Cybersecurity Engineer

Cybersecurity Engineer

Join Aprio's Information Technology team and you will help clients maximize their opportunities. Aprio is a progressive, fast-growing firm looking for a Cybersecurity Engineer to join their dynamic team.

Aprio's Cybersecurity Engineering team builds and operates the controls that protect the firm — identity, network segmentation, cloud security baselines, endpoint, monitoring, encryption, and vulnerability management. The Cybersecurity Engineer is the mid-tier individual contributor on that team: the engineer trusted to take a well-scoped project, run it end-to-end, and deliver a clean, documented, operational result. This role is hands-on and execution-focused, with a growing depth in one or two control domains and a clear path toward Senior Engineer.

This position supports U.S. Government engagements that may involve Controlled Unclassified Information (CUI) and requires access to export-controlled technical data. In accordance with CUI and U.S. export control regulations, this position is limited to 'U.S. persons' (including U.S. citizens, lawful permanent residents, and certain protected individuals) as defined in 22 C.F.R. § 120.62. These requirements are only tied to this specific job posting. We are an equal opportunity employer and all Aprio employment decisions are made in accordance with applicable laws.

What You'll Do

• You will own small-to-medium engineering projects end-to-end, configure and operate control sets without direct oversight, and partner closely with Senior and Principal engineers on the larger initiatives that cross multiple domains.
• You're the engineer who can pick up a control implementation, deliver it, document it, and hand it off cleanly to operations.
• You'll start to grow real depth in a domain you care about — identity, endpoint, vulnerability, cloud security, or logging — and you'll be a working partner to Associate engineers on day-to-day execution.

Key Responsibilities

• Project ownership : Take small-to-medium engineering projects end-to-end — scoping, design partnership with a Senior, build, test, deploy, document, and hand off to operations. Deliver them on time without surprises.
• Control implementation and operation: Configure and operate security controls across identity, network, cloud, endpoint, logging/monitoring, encryption/key management, and vulnerability management. Execute against approved patterns and standards.
• Domain depth : Develop deepening expertise in at least one control domain (e.g., endpoint, identity, vulnerability management, cloud security, IAM, monitoring). Become a real go-to on that domain for the team.
• Vulnerability and patch operations : Run vulnerability and patch workflows — scan, prioritize, remediate, validate. Track remediation against SLA and close the loop.
• Change support : Participate in change reviews, assess security impact for in-scope systems, implement approved changes, and validate post-change posture.
• Evidence and documentation : Produce clean operational documentation — runbooks, change records, evidence artifacts — that holds up under audit and peer review.
• Detection and response support : Partner with the SOC and Detection Engineering on logging coverage, telemetry quality, and the engineering pieces of response (access tooling, isolation capabilities, evidence capture).
• Associate mentorship : Pair with Associate engineers on day-to-day execution. Review their tickets, walk them through the toolset, and grow them toward independence.
• Automation and tooling : Contribute scripts and automation to reduce manual toil (validation checks, evidence collection, repeatable deployments) under the guidance of Senior+ engineers.

What Success Looks Like

First 30–60 days : Tooling and tenant familiarity is complete. You're executing standard tasks (access requests, configuration changes, vuln workflows, evidence collection) on your own and logging clean work.

By 90 days : You've owned at least one small-to-medium project end-to-end — a vulnerability project, a hardening change, a logging coverage gap, or a tool configuration — and the result is documented, evidenced, and handed off cleanly.

By 6–12 months : You're the go-to on at least one domain, you're trusted to execute approved patterns without close oversight, Associate engineers are routinely paired with you, and you're a working partner on at least one cross-team initiative led by a Senior or Principal engineer.

Required Qualifications

• 3+ years in security engineering, cloud engineering, or security operations with hands-on responsibility for implementing controls.
• Strong fundamentals in at least one of: identity and access management, network segmentation, vulnerability management, cloud security, endpoint security, centralized logging.
• Experience with at least one major cloud platform (Azure, AWS, GCP) in an engineering capacity.
• Comfortable executing vulnerability and patch workflows (scan, prioritize, remediate, validate).
• Ability to write clear operational documentation — runbooks, evidence artifacts, change records.
• Strong collaboration skills across Security, IT, and delivery teams.
• Comfortable mentoring Associate Engineers on day-to-day work

Preferred Qualifications

• Regulated-environment exposure (CMMC, NIST 800-171, FedRAMP-aligned, SOC 2, ISO 27001).
• Scripting / automation experience (Python, PowerShell, Bash); infrastructure-as-code familiarity a plus.
• Security certifications (Security+, SSCP, GSEC, AZ-500, AWS Security Specialty, or cloud/security engineering equivalents).
• Familiarity with incident-response procedures and evidence handling.
• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or related field — or equivalent applicable years of experience

$80,000 - $90,000 a year The salary range for this opportunity is stated above. As such, an actual salary may fall closer to one or the other end of the range, and in certain circumstances, may wind up being outside of the listed salary range.

The application window is anticipated to close on July 27th and may be extended as needed.

Why work for Aprio:

Whether you are just starting out, looking to advance into management or searching for your next leadership role, Aprio offers an opportunity to grow with a future-focused, innovative firm.

Perks/Benefits we offer for full-time team members:

• Medical, Dental, and Vision Insurance on the first day of employment
• Flexible Spending Account and Dependent Care Account
• 401k with Profit Sharing
• 9+ holidays and discretionary time off structure
• Parental Leave – coverage for both primary and secondary caregivers
• Tuition Assistance Program and CPA support program with cash incentive upon completion
• Discretionary incentive compensation based on firm, group and individual performance
• Incentive compensation related to origination of new client sales
• Top rated wellness program
• Flexible working environment including remote and hybrid options

What's in it for you:

Working with an industry leader : Be part of a high-growth firm that is passionate for what's next.

An awesome culture: Thirty-one fundamental behaviors guide our culture every day ensuring we always deliver an exceptional team-member and client experience. We call it the Aprio Way. This shared mindset creates lasting relationships between team members and with clients.

A great team: Work with a high-energy, passionate, caring and ambitious team of professionals in a collaborative culture.

Entrepreneurship : Have the freedom to innovate and bring your ideas to help us grow to become the CPA firm of choice nationally.

Growth opportunities : Grow professionally in an environment that fosters continuous learning and advancement.

Competitive compensation : You will be rewarded with competitive compensation, industry-leading benefits and a flexible work environment to enjoy work/life balance.