Security Engineer

• Locations 5959 Rockside Woods Blvd N, Suite 600, Cleveland, OH, 44131, US (Hybrid)

The Security Operations Engineer is a hands‑on, technical role responsible for building, operating, and improving CBIZ’s security controls while actively responding to security events across our hybrid and cloud environments. This is not a passive monitoring or ticket‑routing position—this role owns problems end‑to‑end, drives investigations and fixes, and helps engineer a modern, resilient security stack.

Essential Functions and Primary Duties:

Security Operations & Incident Response

Actively investigate and respond to security alerts across SIEM, XDR, NDR, identity, email, endpoint, and cloud security tools.

Lead incident handling from triage through containment, eradication, recovery, and lessons learned.

Perform root‑cause analysis, validate remediation, and document findings and actions.

Participate in an on‑call rotation and after‑hours response as needed.

Security Engineering & Cloud Security

Configure, harden, and maintain security controls in:

Amazon Web Services (AWS)

Microsoft 365 security and compliance platforms

Engineer and operationalize controls for identity protection, email/phishing defenses, DLP, conditional access, and tenant security baselines.

Secure and monitor cloud workloads, identities, and data across hybrid and multi‑cloud environments.

Support and troubleshoot certificate‑based authentication and encryption using PKI.

Tune and refine detections for cloud, identity, and email‑borne threats.

Security Tooling, Automation & AI

Administer and tune core security platforms, including:

SIEM and log pipelines

Network security (URL/content filtering, zero‑trust access)

CASB and file‑based DLP

Identity and access management

Email security and DLP

Use scripting and automation (Power Shell, Python, Bash, SOAR workflows) to streamline investigations, orchestrate response actions, and reduce manual toil.

Help evaluate and responsibly use AI‑enabled security features to improve detection quality and analyst efficiency.

Execution, Documentation & Process Improvement

Take clear ownership of assigned tickets, projects, and initiatives through completion.

Balance reactive incidents work with proactive engineering, cleanup, and hardening activities.

Create and maintain operational documentation: runbooks, playbooks, SOPs, and KB articles that reflect how work is done.

Identify gaps, propose improvements, and help mature Sec Ops processes and coverage.

Partner closely with GRC, IT, Cloud, Networking, Systems, Endpoint, and Business teams to drive secure outcomes.

Communicate clearly and professionally during incidents and change work, including status, risk, and next steps.

Provide technical guidance and mentorship to analysts and peers where appropriate and elevate issues effectively.

Preferred Qualifications:

8+ years of experience in Information Security, Security Operations, or Security Engineering.

Proven, hands‑on experience with security investigations, incident response, and security control engineering.

Experience securing cloud environments (Azure and/or AWS) and operationalizing Microsoft 365 security capabilities (email protection, DLP, etc.).

Experience supporting or securing Azure Virtual Desktop (AVD).

Working knowledge of PKI and certificate‑based authentication/encryption.

Experience with Linux (CLI, logs, services) and strong Power Shell skills for administration and Sec Ops.

Solid understanding of core security concepts: networking, identity and access, endpoint and malware fundamentals, and common attack techniques.

Demonstrated ability to work independently, exercise sound judgment, and drive work to completion.
Strong scripting/automation skills (Power Shell, Python, Bash) and experience with SOAR or automated response.

Exposure to AI‑driven security tools or analytics.

Security certifications such as Security+, ISC2 CC/CISSP, or other relevant credentials.

Prior experience in a SOC or large enterprise security environment, and/or experience supporting mergers, integrations, or large‑scale security transformations.

Minimum Qualifications

• College Degree or equivalent
• 6 years related experience
• Expert technical knowledge
• Knowledge…