Security Engineer II

Company Overview
SCS Global Services is a pioneer and leader in the field of sustainability standards and third-party certification, working across the economy in the natural resources, built environment, food and agriculture, consumer products, and climate sectors for over 40 years. As a Benefit Corporation, we are committed to socially and environmentally responsible business practices, and through the application of sound science, we are driving positive change.

Job Overview
The Security Engineer II is responsible for the design, implementation, and lifecycle ownership of assigned security controls across identity, infrastructure, network, workload, and data layers. This role operates with a high degree of autonomy in a small team environment, independently identifying gaps, proposing remediation plans with estimated effort and complexity, and executing approved work. The ideal candidate brings deep infrastructure engineering knowledge to ensure security solutions are practical, operationally sound, and aligned with business impact. This role represents a fully independent individual contributor position and is differentiated from Security Engineer I by its expectation for independent scoping, design level ownership of security control implementations, with minimal day to day oversight.

Essential Duties and Responsibilities

• Design and implement security control architectures and reference implementation patterns aligned with ISO 27001:2022 and related security frameworks (CIS, NIST CSF, MITRE ATT&CK), within established organizational standards
• Engineer and maintain assigned security controls across the following domains: Identity: Entra ID/Conditional Access/MFA/PAM, Endpoint: Intune/EDR/XDR (CrowdStrike), Workloads: Azure/AWS security/container security/CI/CD controls, Data: DLP/encryption/key management
• Develop, maintain, and operationalize security standards, baselines, and reference architectures in partnership with IT and application stakeholders
• Perform threat modeling (STRIDE) and risk assessments for new systems and material changes, translating findings into actionable security controls and remediation recommendations
• Lead security discovery and integration activities for new and existing environments, including current state assessment, gap analysis, and development of prioritized remediation plans
• Proactively identify security improvement opportunities, propose viable solutions, and execute approved work items to completion
• Integrate and optimize security tooling, including log source onboarding, alert tuning, and workflow automation
• Partner with Development and Application teams to embed security by design
• Support audit and compliance activities related to ISO 27001:2022, including evidence collection and control implementation validation

Minimum Qualifications

• Bachelor's Degree in computer science, information systems, or a related field, or equivalent work experience and
• 6+ years of IT Experience and
• 3+ years in an IT Security or Security Engineering role
• Strong practical knowledge of systems and infrastructure engineering (Windows/Linux fundamentals, networking, cloud architecture, identity, and common enterprise services) to make sound security recommendations and assess operational impact
• Proven ability to scope security improvements into actionable work items, estimate level of effort, and partner with infrastructure/application owners to drive implementation
• Cloud security experience (Azure preferred)
• Experience with scripting and infrastructure as code for security automation and control deployment (PowerShell, Terraform, ARM/Bicep) to implement at scale
• Experience with a MDR/vSOC provider and integrating EDR telemetry and incident workflows (CrowdStrike preferred)
• Strong understanding of Identity and Access Management (IAM) concepts and implementations
• Working knowledge of industry security frameworks and standards, including ISO 27001:2022 (preferred), NIST CSF, CIS Controls, and MITRE ATT&CK, and their application to security control design
• Demonstrated ownership mindset: able to work from broad direction, handle ambiguity, prioritize, and drive work to completion
• Practical experience implementing security controls within Azure/M365 environments
• Experience with SIEM platforms, including log onboarding, detection tuning, and workflow integration (Microsoft Sentinel preferred)
• Strong analytical skills with the ability to translate security and infrastructure risk into practical technical controls

Preferred Qualifications

• Microsoft Azure Security Engineer
• Microsoft Azure Administrator
• Microsoft Azure Architect
• Certified Cloud Security Professional (CCSP)

The above description is intended to describe the general nature and level of work being performed. It is not intended to be an exhaustive list of all responsibilities, duties, and skills required. Additional duties outside of normal responsibilities may be required from time to time as assigned.

Working Remotely
At this time, SCS Global Services is recruiting all open roles to be remote; allowing our employees the ability to work flexibly and allowing SCS as a company to diversify the experience and perspectives of our growing workforce. This role will be based out of your home office.

Estimated Annual Salary
$100,000 - $130,000

EEOC Statement
SCS provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. SCS complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.