Lead Security Engineer, Identity & Cloud Controls

Lead Security Engineer, Identity & Cloud Controls Location: Beachwood, OH (Hybrid) Reports To: Director of IT We are seeking a highly experienced Lead Security Engineer to serve as the primary technical authority for security engineering, identity governance, and cloud control enforcement across our organization. This is a high-impact, senior role responsible for designing and implementing modern security controls in a cloud-first environment, while working in close partnership with a managed security provider (SEI Sphere) that oversees monitoring and response operations. Position Summary The Lead Security Engineer, Identity & Cloud Controls serves as the organization’s primary technical security authority, responsible for designing, implementing, and governing security controls across identity platforms, cloud services, and enterprise applications. Operating within a co-managed security model alongside SEI Sphere (MSSP), this role focuses on internal control design, enforcement, and integration—ensuring security policies are effectively translated into technical controls that are operational, measurable, and audit-ready. This position plays a critical role in strengthening identity governance, reducing unauthorized application risk, improving access control consistency, and enabling automation across the security ecosystem. Key Responsibilities Identity & Access Management (Primary Focus) Design and implement identity security controls across: Microsoft Entra ID (Azure AD) Okta CyberArk (Privileged Access Management) Develop and Maintain: Role-based access control (RBAC) models Conditional Access policies and MFA strategies Lead implementation and automation of: User lifecycle management (joiner/mover/leaver) Periodic access reviews and certifications Identify and remediate excessive permissions, orphaned accounts, and privilege escalation risks Cloud & Microsoft Security Platform Ownership Configure and optimize: Microsoft Defender (Endpoint, Office 365, Cloud Apps) Microsoft Purview (DLP, sensitivity labeling, data protection controls) Ensure alignment of identity, endpoint, and data protection policies Translate security policies into enforceable technical configurations Application Governance & Shadow IT Control Implement controls to detect and manage unauthorized applications and SaaS usage Govern third-party app access, including OAuth and API integrations Establish application onboarding and risk review processes Reduce shadow IT exposure while balancing business usability Security Automation & Integration Design and implement automated security processes using: PowerShell, Microsoft Graph API, and other automation tools Automate: Access provisioning and deprovisioning Policy enforcement and reporting Integrate security tools to ensure consistent control application across platforms MSSP (SEI Sphere) Integration & Oversight Serve as the primary internal technical liaison with SEI Sphere Ensure proper integration of identity, application, and cloud telemetry into MSSP monitoring Validate detection coverage, escalation processes, and response coordination Identify and remediate gaps between internal controls and MSSP visibility Compliance, Audit & Governance Translate SEC / FINRA regulatory requirements into technical controls Maintain control mappings and generate audit evidence Support internal and external audits, assessments, and regulatory reviews Contribute to vendor due diligence and technical risk evaluations Actively participate in the organization’s GRC Committee Security Architecture & Strategy Serve as the primary internal SME for security engineering and architecture decisions Contribute to long-term security strategy, including identity-first and Zero Trust initiatives Provide recommendations for platform improvements and future-state capabilities Why This Role Matters This role is critical to advancing our security maturity by focusing on what matters most: Identity and access control Application governance Control enforcement and automation Bridging internal security engineering with external security operations You’ll have the opportunity to shape the security architecture, influence strategy, and build scalable solutions that directly reduce risk across the organization. Work Environment Hybrid work model Direct collaboration with IT leadership and cross-functional teams High visibility role with impact across technology, compliance, and operations Required Qualifications 7–10+ years in cybersecurity engineering or architecture roles Deep hands‑on expertise with: Microsoft Entra ID (Azure AD), Conditional Access, identity governance Okta (SSO, federation, lifecycle management) Microsoft Defender suite and security ecosystem Proven experience implementing or managing: Privileged Access Management (CyberArk strongly preferred) Access control models and governance frameworks Strong scripting and automation skills (PowerShell required) Experience integrating security tools and platforms across cloud environments Familiarity with MSSP/SOC operating models Experience in regulated environments (FINRA, SEC, or equivalent) Ability to translate policy and regulatory requirements into technical control implementations Preferred Qualifications Experience with Microsoft Purview (DLP, labeling, insider risk) Experience with Defender for Cloud Apps or CASB technologies Familiarity with API‑based integrations and automation Background in financial services or highly regulated industries #J-18808-Ljbffr Stratos