Apply on Employer Site

Consumers Energy · 1 day ago

Principal Security Engineer

Jackson, MI

Full-time

Hybrid

Senior Level, Lead/Staff

7+ years exp

Consumers Energy is Michigan’s largest energy provider, committed to delivering reliable, clean, and affordable energy. The Principal Security Engineer will support major security initiatives by architecting and implementing secure systems, leading incident response efforts, and mentoring teams to enhance the organization’s security posture.

Utilities

No H1B

Responsibilities

Conduct threat modeling and risk assessments to identify vulnerabilities, recommend mitigations, and design controls to address risks effectively

Lead and participate in complex incident response and problem solving efforts, coordinating across teams to analyze root causes, mitigate impacts, and implement long-term solutions

Develop and optimize security controls by implementing technologies and process changes to ensure business objectives are met in line with security requirements

Architect, implement, operate and maintain comprehensive security solutions for systems, networks, and applications, ensuring they are resilient to emerging threats

Evaluate and deploy security tools and platforms in at least one of the following Security domains Identity Services, Automation, Network Security Services, Security Engineering, Application Security and Penetration Testing, Vulnerability Management, to improve visibility, detection, and response capabilities across the organization

Engage, lead, and/or mentor other Security employees, including associate engineers and career engineers

Collaborate with cross-functional teams, including development, IT, and the business, to embed security best practices throughout the system lifecycle

Stay informed about emerging threats, vulnerabilities, and technologies, providing strategic recommendations to strengthen the organization's security posture

Automate security processes where possible, leveraging scripting and SOAR platforms to enhance efficiency and consistency in incident response and vulnerability management

Other non-essential duties as assigned or may be necessary

Qualification

Security ArchitecturesIncident ResponseVulnerability ManagementIdentity ServicesNetwork Security ServicesApplication SecurityPenetration TestingScripting LanguagesLeadershipCommunication SkillsTeamworkStrategic Thinking

Required

Bachelor's Degree in Cyber Security, Computer Science, or Information Technology and 7 - 10 years in Hands-on experience in Information Technology, cybersecurity, computer networks, or systems engineering, including 4–7 years of practical expertise with technologies such as: AAA Services, Active Directory, Application Control, Asset Discovery, Asset Discovery and Inventory Management, Azure AD, CI/CD Platforms, DDOS protection, DLP, Dynamic Application Security Testing (DAST), Email Security, Endpoint Detection and Response, Firewalls, IaC Security, Logging, Multifactor Technologies, NAC, Networking Protocols, Scripting Languages, Secure Code Analysis (SCA), Secure Development Practices, Security Assessment & Testing, Security Configuration Assessment (SCA), SOAR tools, SSO, Static Application Security Testing (SAST), Threat Intelligence, Vulnerability Scanning, VPN, Web Proxy

OR Associate's Degree in Cyber Security, Computer Science, or Information Technology and 9 - 12 years in Hands-on experience in Information Technology, cybersecurity, computer networks, or systems engineering, including 4–7 years of practical expertise with technologies such as: AAA Services, Active Directory, Application Control, Asset Discovery, Asset Discovery and Inventory Management, Azure AD, CI/CD Platforms, DDOS protection, DLP, Dynamic Application Security Testing (DAST), Email Security, Endpoint Detection and Response, Firewalls, IaC Security, Logging, Multifactor Technologies, NAC, Networking Protocols, Scripting Languages, Secure Code Analysis (SCA), Secure Development Practices, Security Assessment & Testing, Security Configuration Assessment (SCA), SOAR tools, SSO, Static Application Security Testing (SAST), Threat Intelligence, Vulnerability Scanning, VPN, Web Proxy

OR High School Diploma and 11 - 14 years in Hands-on experience in Information Technology, cybersecurity, computer networks, or systems engineering, including 4–7 years of practical expertise with technologies such as: AAA Services, Active Directory, Application Control, Asset Discovery, Asset Discovery and Inventory Management, Azure AD, CI/CD Platforms, DDOS protection, DLP, Dynamic Application Security Testing (DAST), Email Security, Endpoint Detection and Response, Firewalls, IaC Security, Logging, Multifactor Technologies, NAC, Networking Protocols, Scripting Languages, Secure Code Analysis (SCA), Secure Development Practices, Security Assessment & Testing, Security Configuration Assessment (SCA), SOAR tools, SSO, Static Application Security Testing (SAST), Threat Intelligence, Vulnerability Scanning, VPN, Web Proxy

Excellent written and verbal communication skills to influence technical and non-technical stakeholders

Strong leadership and mentoring abilities with a focus on team development

Demonstrates excellent teamwork and embodies the virtues of being humble, hungry, and people smart

Expert-level knowledge of security architectures, and defensive strategies

Subject matter expertise in at least one of the following Security domains Identity Services, Automation, Network Security Services, Security Engineering, Application Security and Penetration Testing, Vulnerability Management

Advanced troubleshooting skills with the ability to navigate complex systems and resolve critical issues efficiently

Strategic thinking and decision-making capabilities in high-pressure scenarios