Security Engineer

Description

Sargent & Lundy is a leading consulting engineering firm specializing in the power and energy sectors. Since 1891, we have provided comprehensive engineering, design, and consulting services for both traditional and renewable power generation, grid modernization, nuclear power, and beyond. Our mission is to help clients achieve their energy goals effectively by leveraging advanced technologies and adopting sustainable practices.

Role Overview

Sargent & Lundy is seeking a Security Engineer with a strong data and analytics mindset to help operate and mature our security platforms, data protection capabilities, and Zero Trust architecture.

In this role, you will work hands-on with tools such as Azure, CrowdStrike , Mimecast , Zscaler , DLP platforms , Secret Server , and cloud security services to support day-to-day operations, configuration management, incident response, and security analytics. You will also contribute to our evolving AI security guardrails , helping the organization adopt AI responsibly while protecting our data and clients.

This position is ideal for someone early in their security career who:

• Passionate about building secure cloud infastructure

• Enjoys working with data and building repeatable reports and dashboards

• Is curious about AI security , data protection, and modern cloud security models

• Wants to grow into a broader engineering and architecture role over time

Key Responsibilities

Platform Configuration & Operations

• Assist with Endpoint Detection and Response (EDR) configuration, policy tuning, and device control management, including exception handling and reporting.

• Support Mail Security configuration management (email security policies, spam/phishing controls, DLP rules) and maintain accurate documentation of changes.

• Help manage Internet Security configurations and policies (web filtering, SSL inspection, access controls, and user/device policy alignment).

• Contribute to DLP management , including rule tuning, incident review, false-positive reduction, and user outreach.

Data Protection & Inventory

• Maintain and update data repository inventories (file servers, cloud storage, SaaS apps) to support DLP, access reviews, and risk assessments.

• Analyze data flows, access patterns, and DLP/endpoint events to identify trends and drive remediation.

• Assist in defining and monitoring data classification and protection controls across on-prem and cloud environments.

Identity, Access, and Secrets Management

• Support IAM governance activities including user access reviews , role analysis, and exception tracking.

• Help manage and monitor Privilege Access Management usage , including access requests, vault hygiene, and reporting.

• Participate in efforts to align IAM controls with Zero Trust principles (least privilege, continuous verification, just-in-time access).

Cloud & Zero Trust Security

• Assist in maintaining cloud security posture (Azure, AWS, or other cloud environments) by reviewing configuration baselines and security findings.

• Help document and track decisions from the Architecture and Design Review Board for cloud services and custom applications.

• Support Zero Trust governance by helping document policies, control mappings, and implementation status across identity, endpoint, network, and data.

Threat Intelligence & Incident Response

• Help operationalize threat intelligence by correlating threat feeds with internal telemetry (CrowdStrike, Zscaler, Mimecast, logs) and assisting in enrichment of alerts.

• Participate in incident response activities as an analyst/engineer: data collection, initial triage, impact analysis, documentation, and lessons-learned tracking.

• Assist in building reusable playbooks , including data queries, Excel/Power BI templates, and checklists.

AI Security & Guardrails

• Contribute to AI enablement by inventorying AI tools, helping define and document guardrails, and supporting monitoring and reporting on AI-related data access.

• Partner with security leadership and data teams to ensure AI solutions enable innovation while protecting sensitive data .

Continuous Improvement & Documentation

• Maintain up-to-date SOPs , configuration standards, and runbooks for supported tools and processes.

• Participate in efforts to automate recurring tasks (reporting, reviews, alert triage) using scripts, queries, or low-code tooling where appropriate .

• Provide clear, concise summaries of findings, risks, and recommended actions for both technical and non-technical stakeholders.

This position offers the flexibility of a hybrid schedule with the expectation of 3 days per week in our downtown Chicago office, and 2 days remote from home.

Qualifications

Deep Knowledge, Skills & Tooling Exposure

You are not expected to be an expert in all of these areas on day one, but familiarity or hands-on exposure in several of the following is strongly preferred:

Security Platforms & Technologies

• Endpoint security and EDR tools (e.g., CrowdStrike , Palo Alto ) .

• Email security and secure email gateways (e.g., Mimecast , Microsoft ).

• Secure web gateways / cloud proxy solutions (e.g., Zscaler , WAF, Palo Alto ).

• DLP solutions ( Purview , ZScaler ).

• Secret Server or comparable privileged access management tools.

• I dentity platforms and IAM concepts (e.g., Entra ID, SSO , MFA, RBAC).

• Basic understanding of cloud security concepts (CSPM, security groups, identity-based access in cloud providers).

Data & Analytics Skills

• Strong proficiency with Microsoft Excel ( vLOOKUP /XLOOKUP, INDEX/MATCH, pivot tables, charts, data cleanup)

• Experience building and maintaining Power BI reports and dashboards (data models, measures, filters, visualizations).

• Ability to interpret logs, alerts, and data sets from multiple tools and summarize key insights and recommended actions.

  Essential Qualifications

• Bachelor's degree in computer science, information systems, cybersecurity, data analytics , or a related field; or equivalent practical experience.

• 1-3 years of experience in IT, security operations, or data analytics , including internships, co-ops, or relevant project work.

• Proven ability to work with large data sets and translate findings into clear, actionable recommendations.

• Strong written and verbal communication skills, with the ability to document processes and explain technical concepts to non-technical stakeholders.

Preferred Qualifications & Certifications

• Experience with CrowdStrike, Mimecast, Zscaler, DLP platforms, Secret Server, or similar tools in a production environment.

• Exposure to security frameworks or best practices (e.g., NIST CSF, ISO 27001, CIS Controls ).

• Prior involvement in incident response , security monitoring, or SOC functions.

• Familiarity with AI tools , l arge language models, or data science workflows, particularly as they relate to security and governance.

• Basic knowledge of cloud security concepts in Azure (or similar cloud infrastructure)

  Behaviors & Mindset

We are looking for someone who will be a strong culture and team fit, not just a technical contributor. The ideal candidate:

• Gives direct and constructive feedback with the goal of improving outcomes for the team and the business.

• Shows curiosity and a learning mindset , asking questions to understand the "why" behind processes and decisions.

• Prioritizes team success over individual credit , actively collaborating across IT, Security, and business functions.

• Owns commitments , follows through on assigned tasks, and proactively communicates risks, blockers, or delays.

• Treats mistakes and near-misses as learning opportunities , helping to improve processes and documentation.

• Is motivated by impact , connecting daily work to protecting our people, clients, and projects.

If you are excited about working at the intersection of security engineering, data analytics, cloud, and AI , and want to grow your career in a hands-on role, we encourage you to apply.

We do not sponsor employees for work authorization in the U.S. for this position.

Award-Winning Benefits

At Sargent & Lundy, we care about the health and well-being of our employees. Our commitment extends beyond the workplace, offering comprehensive healthcare plans and generous paid time off to support our team members in every aspect of their lives. We understand the importance of work-life balance, which is why we are proud to provide competitive, award-winning benefits. Our dedication to employee satisfaction has earned us the prestigious Top Workplaces Culture Excellence Award for compensation and benefits in 2022, 2023, and 2024.

Health & Wellness Financial Benefits Work-Life Balance

• Health Plans: Medical, Dental, Vision

• Life & Accident Insurance

• Disability Coverage

• Employee Assistance Program (EAP)

• Back-Up Daycare

• FSA & HSA

• 401(k)

• Pre-Tax Commuter Account

• Merit Scholarship Program

• Employee Discount Program

• Corporate Charitable Giving Program

• Tuition Assistance

• First Professional Licensure Bonus

• Employee Referral Bonus

• Paid Annual Personal/Sick Time (PST)

• Paid Vacation

• Paid Holidays

• Paid Parental Leave

• Paid Bereavement Leave

• Flexible Work Arrangements

Compensation Range

$64,915 - $95,019

Transparency Statement

Sargent & Lundy discloses compensation ranges that comply with all local and state regulations. The total compensation package for eligible positions will include a base salary or an hourly rate and a comprehensive benefits package, reflecting our commitment to rewarding performance and supporting the overall well-being of our employees. Individuals may also be eligible to participate in our yearly discretionary bonus.

Awards & Recognition

Equal Opportunity

Sargent & Lundy is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, national origin, disability status, protected veteran status, or any protected status as defined by applicable law.

CityChicago

StateIL

CountryUnited States

Area of InterestInformation Technology

TypeFull Time - Regular

Job ID2026-24163

Business GroupCEO Group

DepartmentInformation Security