture and engineering reviews ensuring deployed capabilities meet compliance and control requirements Document security architectures and maintain system security plans (SSPs), control documentation, and engineering design records Develop and maintain engineering runbooks and procedures for capability operation, incident response support, and lifecycle management Generate compliance reports demonstrating security control implementation and effectiveness to leadership and auditors Team Management and Development Lead, mentor, and develop a team of 15-25 Cloud, Infrastructure, Network, and User Environment Security Engineers and Architects Build team capabilities through hiring, skills development, career planning, and performance management Foster a collaborative culture that emphasizes engineering excellence, continuous learning, and operational readiness Allocate resources effectively across engineering initiatives, capability deployments, and lifecycle management activities, ensuring the team meets defined SLAs and SLOs Cross-Functional Collaboration and Leadership Provide leadership, mentorship, and support to security team members across all locations regardless of functional reporting structure Act as a key point of contact for security team members seeking leadership guidance, career development, or organizational support Build and maintain strong relationships with engineering, infrastructure, network, cloud, IT operations, Security Operations, and business stakeholders Communicate program strategy, delivery progress, and risk to executive leadership and the CISO Collaborate with peer security leaders to ensure consistency and knowledge sharing across the enterprise security program Required Qualifications Experience 12+ years of hands-on security engineering experience spanning cloud security, infrastructure security, network security, or user environment security, with progression into leadership roles 5+ years leading security engineering programs, owning the full lifecycle of security capability delivery from architecture through decommission 3+ years managing and developing security teams across multiple disciplines, with demonstrated success in team building and talent development Proven track record architecting, deploying, and maintaining production-grade security capabilities across cloud, network, and endpoint domains Deep expertise in CSPM, ASM, SSPM, endpoint security, mobile security, and network security engineering disciplines Demonstrated experience partnering with Security Operations teams, defining operational handoff criteria, and enabling effective use of deployed capabilities Technical Skills Deep knowledge of major cloud platform security models, including IAM, networking, security services, and governance frameworks across multiple cloud environments Experience with Infrastructure as Code security, including secure module development, pipeline-integrated scanning, and policy-as-code enforcement Network security engineering expertise including next-generation firewalls, segmentation, zero trust architectures, VPNs, and IDS/IPS Endpoint and mobile security engineering expertise including EDR deployment and tuning, MDM/MAM, device hardening, and BYOD security models Experience engineering and integrating CSPM, ASM, and SSPM platforms into enterprise security ecosystems Container and workload security engineering covering orchestration platforms and runtime protection Scripting and automation skills for building security engineering tooling and deployment automation Knowledge of security frameworks and standards:

NIST CSF, CIS

Controls, MITRE

ATT&CK, ISO 27001

Experience with security monitoring platforms and the ability to engineer telemetry pipelines that feed Security Operations Leadership and Communication Executive presence with the ability to communicate engineering strategy and risk to technical and non-technical audiences Strategic thinking balanced with hands-on engineering execution capabilities Ability to influence without authority to drive security engineering standards across infrastructure and operations organizations Strong interpersonal skills for coaching, mentoring, and building trust with diverse stakeholders including Security Operations peers Education Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience) Desired certifications: CISSP, CCSP, cloud security specialty certifications, GCIH, GCIA, or equivalent Preferred Qualifications Experience with AI-powered security tooling and AI-driven automation for security engineering and detection capabilities Experience in highly regulated industries (financial services, healthcare, government) with complex compliance requirements Zero trust architecture design and implementation experience across network and user access domains Multi-cloud security engineering experience spanning multiple major cloud platforms GitOps experience with infrastructure deployment automation tools Service mesh security engineering experience in complex microservices environments SOAR integration experience, engineering automation workflows that connect deployed capabilities to Security Operations platforms Master's degree in a relevant field Experience with security metrics and reporting to board-level audiences Previous experience in multi-site or distributed team leadership Advanced certifications in cloud architecture, network security, or offensive security disciplines Leadership Expectations This role requires a leader who can: Inspire and empower teams to deliver security engineering excellence while maintaining infrastructure and operational agility Own the full capability lifecycle, driving disciplined engineering practices from architecture through decommission across all domains Navigate ambiguity in a fast-paced environment with competing priorities across multiple security engineering domains Build consensus across diverse stakeholder groups including Security Operations, infrastructure, and business teams Demonstrate servant leadership by supporting team growth and removing barriers to engineering delivery Model security-first engineering behaviors that set the tone for the broader organization Provide guidance and mentorship to distributed security staff on professional development, escalations, and day-to-day engineering challenges Bridge cloud, network, and user environment security disciplines, ensuring cohesive engineering strategy and execution across the full infrastructure and endpoint stack Compensation at Pearson is influenced by a wide array of factors including but not limited to skill set, level of experience, and specific location. As required by the California, Colorado, Hawaii, Illinois, Maryland, Minnesota, New Jersey, New York State, New York City, Vermont, Washington State, and Washington DC laws, the pay range for this position is as follows: The minimum full-time salary range is between $200,000 - $230,000. This position is eligible to participate in an annual incentive program, and information on benefits offered is here. Applications will be accepted through May 7th. This window may be extended depending on business needs.

Who we are:

At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are.

To learn more:

We are Pearson. Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act. If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing .

Job:

Engineering Job Family:

TECHNOLOGY

Organization:

OCTO Schedule:

FULL_

TIME Workplace Type:

Remote Req ID:

23689